Malicious email targeted at harvesting usernames and passwords09/21/09
To: All Mines employees and students
Re: Malicious email targeted at harvesting usernames and passwords
Over the last several weeks the CCIT email and security teams have noticed an increase in the number of malicious emails (a.k.a. Phishing attempts) received by members of the Mines community. A typical email purports to be from Mines email administrators and instructs the recipient to reply to the sender with the recipient's username and password or other personal information. Any email or other communication that claims to be from Mines and asks you to send your password is a fake. No Mines system administrator will ever ask you to send a password via email.
These scams are coming to campus at a particularly inopportune time. CCIT is in the process of making significant changes to the School's email systems. We are migrating student email accounts to Google's MyMail service and employee email accounts to a new Microsoft Exchange environment. Due to the uncertainty created by these changes people who would not normally consider responding to a phishing attempt may wonder about their validity. CCIT would like to take this opportunity to emphasize that our staff will never need to ask you for your password, and that you should never respond to an email asking for your password or other sensitive information. The mechanism used by CCIT to migrate accounts over the coming weeks will vary depending on the situation, however in all cases CCIT will either provide you with an initial password or send you information about how to set your own password - we will never ask you to tell us or send us your password.
If you ever receive a message and have any doubts about it's legitimacy please do not hesitate to contact CCIT for verification. The most efficient way to contact CCIT is through the Mines Help Center (http://helpdesk.mines.edu).
Phil Romig. Ph.D.
Chief Information Security Officer
Colorado School of Mines
Routine and preventative maintenance which involve service interruptions are posted here. Please bookmark this page!