Earlier today selected members of the Brandeis community received phishing email with the heading “MADATORY (sic) SECURITY UPDATE – JANUARY 2010″ claiming to be a mandatory security update from the Brandeis IT department. The message requested that the recipient “click here to protect your account”. Doing so brings up a screen that looks like a valid UNet login page, but instead captures the user ID and password entered by the victim.
In spite of the spelling error in the subject line, the email message is somewhat sophisticated. Brandeis Information Security has blocked the IP addresses associated with the message and notified all recipients of the message. Anyone who inadvertently responded has successfully changed their password and no unauthorized logins have taken place as a result of this phishing attack.
What YOU Can You Do to Protect Yourself (and Brandeis)
- Library and Technology Services will NEVER ask you to provide your password in an e-mail.
- If you receive a suspicious email message, forward it to email@example.com and then delete it.
- DO NOT reply to, click on a web link, or provide personal information in response to suspicious email of any kind.
- If you have doubts about a web link type in the correct address of the intended website yourself.
- If you accidentally respond to phishing CHANGE YOUR PASSWORD immediately and call the Help Desk.
LTS is able to block almost all fraudulent messages before they ever reach your e-mail account. We need your help with the very few that get through. Please be vigilant by adhering to these recommendations.
Chief Information Security Officer
Library and Technology Services