Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
News
Security News Archives
2008
April
Security Alert - Fraud Emails - Please Verify Your Email Address
PUBLICATION: Procedure for Responding to a Compromised Computer
Security Alert - Fraud Emails - PLEASE PROTECT YOUR ANDREW.CMU.EDU ACCOUNT FROM BEING CLOSED
Security Alert - Fraud Emails - ADMIN/HELP DESK: DATABASE UPGRADE.
Security Alert - Verify Your Andrew.cmu.edu Email Account Phishing Emails
Accounts
Network, Phone & TV
Software
Email & Calendar
Secure Your Computer
Clusters & Printing
Web Services
Classroom & Event Support
Education & Outreach
Support & Repair
Information Security Office (ISO)

Security Alert: Fraud Emails - ADMIN/HELP DESK: DATABASE UPGRADE.

Who: Everyone

What:  Fraud Emails - ADMIN/HELP DESK: DATABASE UPGRADE.

When:  Apr 7, 2008

How:
Phishing Emails Sent to Carnegie Mellon Accounts Fraud emails have recently been sent to Carnegie Mellon email accounts claiming to be from "webmaster@cmu.edu" <garyscottchambers23@yahoo.co.uk>.  The fraud messages ask people to reply with their E-mail Password.  PLEASE DO NOT REPLY!


A sample of the fraud message follows:

Date: Mon, 7 Apr 2008 23:58:03 +0100 (BST)
From: "webmaster@cmu.edu" <garyscottchambers23@yahoo.co.uk>
Subject: ADMIN/HELP DESK: DATABASE UPGRADE.

Dear cmu.edu Account Owner,

This message is from cmu.edu messaging center to
all cmu.edu email account owners. The Office of
Information Technology is in the process of migrating
all cmu.edu email accounts to upgraded central e-mail services.

 
We are deleting all unused cmu.edu email accounts to
create more spaces for new accounts.


To prevent your account from being closed, you will
have to provide the information below to update it
so that we will be sure that your account is still
active presently.


CONFIRM YOUR EMAIL IDENTITY BELOW:


E-mail Username : .......... .....
E-mail Password : ................
Date of Birth   : ................
Location        : ................


Warning!!! Account owner that refuses to update his or
her email account within 30days of receiving this warning
will lose his or her email account permanently.


Thank you for using cmu.edu


Warning Code:VX2G99AAJ
Case ID is 1578207.

Kind Regards,

cmu.edu Webmaster.
Please accept our apologies for the inconvenience.

      
---------------------------------
 Yahoo! for Good helps you make a difference

What You Need To Do:
If you suspect your computer has already been compromised, STOP! Read and follow Responding to a Compromised Computer.

If your computer is managed by a Carnegie Mellon departmental computing administrator, please consult that person before making any system changes.

Follow the detailed steps below:

  1. If you sent your password in a reply, change your password immediately and contact the Computing Services Help Center.
    1. Change to a strong password by visiting the My Accounts: Password page.
    2. Contact the Computing Services Help Center at x8-HELP(4357) or send email to advisor@andrew.cmu.edu.
  2. If you received the fraud email, delete it.
  3. Secure Your Computer***
    Mac instructions
    Windows Vista instructions
    Windows XP instructions

Contact:
Please direct any questions or comments to the Computing Services Help Center at x8-HELP (4357) or advisor@andrew.cmu.edu, or to your departmental administrator or DSP consultant.