I just got an email from someone in IT asking me to confirm my account password and when I click on the link, it asks if I’m “staff”, “faculty” or a ‘student”. But I work for a business, i’m not at a school. Is this legit or a scam?
I bet you already knew the answer to this question before you sent it in, actually. Any time there’s a question, it’s a scam.
Let me repeat that:
If it seems unlikely or bogus, it is.
The best strategy with these sort of messages is to just delete them, but since you asked, let me explain what’s going on when you get one of these messages: they’re trying to get your login and password pair. Why? Because then they can hijack your account and use it to send spam, harvest your address book and send all your friends a note purportedly from you asking for a short term loan to cover an emergency expense (jail, probation, a bribe to escape a bad situation in a foreign country, or even just the classic “lost my money and ID, can you wire me $50 to help”).
Whatever their plan, these attacks are known as phishing attacks and are an integral part of modern identity theft.
And they’re bad news.
Here’s one I recently received that’s very similar to yours:
On first glance, it seems like it might be legit (though Apple Mail has identified it as junk mail).
A closer look reveals some odd things. First, who is Deborah Margaret Skilliter? More importantly, notice the copyright: “Copyright 2013. The System Administration Management Team.” Um, why would any email be copyrighted and particularly why would the IT team have their own copyright notice?
In fact, if you look more closely, there are lots of grammatical errors, including “new mails will be Blocked and Filter, for safe please,”
Still, Apple Mail does what a lot of email systems does, popping up a tip box with the destination link if you move the cursor over a link but don’t actually click on it:
I’m already suspicious of the message, but “jimdo.com”? Wouldn’t IT use our own secure server?
In the interest of documenting things, I’ll take one for the team and click on the link. You don’t want to do that because it’s an easy way to have some malware injected into your system through Web browser security flaws. But I’ll do it. 🙂
Here’s what’s revealed:
On first glance, again, it looks legit. Except for the typos, spelling errors, and odd questions it’s asking.
Oh, and the cunning prompt for your “login code” because the form system automatically includes “Never submit passwords in forms!” at the bottom. Oops.
Still, points to them for including the Captcha system on the phishing form, I guess.
If you do fill things in — anything at all — and submit the form, you’ll get a confirmation message:
One presumes that “SUCKER!” or “GOTCHA!” would tip people off that there’s something wrong, but it’d be more accurate.
If you do ever fall for one of these scams, don’t worry too much. It happens.
Just immediately go change your account password.
Then you should be okay, though I would notify the real IT team about it so they can monitor and watch for potential break-in attempts.