|
The Office of Information Technology (OIT) has become aware of mailings
some portion of the University of Maryland population have received,
ostensibly from system support staff, with subjects like "Confirm
Your E-mail Address" and "DATABASE UPGRADE". The mails ask
for you to send your Directory ID and password via e-mail. DO NOT
do this!
These spam e-mails are a an attempt (called
"phishing") by someone to gain access to personal information
which they should not have. The "From:" address is forged
(or
"spoofed"), and may or may not be an actual e-mail address,
but is not where the e-mail actually originated. Targeted versions of
phishing have been termed "spear phishing".
Some of the information which has been requested in various such e-mail are
your UM ID number (which at many universities is still your social security
number), e-mail address and password, and/or Directory ID and password
combinations. You should NEVER send passwords via e-mail, and system
support staff will never need or ask you to send your password.
Here is a note from the OIT Security Office on this matter:
From the OIT Security Office:
Please remind your users that they will never receive a legitimate
e-mail message asking for their university userid and password. We have
heard several reports today indicating that some campus users are
receiving such a message from "Umd Support Team". This message is
obviously not from OIT. Thanks to those who have forwarded copies to OIT
Security. We have sufficient samples at this time.
If someone does response to that message with their password, they should
go to the password.umd.edu website and change their password immediately.
Here are some examples of recent phishing e-mails:
Here are some web sites which have further information on e-mail phishing
scams:
|
