April 16, 2014

Email Phishing Scam

Have you ever received an email from Empire State College IT support asking you to provide your username and password?  Several Empire State College staff received the following letter:

Dear Empire State College Webmail User,

This message is from IT Helpdesk to our email Users. We are upgrading to a new email version to help increase the storage megabyte and are therefore deleting all unused email account as a result of the non-existence of users. 

Also be informed of the serious technical difficulty at hand. Our Webmail Database that records your webmail data and profile has just been contrasted by a serious circulating internet virus. As a result we are upgrading to a new email version to help increase the storage megabyte and are therefore deleting  all unused email account as a result of the non-existence of users.

To confirm the your account is currently in use and to integrate the recent maintenance carried out in e-mail system and also help in resetting your space in our database,erase the virus circulating our webmail and confirm your email is still in use to avoid deletion, Reply back with the information as required  below;

Username/User ID:...
Password: ...
Re confirm Password:....
Email:.......

Warning! Webmail owner that refuses to update their account by providing the requested details above  after reading this mail will loose his / her account permanently.

Account Alert Code: X3XX00178SU

IT Helpdesk
Empire State College

These emails are always fraudulent.  They are known as "phishing" emails.  As in the email above some even appear to be from the Empire State College IT Services.  Frequently, the emails claim that your email account will be deleted or closed if you do not respond.  The email may ask you to respond directly to disclose your username and password (and perhaps other personal information), or it may provide a clickable link to a website which may ask the same.  These emails may look authentic at first glance, but a closer look (particularly at the sender's email address) will show that they have not been sent by the college. 

What could happen if you responded to a phishing email?

Once your username and password have been obtained by a hacker, they could do any of the following:

  • read or delete your email
  • use your email account to send out spam,  fraudulent or phishing emails in your name
  • delete or modify your contacts (address books)
  • do almost anything else that you can do using your username and password.

How to protect yourself

  1. Be suspicious of any email with requests for personal information.
  2. Never respond to an email requesting your password.
  3. If you think you have responded to a phishing email, change your password immediately and contact the technology help desk.
  4. Keep your password private. The only person who should know your password is you.
  5. Call the technology help desk at 800-847-3000, ext. 2420 or submit a technology support request to make them aware of this phishing attempt.