Saturday, July 19, 2008

Techno Evil - UAA Email Phishing Scam

Here's a reason why it pays to do things that improve your critical thinking skills. Some people would argue that people who fall for computer scams have only themselves to blame. But we all have times of vulnerability - we're tired, busy, distracted, too trusting. Some people just do not have the cognitive skills to see through these things. There are lots of people out there - fetal alcohol syndrome folks - for example - who appear to function ok, but whose reasoning and judgment abilities are physically damaged.

So, I'm sure there will be some UAA email account holders that fall for this scam. Additionally, a lot of students are going to be pissed at the university for threatening to cut off their email in seven days. This is a total FRAUD.

Here's the email:

From View message header detail ")'>UAA UPGRADE TEAM *BETA*
Sent Saturday, July 19, 2008 9:31 am
To Undisclosed recipients: ;
Subject Confirm Your University of Alaska Anchorage Web-Mail Account
Confirm Your University of Alaska Anchorage Web-Mail Account

Dear Web-Mail Account User,
This message is from Web-Mail messaging center to all Web-Mail Account users. We are currently upgrading our data base and e-mail center. We are deleting all unused Web-Mail Accounts. You are required to verify and update your Web-Mail by confirming your Web-Mail identity. This will prevent your Web-Mail account from been closed during this exercise. In order to confirm you Web-Mail identity, you are to provide the following data;

Confirm Your Web-Mail Identity Below;

First Name:...................
Last Name:...................
Username : ...............
Password : ................

Warning!!! Any Web-Mail Account user that refuses to verify and subsequently update his/her Web-Mail within Seven days of receiving this warning will lose his/her Web-Mail Account permanently.

Thank you for using!
Warning Code:VX2G99AAJ

Thank you in anticipation for your co-operation.

Web-Mail Service
University of Alaska Anchorage

Scam watch offers the following list of warning signs for phishing scams:

  • You receive an email claiming to be from a financial institution. This message may seem to be from your bank or from a bank that you don’t have an account with. The email contains a link which leads you to a website where you are prompted to enter your bank account details.
    This is scamming a university, not a financial institution.

  • The email does not address you by your proper name.
    There is no personal name at all.

  • The email might contain typing errors and grammatical mistakes.
    Web-Mail is usually written webmail. And they left the 'r' off 'you' here - "confirm you Web-Mail identity' but otherwise it's pretty good.

  • The email might claim that your details are needed for a security and maintenance upgrade, to ‘verify’ your account or to protect you from a fraud threat. The email might even state that you are due to receive a refund for a bill or other fee that it claims you have been charged.
    Here's where it gives itself away the most.
    • it claims the system is upgrading
    • it wants you to verify your account
    • instead of offering a refund, it threatens to shut down your account in seven days

Cynics Unlimited has an even more detailed list with another sample phishing email. They define phishing this way:

Phishing, in practical terms, is an attack used by hackers to gain access to private information such as credit card numbers, social insurance numbers and user passwords. Rather than breaking down a physical or technological barrier, phishing is a social engineering attack where targets are typically duped into providing this information directly to false versions of legitimate websites run by the hackers. Personal information can then be used for fraudulent purchases, resale to third parties and even identity theft. While there are no universal statistics on the number or nature of phishing scams, most security websites agree on the following:“ (then comes their list of things to look out for).

1 comment:

  1. I NEVER use my UAA e-mail account. Having to log into blackboard is dangerous enough.

    I didn't even know I had a UAA e-mail address, until the first week of April, 2004, when I started getting hate mail and weird politico-religious polemical rants. They weren't random. They were all directed to me. And re-directed to my regulr e-mail, which crashed. Three times in the next two weeks.

    It peaked around the 11th at about 300-plus per hour.


Comments will be reviewed, not for content (except ads), but for style. Comments with personal insults, rambling tirades, and significant repetition will be deleted. Ads disguised as comments, unless closely related to the post and of value to readers (my call) will be deleted. Click here to learn to put links in your comment.