When you receive an e-mail which asks you for your password, or which directs you to click over to a web site purportedly to verify your password, or which asks for other private information (such as your username, password, credit card number, Social Security number, ID number, or the like), you have been targeted by a scam. It is a fraudulent attempt to trick you into revealing such information, and the sender often masquerades as a trustworthy entity. The process is known as phishing.
Please simply delete such messages when you receive them. If you aren't sure about a message's legitimacy, contact ECN before acting on it.
Please be advised that no legitimate Purdue entity will ever ask for your password via e-mail or direct you to go to a web site (on which your username and password are required) to "verify your account" and/or to remove restrictions purportedly placed on your account.
These fraudulent e-mail scams were often written with poor grammar and/or spelling. Lately, though, they have been crafted to look more and more authentic. They often contain links to what appear on the surface to be legitimate Purdue web pages but which actually connect to off-campus sites, some of which might be infected with mal-ware and/or other fake virus alerts.
Here's an example of a fake message which several Purdue faculty and staff received in January 2013:
We detected irregular action on your e-mail system on January 24, 2013.
As the Primary owner, you must verify your account activity before you can continue using your account, and upon verification, we will remove any restrictions placed on your account.
click on the link below:
You can also forward your mail from any other e-mail accounts to your Webmail account so that your contacts won't have to memorize a new e-mail address and you can access all of your mail in one place. You can find forwarding instructions for your other e-mail accounts in their online documentation.
Webmail service has reserved a system maintenance window of Saturdays from 4:00 a.m. to 8:00 a.m. that will be used only if Webmail service needs to perform any work that will take the system off-line. Otherwise, the e-mail system will be available around the clock.
ITAP Exchange Admins
- Wikipedia article on phishing, http://en.wikipedia.org/wiki/Phishing
- "How to tell if an email is fraudulent" section on this SecurePurdue page, http://www.purdue.edu/securepurdue/training/index.cfm
Last modified: 2013/01/25 13:46:19.542207 US/Eastern by
Created: 2013/01/24 15:36:44.870658 US/Eastern by john.a.omalley.1.
- Knowledge Base > Security > E-Mail (Security)
- Knowledge Base > Software > Virus
- Knowledge Base > Security > Virus
- Knowledge Base > Security > Passwords