You are here
There is a growing problem of attempts to solicit personal information including Social Security Numbers, Birthdates, User Names, and account Passwords over e-mail.
SUNY Potsdam employees will never ask for this information over e-mail. Further, anything that threatens to deactivate your account if you don't respond, deactivate your account because of upgrades (and you need to respond) are always phishing emails attempting to trick you.
Such solicitations are called "phishing" and are attempts to steal your personal information.
There are many warning signs that can alert you that you might be giving away your account information. Below are two examples of phishing emails with many "red flags" highlighted and noted:
Anatomy of a Phishing Email (Example 1)
This is an example of a phishing email that is trying to get you to reveal your username and password by replying to it.
From: "firstname.lastname@example.org" <email@example.com> Date: August 1, 2008 9:20:54 AM EDT To: "undisclosed-recipients": ; Subject: Update Your POTSDAM E-mail Account Reply-To: firstname.lastname@example.org Dear POTSDAM Users.
The reason for this message is because of the Email Scams & Phishing going on the POTSDAM Network. We have decided to contact all our students and staff to provide their password so that we can confirm the active users and to de-activate the inactive user.2We regret the inconveniences this might have cost you.3
Please provide us with the below details.
If you are unable to respond to this email for any reason, please visit the following webpage and update your account details there: http://www.example.com/accountnotice4
With the above details we can verify active potsdam.edu account.5
2008 The State University of New York at Potsdam, all rights reserved. The State University of New York at Potsdam, 44 Pierrepont Avenue, Potsdam NY 13676, (315) 267-20006
1When you attempt to reply to the email, the address you are sending to is not a potsdam.edu address.
2SUNY Potsdam employees will never ask you for your account information over email.
3Many of these phishing emails originate overseas where English is not the perpetrator's native language. Look for grammatical errors or sentences that "don't feel right."
4Pay attention to the URL of a web site; malicious web sites may look identical to a legitimate site but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
5We can verify an active account many, many different ways; all of them easier than asking our entire user population to reply to an email.
6Often a phishing attempt will use something from the host site to make it look "official."
Anatomy of a Phishing Email (Example 2)
This is an example of a phishing email this is trying to get you to go to a web page to enter your username and password under the guise of some service change.
From: "email@example.com" <firstname.lastname@example.org>1 Date: August 1, 2008 9:20:54 AM EDT To: "undisclosed-recipients": ; Subject: A new settings file for the email@example.com mailbox has just been released Reply-To: firstname.lastname@example.org Dear user of the potsdam.edu mailing service!2
We are informing you that because of the security upgrade of the mailing service your mailbox (email@example.com) settings were changed. In order to apply the new set of settings click on the following link:3
Best regards, potsdam.edu Technical Support.
1The reply to address looks out of place or not one you may have seen before.
2Many of these phishing emails originate overseas where English is not the perpetrator's native language. Look for grammatical errors or sentences that "don't feel right."
3We can globally apply changes to security settings to all accounts easily. If it was critical that this be done, it would be simplier and more reliable to do so than asking our entire user population to reply to an email or visit a website.
4Pay attention to the URL of a web site; malicious web sites may look identical to a legitimate site but the URL may use a variation in spelling, a different domain (e.g., .com vs. .net), or when visited with your browser do not show the link as the same you've been instructed to click on.
5Some phishing emails include an official looking ID number. Ask yourself: "how would I verify that this jumble of numbers and letters means this email is real?" "What purpose does this jumble of numbers and letters serve?" "Does CTS have a site where I can verify this?" "Have I ever seen something like this from CTS before?"
Frequently Asked Questions
Q: Why can't these emails be stopped before I get them?
A: While our filters do catch some generic phishing emails, those that are customized to a particular site or are recently released, are basically unstoppable. Many on the planet who received this email before you undoubtedly responded with their username and password and now the phishers are sending out more such phishing emails using those folks compromised authenticated credentials via their ISP's legitimate mail server.
Q: What happens if I respond to one of these emails?
A: Immediately change your password by visiting http://account.potsdam.edu. If your account remains compromised, CTS will scramble your password once we see thousands of outbound emails from your account.
Q: Why doesn't CTS send out a warning email when large numbers of these start appearing?
A: CTS does not want to get people in the habit of receiving warning emails because CTS staff do not always receive the same phishing emails as the rest of campus. If this were to happen, the perception would be, "I didn't get a warning from CTS, so it is okay for me to reply to this."
Q: Do I need to forward these to CTS or alert CTS when I get a phishing email?
A: There is no need to alert CTS at this time.