Phishing Emails sent to Carnegie Mellon Accounts
SCS Computing Facilities has received the following announcement from campus Computing Services.
*** To verify the authenticity of this message, see Security News & Events at ***
WHAT: Phishing Emails Sent to Carnegie Mellon Accounts
WHEN: Feb 21, 2008
HOW: Fraudulent emails have recently been sent to Carnegie Mellon email accounts claiming to be from the "CMU SUPPORT TEAM " asking people to reply with their "CMU Webmail account" passwords.
A sample message follows:
"From: CMU SUPPORT TEAM Date: Fri, 22 Feb 2008 05:30:05 +1100 Subject: Confirm Your E-mail Address Dear CMU Webmail Subscriber, To complete your CMU Webmail account, you must reply to this email immediately and enter your password here (*********) Failure to do this will immediately render your email address deactivated from our database. You can also confirm your email address by logging into your CMU Webmail account at XXXXXX Thank you for using CMU.EDU ! THE CMU.EDU TEAM"
WHAT YOU NEED TO DO:
If you suspect your computer has already been compromised, STOP! Read and follow "How to Respond to a Compromised Computer":https://www.cmu.edu/iso/governance/procedures/first-respond.html
If your computer is managed by a Carnegie Mellon departmental computing administrator, please consult that person before making any system changes.
Visit the web page at and follow the detailed steps provided there to:
- If you sent your password in a reply, change your password immediately and contact the Computing Services Help Center.
- If you did not reply to the message, delete it.
- Secure Your Computer
For more information about this security alert, visit:https://www.cmu.edu/iso
Please direct any questions or comments to the Computing Services Help Center at x8-HELP or firstname.lastname@example.org, or to your departmental administrator or DSP consultant.
Information Security Office
Carnegie Mellon Universitywww.cmu.edu/iso