IT on Campus

• Access to Campus IT Systems
• Advisory Groups
• Campus Projects
• Events
• IT Strategic Plan
• News
• Training

Watch out for new phishing scam

Friday, October 03, 2008

A classic “phishing” scam has caused considerable problems for the campus. Sent to thousands of email addresses, the message warned recipients that if they did not provide their username, password, address and department, their email account would be shut down permanently.
Most of those receiving the email realized that it was a scam. Of the 76 people at UW-Madison who replied to it, 18 divulged their password and NetID. DoIT caught on to the scam before the perpetrators were able to undertake any significant malicious activity, thanks to the vigilance of IT security people who take their responsibilities very seriously. Those who fell for the scam had their accounts frozen, and they changed their passwords very quickly.

This scam could have been devastating if it had gone undetected. If one of the people responding to the phishing scam was in a Human Resources role, he or she could have provided access to the Social Security numbers of every employee at the UW-Madison. If one of those responding to the scam was in a Financial Aid office, the criminals could have gained access to Social Security numbers and financial information for all students.

Here is the text of this most recent phishing emal:

***************************
Attention: University of Wisconsin Email User

WE are upgrading generally without shutting down the old Server (NT06717) to a new and better Server (NT21766), hence the reason for the request and notification.
We apologize for any inconvenience this will cause our respected email users.
You are to fill the details below to enable us upgrade and verify from the old server.
It is secure and safe and you can change your information 72 hours after you receive email from us of confirmation.
FILL THE DETAILS BELOW OR ANYWHERE IN THE MAIL

  Username        :
  Password        :
  Address         :
  Department      :

Attention!!! Account owner that does not update his or her account within a given period of time after receiving this Notification will lose his or her account permanently.
  Thank you for using University of Wisconsin Email.
  Notification Code: BC1G43TRJ
  Sarah Williams
  HelpDesk
***************************

Please tell your coworkers and fellow students that no legitimate organization or individual will ever (ever!) ask them to provide user IDs, passwords, account numbers, etc., in any email.

 For more information on protecting yourself and your computer, see: http://www.cio.wisc.edu/security/