October 8, 2009
A sophisticated and aggressive phishing attempt (email scam) is currently circulating Cornell, trying to trick people into giving away their NetID and password. In a new twist, this phish also asks that the recipient forward the message to other Cornellians. Like most phish attempts, this phish promises all sorts of negative consequences for not disclosing your credentials to a site purported to be affiliated with Cornell.
The primary concern is that the link in the phish goes to a page that's a very good replica of CUWebLogin, Cornell’s authentication tool, in which people are used to typing their NetID and password. As scammers get more sophisticated, phish attempts are increasingly targeted to audiences. Another recent phish attempt seen at Cornell purports to be a security response to a previous phish attempt.
When someone sends unsolicited email asking for personal information or to verify that an email address is active, that’s a phish. They are “fishing” for information. Don’t respond, don’t click on the links, and don’t forward the message!
NEVER provide your:
Even if it looks like the request came from Cornell – we would never ask!
If you think you may have fallen for a NetID theft scam, change you password and reset your security questions immediately at netid.cornell.edu.
For more about computer security at Cornell, including information about NetID theft, how to spot it, and what to do if it happens to you, see http://cit.cornell.edu/security/safety/index.cfm.
The scam emails currently circulating at Cornell look like this:
****
From: "Web Support Team." <no_reply@cornell.edu>
Date: September 28, 2009 2:34:00 PM EDT
To: XXXXXX
Subject: Email Alert From Cornell University.
Reply-To: <no_reply@cornell.edu>
Dear Cornell University Email Account Holder,
This e-mail is to inform you that your account will be suspended within 48 hours due to your Account Inactivity. You will have to confirm certain Account Information in order to continue your account subscription.
<http://cornellonline.co.cc> Verify My Account Information
You can help us provide you with the most relevant information by taking a moment to tell us your e-mail preferences.
And of course you can unsubscribe at any time.
Remember, Cornell University is committed to your security and protection. To find out more, take a look at our Information Security section under Privacy and Security on the Web site
Note:-
Please, Forward this Email Alert to up to 10 Other Cornell University Email Account Holders and your Account Will be Accredited with Extra Benefits and Features.
Thank You.
********
Reply-To: <no-reply@helpdesk.com
From: HelpDesk <someone@somesite>
Subject: Security Alert!
Date: Tue, 29 Sep 2009 05:04:59 +0200
Due To Recent Spam Attacks On Our Webmail System, You Are Required To Validate Your Webmail Account By Clicking The Link Below And Confirming Your Account Information.
http://form268.9hz.com/
Failure To Validate Your Webmail Account Will Result To Limited Access To It.
) HelpDesk
------ End of Forwarded Message
