I just got an email from someone in IT asking me to confirm my account password and when I click on the link, it asks if I’m “staff”, “faculty” or a ‘student”. But I work for a business, i’m not at a school. Is this legit or a scam?
I bet you already knew the answer to this question before you sent it in, actually. Any time there’s a question, it’s a scam.
Let me repeat that:
If it seems unlikely or bogus, it is.
The best strategy with these sort of messages is to just delete them, but since you asked, let me explain what’s going on when you get one of these messages: they’re trying to get your login and password pair. Why? Because then they can hijack your account and use it to send spam, harvest your address book and send all your friends a note purportedly from you asking for a short term loan to cover an emergency expense (jail, probation, a bribe to escape a bad situation in a foreign country, or even just the classic “lost my money and ID, can you wire me $50 to help”).
Whatever their plan, these attacks are known as phishing attacks and are an integral part of modern identity theft.
And they’re bad news.
Here’s one I recently received that’s very similar to yours:
On first glance, it seems like it might be legit (though Apple Mail has identified it as junk mail).
A closer look reveals some odd things. First, who is Deborah Margaret Skilliter? More importantly, notice the copyright: “Copyright 2013. The System Administration Management Team.” Um, why would any email be copyrighted and particularly why would the IT team have their own copyright notice?
In fact, if you look more closely, there are lots of grammatical errors, including “new mails will be Blocked and Filter, for safe please,”
Still, Apple Mail does what a lot of email systems does, popping up a tip box with the destination link if you move the cursor over a link but don’t actually click on it:
I’m already suspicious of the message, but “jimdo.com”? Wouldn’t IT use our own secure server?
In the interest of documenting things, I’ll take one for the team and click on the link. You don’t want to do that because it’s an easy way to have some malware injected into your system through Web browser security flaws. But I’ll do it. 🙂
Here’s what’s revealed:
On first glance, again, it looks legit. Except for the typos, spelling errors, and odd questions it’s asking.
Oh, and the cunning prompt for your “login code” because the form system automatically includes “Never submit passwords in forms!” at the bottom. Oops.
Still, points to them for including the Captcha system on the phishing form, I guess.
If you do fill things in — anything at all — and submit the form, you’ll get a confirmation message:
One presumes that “SUCKER!” or “GOTCHA!” would tip people off that there’s something wrong, but it’d be more accurate.
If you do ever fall for one of these scams, don’t worry too much. It happens.
Just immediately go change your account password.
Then you should be okay, though I would notify the real IT team about it so they can monitor and watch for potential break-in attempts.
A couple of months ago, I received what turned out to be a legitimate notice from Adobe that there had been an attack on their system, and that “attackers may have obtained access to your Adobe ID and encrypted password”. I *almost* sent it to the trash bin, thinking it was yet another phishing scam, except…
It was not sent to “undisclosed recipients” (or some massive list of “cc”s). Rather, it was sent to the email address I use for my Adobe account, and *only* to that address.
It was not asking me for *any* personal information to “verify” anything. Rather, it was directing me to the “password reset” page, where I enter only my Adobe e-mail address (the same address to which the e-mail was sent) and nothing else. (It then sent an e-mail with password reset information, just like an “I forgot my password” process.)
Finally, all links in the e-mail (yes, it was sent in HTML, and had live links) actually went to “adobe.com”.
The only thing missing (IMHO) was to include my name (which Adobe has from when I registered) in the e-mail.