E'mail Scams: Nobody needs your personal information
You will frequently receive messages which claim that your email or other sevice is changing and which ask you to reply with your password and other personal information. These messages are all scams being sent by criminals. You must
NEVER provide your password in email messages.
For example, a recent e'mail message was received by many people at Cornell which claimed
From: Cornell Team
Subject: UPGRADE YOUR CORNELL ACCOUNT NOW
It was bogus.
A few people have recently received an e'mail message claiming to be from CORNELL and asking for personal information, including social security number and passwords.
That message is not from Cornell and you should not respond to it.
You should
NEVER provide personal information in an e'mail message.
Below is the text of Cornell's official response to this event.
SECURITY ALERT: Phishing email re. Cornell accounts
From: Information Technologies Special Bulletins
Subject: SECURITY ALERT: Phishing email re. Cornell accounts
Please be warned that a deceptive email is circulating on the campus
that suggests Cornell is making changes to email accounts.
Do not reply to that email. It is a phishing attempt intended to gather
your personal information.
No department at Cornell University, including Cornell Information
Technologies, would ever request these types of information from you via
email.
Also, there are no immediate plans to make any changes to Cornell email
accounts.
If you replied to that deceptive message, please immediately notify your
local technical support staff, or the CIT Contact Center (HelpDesk) by
calling 255-8990.
* More details
The deceptive message is currently coming from "Cornell Team" and has
the subject line "Upgrade your Cornell account now".
The body says that Cornell is upgrading its site and that you must send
your email account information within the next 7 days. The information
requested includes user name, password, and date of birth.
At the end of the message is a verification code.
If you receive this deceptive message, delete it. Do not reply to it.
Thank you for your attention to this security alert. We hope it has
proven useful.
Cornell Information Technologies
IT Security Office
www.cit.cornell.edu/security
--
SeldenBall - 12 Feb 2008