Duke-UNC Brain Imaging and Analysis Center
BIAC Forums | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password   Forgot your Password?
 All Forums
 Support Forums
 Windows Support
 Be wary of the emails to change passwords		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

aawineco
Junior Member

USA
31 Posts
Posted - Jan 22 2008 :  11:28:57 AM  Show Profile  Reply with Quote
FYI today I received a fishy email asking me to reply to change my password. I forwarded it on to OIT support, and they replied with the following information/caution:

Good afternoon,

OIT has received multiple complaints over the past few days about phishing attacks asking users to e-mail their password to compromised commercial mail accounts. The text of the message (or something similar) is included below. We assume that the commercial accounts are being monitored for responses containing passwords they may have successfully phished.

The text of the message doesn't contain a trojan URL behind the "www.mail.duke.edu" reference. The link only contains text, so clients that "activate" embedded URLs will display the real webmail interface in the message. Users who click through the link will get to the real webmail interface (which doesn't give the perpetrator anything). We suspect that the embedded link is actually there to try to make the message look more authentic.

We contacted Charter and Yahoo and asked for the compromised accounts to be suspended.


Unfortunately we continue to experience periodic waves of phishing e-mails requesting users to e- mail their passwords to compromised commercial addresses. There are two additional steps we have taken since last night to address the situation.

1. We are blocking any e-mail to the offending addresses at the Duke SMTP servers. These addresses continue to change; thus we are dependent on people contacting the security office and providing e- mail headers so we can keeps tabs on the changing addresses.

2. We are putting a warning message on the webmail front page alerting users that this phishig attack is going on.

We also continue to work with Yahoo, Charter and other providers to have compromised addresses disabled. Please do not hesitate to contact us if you have any questions or concerns.


Please let us know if we can provide further information.

The email that I got read as follows:

Dear DUKE USER,

We wrote to you on 20th January 2008 advising that you change the password on your account in order to prevent any unauthorised account access following the network intrusion we previously communicated.

Whilst we have found the vulnerability that caused this issue, and have instigated a system wide security audit to improve and enhance our current security.

To verify your account, you must reply to this email immediately and enter your password here (*********)

Failure to do this will immediately render your account deactivated from our database.

We apologise for the inconvenience that this will cause you during this period, but trust you understand that our primary concern is for our customers and for the security of their data.
our customers are totally secure.

Thank you once again for your understanding Yours sincerely,

Thank you for using DUKE.EDU
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
BIAC Forums © 2000-2010 Brain Imaging and Analysis Center Go To Top Of Page
This page was generated in 0.4 seconds. Snitz Forums 2000