Quick Links

Phishing attack on McGill email

News

Published: 24 Mar 2010

Please take note that several fraudulent emails are currently circulating requesting that you provide your McGill credentials. Always be cautious before providing your McGill username and McGill password to any entity, including internal and external requests.

Do not provide your McGill username and McGill password in an email or attempt to register to an external web site with your McGill credentials. Forward suspicious emails to the ICS Service Desk and do not reply under any circumstances to the sender. For more information about phishing scams and how to protect yourself, please visit the IT Knowledge Base.

Recent spear phishing scams (see below for examples) may have led to McGill email accounts being compromised. This is suspected as a contributing factor to outgoing mail delays in the last week.

Sample phishing scam emails:


To: info [at] webmailheldesk [dot] com
Subject: System Administrator

Your mailbox has exceeded the storage limit which is 20GB as set by your administrator,you are currently running on 20.9GB,you may not be able to send or receive new mail until you re-validate your mailbox. To re-validate your mailboxplease CLICK HERE <http://larino.freehostia.com/use/verifys/form1.html>

Thanks


From: support [at] mcgill [dot] ca
Subject: Mcgill Account Owner
Body:

Mcgill Account Owner

Due to junk alert messages we are conducting a maintained exercise. To complete your account verification process, you are to reply to thismessage and enter your ID and PASSWORD in the space provided below, you are required to do this before the next 48 hours of receipt of this e-mail, or your email account will be de-activated and erased from our database.

Full Name:
User ID:
Password:

Thank you for your understanding.
Webmail Mcgill Support Help Team
2010 Copyright Network Webmail

Source Site: /it
Classified as: