Security Alerts
June 15, 2009
Increased Phishing Scare
There have been several complaints about a new phishing attack. These emails currently are not being labeled as spam. Here is an example of what these emails look like:
***BEGINNING PHISHING SAMPLE***
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AnkHAGKKNErOL8cR/2dsb2JhbACBT5YkqnQYCAONX4IdHwgEgTEFiFuBAw
X-Mailer: Openwave WebEngine, version 2.8.10 (webedge20-101-191-20030113)
X-Originating-IP: [41.191.108.130]
From: stanford.edu <skavanagh@ns.sympatico.ca>
Reply-To: upgradteam0909@walla.com
Organization: stanford.edu
To: <user@stanford.edu>
Subject: Warning Notice!!!
Date: Sun, 14 Jun 2009 9:31:33 -0400
A DGTFX virus has been detected in your folders
Your email account has to be upgraded to our new
Secured DGTFX anti-virus 2009 version to prevent
damages to our webmail log and your important
files.
Click your reply tab, Fill the columns below and
send back or your email account will terminated
immediately to avoid spread of the virus.
SUNet ID:
PASSWORD:
PHONE NUMBER:
DATE OF BIRTH:
webmail.stanford.edu - Webmail Technical Team
Note that your password will be encrypted with
1024-bit RSA keys for your password safety.
***END PHISHING SAMPLE***
This email is NOT from Stanford IT Services. You will NEVER be asked to send your SUNet ID or any other Restricted or Prohibited information via email. This is also true for any bank accounts or credit card accounts. The Bank or Credit Card company will never ask you to send this kind of information via email.
Also do not click on www links listed in an email you suspect might be a phishing attempt. Even if they look like they go to the right place it is very easy to make bogus www addresses that look correct. Manually enter the address of your bank or credit card provider and navigate their web site to find what you need.
If you receive an email that you are unsure of feel free to forward it to the Information Security Office at security@stanford.edu and we will verify it for you. If you see any emails like the sample above you can be certain they are phishing and simply delete them.
Sincerely
Paul Keser
---
Paul Keser
Information Security Office
Stanford University
650.723.2911
Last
modifiedMonday, 15-Jun-2009 11:24:52 AM