The Center for Information Technology Services has received reports of email messages sent to University of Maryland account holders that look very official and are created to get the account holder to give up personal information. The messages warn of a variety of account problems.
Suspicious Email Messages
- Compromised accounts are being restricted
- Account deletion is being conducted in preparation for a system upgrade
- Unused accounts are being deleted
- Mailbox storage limit has been reached
- Accounts are being migrated to a new system
- A maintenance process to fight spam is being conducted
- An urgent request from a supervisor or manager to transfer a large sum of money immediately
These emails, themselves a type of spam, request that you visit a link to verify your account or reply to the message with your directory ID, password, as well as full name and contact information.
DO NOT DO THIS!
These emails are an attempt (called “phishing”) by someone to gain access to personal information, which they should not have. The “From” address is forged (or “spoofed”), and may or may not be an actual email address, but it is not where the email actually originated. Targeted versions of phishing have been termed “spear phishing.”
What to Do If You Receive a Phishing Message
First, do not respond to the phishing message for any reason, including trying to scold or taunt the sender.
Second, send the message to firstname.lastname@example.org as an attachment (see instructions link below). With the entire phishing email in its original format, the administrators can get the information needed to adjust the IronPort filters to block future phishing messages from this sender.
What to Do If You Have Responded to a Phishing Message
If you responded to a phishing message with your password, please email or call the IT Help Desk and change your password immediately.
If you still have a copy of the original phishing message, send the message to email@example.com as an attachment. With the entire phishing email in its original format, the administrators can get the information needed to adjust the IronPort filters to block future phishing messages from this sender.