SMU’s Office of Information Technology (OIT) discovered a new e-mail phishing attempt that was sent to several University community memmbers over the weekend of June 5-7, 2009.
Phishing is a common form of e-mail fraud in which perpetrators attempt to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity such as a popular social website, auction site, online payment processor or IT administrator. Phishing e-mails often direct users to enter details at a fake website designed to look and feel almost exactly like the legitimate one.
OIT sent out the following information on June 8:
Several individuals received an e-mail this weekend indicating their webmail quota had been reached. The message asked individuals to send their email address, password, country and name to a non SMU email address. Please do not respond with your credentials. This was a phishing attempt and did not come from SMU. Remember, we will never ask you to provide your credentials. Please do not respond to any e-mail asking for your login information no matter how valid the email appears to be.
If you responded to the email, please go to the Online Password Reset tool and reset your password immediately (smu.edu/password).
The e-mail contained the following characteristics indicating it was a phishing attempt:
- In some cases, the From address is not an SMU address. Some messages were sent (in which) the From address was spoofed. However, most of these were trapped by the spam filter.
- The To field was actually blank, indicating it was blind-copied (BCC) rather than addressed directly to an individual.
- The e-mail requests that you send your credentials – and requests that you send them to a non-SMU e-mail address.
OIT is taking action to block any new responses to those addresses and to reduce the risk of this type of message making it through to your mailbox in the future.
If you have any additional questions or need assistance, please contact the OIT Help Desk at 8-4357.