|
The Office of Information Technology (OIT) has become aware of mailings
some portion of the University of Maryland population has received,
ostensibly from system support staff, with subjects such as "Confirm
Your E-mail Address" and "DATABASE UPGRADE". These e-mails
ask for you to send your Directory ID and password via e-mail. DO
NOT do this!
These spam e-mails are an attempt (called
"phishing") by someone to gain access to personal information
which they should not have. The "From:" address is forged
(or
"spoofed"), and may or may not be an actual e-mail address,
but is not where the e-mail actually originated. Targeted versions of
phishing have been termed "spear phishing".
Some of the information that has been requested in various of these
e-mails is
your UM ID number (which at many universities is still your social security
number), e-mail address and password, and/or Directory ID and password
combinations. You should NEVER send passwords via e-mail, system
support staff will never need or ask you to send your password.
Here is a note from the OIT Security Office on this matter:
Please remind your users that they will never receive a legitimate
e-mail message asking for their university userid and password. We have
heard several reports today indicating that some campus users are
receiving such a message from "Umd Support Team". This message is
obviously not from OIT. Thanks to those who have forwarded copies to OIT
Security. We have sufficient samples at this time.
If someone does response to that message with their password, they should
go to the password.umd.edu website and change their password
immediately.
Here are some examples of recent phishing e-mails:
Here are some web sites that have further information on e-mail phishing
scams:
|
