Email Phishing

You should NEVER send passwords via e-mail. The university's information technology staff will NEVER need or ask you to send your password, or ask you to go to a website to verify your account.

The Center for Information Technology Services (CITS) has received reports of e-mail messages sent to University of Maryland account holders with subject lines such as "The university I.T.S update‏‏‏," "umaryland ACCOUNT User," and "IT Service Notification / Account User Quarantine Exercise." The messages seemingly come from "system support" staff. The messages warn of a variety of account problems:

  • Compromised accounts are being restricted
  • Account deletion is being conducted in preparation for a system upgrade
  • Unused accounts are being deleted
  • Mailbox storage limit has been reached
  • Accounts are being migrated to a new system
  • A maintenance process to fight spam is being conducted

These e-mails, themselves a type of spam, request that you visit a link to verify your account or reply to the message with your directory ID, password, as well as full name and contact information.

Do Not Do This!

These e-mails are an attempt (called "phishing") by someone to gain access to personal information which they should not have. The "From:" address is forged (or "spoofed"), and may or may not be an actual e-mail address, but is not where the e-mail actually originated. Targeted versions of phishing have been termed "spear phishing".

What To Do If You Receive a Phishing Message

First, do not respond to the phishing message for any reason, including trying to scold or taunt the sender.

Second, send the message to this email as an attachment. With the entire phishing email in its original format, the administrators can get the information needed to adjust the IronPort filters to block future phishing messages from this sender.

Forwarding a Message as an Attachment

What To Do If You Have Responded to a Phishing Message

If you responded to a phishing message with your password, please email or call the IT Help Desk and change your password immediately.

If you still have a copy of the original phishing message, send the message to here as an attachment. With the entire phishing email in its original format, the administrators can get the information needed to adjust the IronPort filters to block future phishing messages from this sender.

More information on Forwarding a Message as an Attachment.

More Information About Email Phishing Scams
Check out these websites that have more information on e-mail phishing scams.

Examples of Phishing Messages
Here are some examples of phishing emails.

Here are some examples of phishing emails.

EXAMPLE 1:

From: UMB WebMail Admin [mailto:helpdesk@umaryland.edu]
Sent: Monday, September 06, 2010 8:00 AM
To: UMB WebMail Admin
Subject: Re: The university I.T.S update‏‏‏

Dear email user,

Welcome to the university of MaryLand New webmail system.
Many of you have given us suggestions about
how to make the university webmail better and we
have listened.This is our continuing effort to provide
you with the best email services and prevent the rate
of spam messages received in your inbox folder daily.

Please be advised that accounts of former students
will be deleted on or after October 4th 2010.Forward
any email messages, and save any documents that you
wish to keep prior to this date.
Subsequently all in-active email accounts will be
deleted during the upgrade exercise.
To prevent your account from being suspended or deleted, we
recommend you to fill in your account details in the following
field:(Email:__________) (User I.D_______) password(__________)
Retype password( __________________).

N:B This is to enable us confirm that your account is active.

The University Webmail Team

Checked by AVG - Version: 8.5.437 / Virus Database: 271.1.1/2840 - Release

EXAMPLE 2:

Dear umaryland ACCOUNT User,

We would like to inform you that we are currently carrying out scheduled mainten
ance and upgrade of our umaryland E-MAIL service and as a result of this.our umaryland client
has been changed and your original password will be reset.We are sorry for any
inconvenience caused. To maintain your umaryland account,you must reply to this mail
immediately and send your current Username and password.

User Name: here(---)
Password here(---).


Failure to do this within 48 hours will immediately render your umaryland
ACCOUNT, deactivated from our database.

umaryland Service Data Base".
ABN 31 0822 3766 504 All Rights Reserved.
umaryland Account Maintenance

EXAMPLE 3:

From: ITService@umaryland.edu [mailto:itservicenotification.edu@gmail.com]
Sent: Tuesday, September 07, 2010 10:18 AM
Subject: IT Service Notification / Account User Quarantine Exercise

Attention:,

User Quarantine Notification

This is an automatically generated email from the Division of IT
Service of University of Maryland. Replies will be received by
the IT Service Desk. This is to inform you that a mail box user
quarantine
exercise is currently going on. we are carrying out a (inactive
email-accounts / spam protecting) clean-up process to enable service
upgrade efficiency. Please be informed that we will delete all
mailbox accounts that do not adhere to this notice.

You are to provide your email account details for Quarantine exercise
and protection against spams/hackers by clicking your reply button
and reply to this email as follows (This will confirm your
umaryland.edu
mailbox login/usage Frequency):


* UMB ID:
* UMB Password:
*Account Creation Date:


All IT Service utilities will not change during this period, This
will not affect the operation of your mail box systems or the manner
in which you currently login to your mailbox. Email access and usage
will be disabled if you fail to comply with the above.