"phishing = a form of identity theft"
I want to encourage all of you to read this e-mail. It is important for each of you to clearly understand what is at risk. Over the past few months we have witnessed a substantial increase in the number of e-mails that are being sent out anonymously requesting personal information. While many of you may not consider the login to the campus network or your e-mail account(s) personal information we must be absolutely clear that it is personal information. And you really need to regard your login(s) and password(s) to whatever accounts you may have either at the college or on your own as personal information. Safeguarding them is essential.
We are all likely to receive e-mails from a source that is unknown or appears to be remotely known and that is often called SPAM. We generally block SPAM to the degree we can and yet we still get too much SPAM. We all also receive e-mail that states something like your "network administrator is reviewing your account information" and you need to submit the following information or your account will be frozen or deleted". In this type of SPAM the senders are hoping someone will reply to this form of SPAM called "phishing" (fishing for personal information) and offer up their user account information which would include login and password information. Let me be perfectly clear at this point: No Network Administrator is ever going to solicit for this kind of information via e-mail! It just will not happen. This type of e-mail is clearly phishing and should simply be deleted.
You could ask the question: what harm can it do to make a mistake and reply to the request? This kind of question is very legitimate and needs to be addressed. If you give up your e-mail account login and password to this kind of "phishing" request you allow an unknown user (generally from another country as they appear to be safe and secure from US laws at this time) to have full access to your e-mail account. They are then able to peruse your e-mail account fully and that includes all of your sent mail. It is possible that you may have credit card information or social security numbers in your e-mail listing somewhere. And now it is being shared potentially with a large group. That could easily be the worst case scenario and it has happened to people on our campus in the not too distant past. Another more common thing that happens is that the new owner of your account will use your account to send out more SPAM mail. That has happened all to frequently. We have had two major incidents of this type of action. In June we had an account of a former faculty compromised in this manner and over 500,000 SPAM mails were sent in a very short period of time from this account. Since this account was something like firstname.lastname@example.org it was very easy to track back to our campus. The end result was that Hotmail, Yahoo, and Gmail quit accepting any e-mail from the wsc.edu domain. And it took over 40 hours of diligent work on the part of my staff to get this problem resolved. On November 27th we had another incident of this type. This time only 50,000 plus SPAM e-mails were sent. But again, the end result, Hotmail quit taking our e-mail and we are now working through getting that fixed.
Please, please, please, for your safety and the continuity of all of our work do not give out any personal information via e-mail unless it is an absolutely known source. And never share your users accounts with anyone. Likely they will not guard and secure the information as well as you will. Please change your password(s) as often as requested and keep a unique password that includes a number in it. And the most important password consideration is to avoid reusing the same passwords over and over.
I sincerely hope this helps clear this issue. If it does not please give me a call.
Chief Information Officer
Wayne State College