'Phishing' email attacks
You may have received a number of e-mails from the College over the past weeks warning you about 'Phishing'.
Phishing is a fraudulent attempt to acquire information such as usernames, passwords and credit card details, by sending an e-mail which pretends to be from a reputable source. You will probably have seen many such e-mails pretending to be from PayPal or a bank, but recently there have been a number which claim to come from Goldsmiths IT Services. The e-mails usually imply that there has been some kind of system fault or upgrade, and ask you to confirm your user details, either by clicking on a link, or simply by replying to the e-mail. For example:
|
Subject: Goldsmiths Web Services Quota Warning! Your mailbox is getting close to quota. If your mailbox exceeds the quota limit, there is no room for additional mail and all new messages will bounce back to the sender. In addition to the default allocations everyone has the ability to increase their email quota free, in increments of 10 GB. To have your Goldsmiths, University quota increased You Must click on the link bellow or copy and paste on your browser and enter your valid account details as requested in the form. A fraudulent link appears here (Do not click it) You will be sent an account activation code in next seven (7) Working days after undergoing this process for security reasons. |
Subject: CONFIRM YOUR GOLD.AC.UK EMAIL ACCOUNT IMMEDIATELY!!! Date: Wed, 16 Apr 2008 17:15:32 -0500 From: GOLD.AC.UK TEAM cusomercare@gold.ac.uk To: f.bloggs@gold.ac.uk Dear GOLD.AC.UK Subscriber, To verify your GOLD.AC.UK account, you must reply to this email immediately and enter your password here (*********) Failure to do this will immediately render your email address deactivated from our database. You can also confirm your email address by logging into your GOLD.AC.UK account at http://webmail.gold.ac.uk Thank you for using GOLD.AC.UK ! THE GOLD.AC.UK TEAM |
When the phishers have your username and password, they use and abuse your account at will. This includes reading your e-mail and any of your documents, as well as attacking the College's servers from the inside. They also immediately send enormous amounts of spam from your account. Quite apart from the massive load on our mail servers, this results in the College becoming blacklisted so that e-mail from all Goldsmiths users is refused by other universities and Internet Service Providers (ISPs). It can take weeks to get the College removed from these blacklists.
Phishing attacks are very serious. Once your username and password is known, if you have access to confidential material, examination material, payroll details, personal details, then so does the phisher. If personal material is altered, or even simply read by an unauthorised person, then the College is in breach of the Data Protection Act.
It is worth thinking about any e-mails that request any details from you. Ask yourself, Do I have an account with that company? Is this the registered e-mail address for this account?
We will ask that you never reply to these e-mails. IT Services will *never* ask you for your password via e-mail.