So, I'm sure there will be some UAA email account holders that fall for this scam. Additionally, a lot of students are going to be pissed at the university for threatening to cut off their email in seven days. This is a total FRAUD.
Here's the email:
| From |  ")'>UAA UPGRADE TEAM *BETA* |
| Sent | Saturday, July 19, 2008 9:31 am |
| To | Undisclosed recipients: ; |
| Cc | |
| Bcc | |
| Subject | Confirm Your University of Alaska Anchorage Web-Mail Account |
Dear uaa.alaska.edu Web-Mail Account User,
This message is from uaa.alaska.edu Web-Mail messaging center to all uaa.alaska.edu Web-Mail Account users. We are currently upgrading our data base and e-mail center. We are deleting all unused uaa.alaska.edu Web-Mail Accounts. You are required to verify and update your Web-Mail by confirming your Web-Mail identity. This will prevent your Web-Mail account from been closed during this exercise. In order to confirm you Web-Mail identity, you are to provide the following data;
Confirm Your Web-Mail Identity Below;
First Name:...................
Last Name:...................
Username : ...............
Password : ................
Warning!!! Any uaa.alaska.edu Web-Mail Account user that refuses to verify and subsequently update his/her Web-Mail within Seven days of receiving this warning will lose his/her Web-Mail Account permanently.
Thank you for using uaa.alaska.edu!
Warning Code:VX2G99AAJ
Thank you in anticipation for your co-operation.
Sincerely,
Web-Mail Service
University of Alaska Anchorage
Scam watch offers the following list of warning signs for phishing scams:
- You receive an email claiming to be from a financial institution. This message may seem to be from your bank or from a bank that you don’t have an account with. The email contains a link which leads you to a website where you are prompted to enter your bank account details.
This is scamming a university, not a financial institution.- The email does not address you by your proper name.
There is no personal name at all.- The email might contain typing errors and grammatical mistakes.
Web-Mail is usually written webmail. And they left the 'r' off 'you' here - "confirm you Web-Mail identity' but otherwise it's pretty good.- The email might claim that your details are needed for a security and maintenance upgrade, to ‘verify’ your account or to protect you from a fraud threat. The email might even state that you are due to receive a refund for a bill or other fee that it claims you have been charged.
Here's where it gives itself away the most.
- it claims the system is upgrading
- it wants you to verify your account
- instead of offering a refund, it threatens to shut down your account in seven days
Cynics Unlimited has an even more detailed list with another sample phishing email. They define phishing this way:
Phishing, in practical terms, is an attack used by hackers to gain access to private information such as credit card numbers, social insurance numbers and user passwords. Rather than breaking down a physical or technological barrier, phishing is a social engineering attack where targets are typically duped into providing this information directly to false versions of legitimate websites run by the hackers. Personal information can then be used for fraudulent purchases, resale to third parties and even identity theft. While there are no universal statistics on the number or nature of phishing scams, most security websites agree on the following:“ (then comes their list of things to look out for).
I NEVER use my UAA e-mail account. Having to log into blackboard is dangerous enough.
ReplyDeleteI didn't even know I had a UAA e-mail address, until the first week of April, 2004, when I started getting hate mail and weird politico-religious polemical rants. They weren't random. They were all directed to me. And re-directed to my regulr e-mail, which crashed. Three times in the next two weeks.
It peaked around the 11th at about 300-plus per hour.