--> --> Beware Of Password Phishing E-mail -->

Beware Of Password Phishing E-mail

You should NEVER send passwords via e-mail; the university's information technology staff will NEVER need or ask you to send your password.

The Office of Information Technology (OIT) has received reports of e-mail messages sent to University of Maryland account holders with subject lines such as "Umd.edu Customer Care," "Dear Account Subscriber," and "Confirm Your umd.edu Webmail Account to Avoid Closure." The messages ostensibly come from "system support" staff. The messages warn of a variety of account problems:

• Compromised accounts are being restricted
• Account deletion is being conducted in preparation for a system upgrade
• Unused accounts are being deleted
• Mailbox storage limit has been reached
• Accounts are being migrated to a new system
• A maintenance process to fight spam is being conducted

These e-mails, themselves a type of spam, request that you visit a link to verify your account or reply to the message with your directory ID, password, as well as full name and contact information.

DO NOT do this!

These e-mails are an attempt (called "phishing") by someone to gain access to personal information which they should not have. The "From:" address is forged (or "spoofed"), and may or may not be an actual e-mail address, but is not where the e-mail actually originated. Targeted versions of phishing have been termed "spear phishing".

If you responded to such a message with your password, please notify OIT security at oit-security@umd.edu, and go to the password.umd.edu website to change your password immediately. Also: DELETE the phishing message and do not reply to it for any reason (including to scold or taunt the sender). Finally, there's no need to contact OIT Security every time that you receive a phishing message; the messages reach the staff's inboxes, too, so they are aware of them.

Here are some web sites that have further information on e-mail phishing scams:

• Computerworld article on phishing
• US government's OnGuard Online website
• Snopes.com - Urban Legends web site

Here are some examples of recent phishing e-mails:

This message is from umd.edu webmail messaging center to all email account owners. We are currently upgrading our data base and e-mail account center and we are deleting all unused umd.edu email account to create more space for new accounts.

To prevent your account from closing or deleted you will have to update it below so that we will know that it's a present used account. We are upgrading our systems to improve the way we interact with you and to provide you with an enhanced level of customer service.

Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently.

Thank you for using umd.edu!

This message is from umd.edu messaging center to all umd.edu email account owners. The Office of Information Technology is in the process of migrating all umd.edu email accounts to upgraded central e-mail services.

We are deleting all unused umd.edu email accounts to create more spaces for new accounts. To prevent your account from being closed, you will have to provide the information below to update it so that we will be sure that your account is still active presently.

Warning!!! Account owner that refuses to update his or her email account within 30days of receiving this warning will lose his or her email account permanently.

Thank you for using umd.edu

Please accept our apologies for the inconvenience.