August 16, 2011
Protecting Your Email Account

We've recently seen some emails sent to ISU Extension staff that look like:

==
From: [actual person's email]
Sent: Friday, August 12, 2011 1:14 AM
To: info@notice.com
Subject: YOUR MAILBOX IS ALMOST FULL

Dear Customer,

Click the Link below to re-validate your mailbox.

CLICK HERE: [where this is actually a link]

For Futher Explanation.
Thanks.
System Administrator
[non-legitimate person's name]

==

There are two things that might make this look like a legitimate email.

  1. The address in the From: line actually belongs to an university staff person.
    • However, the person is not with either Extension IT or University IT Services
    • This person's email has probably been compromised
  2. It is apparently signed by an actual person with a specific title
    • However, this person is not actually an ISU employee

However, there are more things that tell you this is NOT a legitimate email

  1. The link which the email insists you MUST go to is simply listed as 'CLICK HERE.' If you were to highlight that link (I've removed it here) you would see that it did NOT go to an ISU site, but to a site designed to capture your password. You should NEVER change your ISU password except by going directly to https://asw.iastate.edu or through your regular computer by clicking Ctrl-Alt-Del and selecting 'Change a Password'.
  2. The address in the To: line is NOT your address. In addition, it's a non-ISU address.
  3. ISU's IT Services will never ask you to re-validate your email, send your password through email, or enter your password on a non-ISU website.
  4. The person whose name is in the signature is not listed in the ISU directory and no contact information is provided.

Some phishing scams are more clever than others. If someone is emailing you telling you to change your password and you can't tell if it's legitimate (remember neither ISU Extension or university IT Services will ask for your password via email), you can always contact the Computer Support Hotline at 515-294-1725 or via email at eithotline@iastate.edu.

If you believe you've responded to a phishing scam, change your password immediately. You can do this by going to https://asw.iastate.edu, logging in, and select 'Change Password'. Or, on a Windows machine connected to the IASTATE domain, press Ctrl-Alt-Del and select 'Change a Password'.

Posted by dcoates at 10:51 AM