Quick Info DoIT Home Forms Forwarding your e-mail Help Desk Service Request Internet Account Request Password Change Server Maintenance Schedule Technical Support Documentation

Phishing Scam Targets Universities

Universities all over the world, including SF State, are being targeted in the latest spear phishing scam e-mails.

Phishing is an illegitimate attempt to trick people to reveal sensitive information, such as passwords, birthdates, and credit card or bank account numbers, by impersonating as someone trustworthy. Spear phishing is a highly targeted type of phishing typically directed at a particular institution.

This latest round of phishing e-mails claim to be sent from the university's e-mail administrators, requesting verification of e-mail accounts. Messages have subjects like 'UPGRADE YOUR EMAIL ACCOUNT', 'VERIFY YOUR SFSU.EDU EMAIL ACCOUNT NOW', 'Email Account Verification', 'Your Email' or 'Account Review'. New variations of these subjects are expected.

SF State will never ask for you to send sensitive information over e-mail. Never send sensitive information over e-mail; e-mail is not a secure form of communication.

If you receive an e-mail you are not sure about -- don't reply -- forward the e-mail to: abuse@sfsu.edu

If you have any questions, please contact the Division of Information Technology Help Desk: helpdesk@sfsu.edu

A Sample Message

From: sfsu.edu Team [mailto:nagajcm@cbn.net.id]
Sent: Friday, February 29, 2008 8:50 PM
Subject: VERIFY YOUR SFSU.EDU EMAIL ACCOUNT NOW





Dear sfsu.edu  Email Account Owner,

This message is from sfsu.edu messaging center to all sfsu.edu email
account owners. We are currently upgrading our data base and e-mail
account center. We are deleting all unused sfsu.edu email account to
create more space for new accounts.
 
To prevent your account from closing you will have to update it below
so that we will know that it's a present used account.

CONFIRM YOUR EMAIL IDENTITY BELOW

Email Username : .......... .....
EMAIL Password : ................
Date of Birth : .................
Country or Territory : ..........

Warning!!! Account owner that refuses to update his or her account
within Seven days of receiving this warning will lose his or her account
permanently.
 
Thank you for using sfsu.edu!
Warning Code:VX2G99AAJ

Thanks,
sfsu.edu Team
sfsu.edu BETA "

sfsu.edu@live.com

For More Information

- More information about phishing and how to protect yourself

Universities in the US being targeted in a Spear Phishing attack - http://isc.sans.org/diary.html?storyid=3917

Spear Phishing - Highly Targeted Scams - http://www.microsoft.com/protect/yourself/phishing/spear.mspx

National Consumers League and National Cyber Security Alliance Phishing and Pharming Tips http://www.staysafeonline.org/basics/pharming_tips.html

---

Site Home | What We Do | Help Desk | Account Services | Software | Hardware | Network
Telephone Services | Training | Computer Labs | Web Publishing | Policies | Sitemap | Contact Us

---

Last Modified: 1 Mar 2008
doit@sfsu.edu