Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
News
Security News Archives
2008
September
Security Alert - Fraud Emails - CARNEGIE MELLON UNIVERSITY INTERNET USER
Accounts
Network, Phone & TV
Software
Email & Calendar
Secure Your Computer
Clusters & Printing
Web Services
Classroom & Event Support
Training & Education
Technical Support & Services
Campus Partners
Information Security Office (ISO)

Security Alert: Fraud Emails - CARNEGIE MELLON UNIVERSITY INTERNET USER

Who: Everyone

What:  Fraud Emails - CARNEGIE MELLON UNIVERSITY INTERNET USER

When:  September 29, 2008

How:
Phishing Emails Sent to Carnegie Mellon Accounts Fraud emails have recently been sent to Carnegie Mellon email accounts claiming to be from Carnegie Mellon University <cmu@webmaster.com>.  The fraud messages ask people to reply with their Full Name, User Id, and Password.  PLEASE ENABLE SPAM FILTERING AND DO NOT REPLY!


A sample of the fraud message follows:

From: Carnegie Mellon University [mailto:cmu@webmaster.com]
Sent: Monday, September 29, 2008 2:14 PM
To: undisclosed-recipients:
Subject: CARNEGIE MELLON UNIVERSITY INTERNET USER

Dear Carnegie Mellon University Email Account Owner,

To complete your Account Verification process, you are to reply this
message and enter your password in the space provided (*******), you
are required to do this before the next 48hrs of receipt of this
e-mail, or your Webmail Account will be de-activated and erased from
our database.

Full Name:
User Id:
Password:

Your account can also be verified at;
https://qatar.webiso.andrew.cmu.edu/login.cgi
Thank you for using cmu.edu Copyright 2008 The Carnegie Mellon University.

What You Need To Do:
If you suspect your computer has already been compromised, STOP! Read and follow Responding to a Compromised Computer.

If your computer is managed by a Carnegie Mellon departmental computing administrator, please consult that person before making any system changes.

Follow the detailed steps below:

  1. If you sent your password in a reply, change your password immediately and contact the Computing Services Help Center.
    1. Change to a strong password by visiting the My Accounts: Password page.
    2. Contact the Computing Services Help Center at x8-HELP(4357) or send email to advisor@andrew.cmu.edu.
  2. Enable the Andrew Spam Filter to prevent receiving these fraud messages in your INBOX.
    See Enable Spam Filter Using Portal
  3. If you received the fraud email, delete it.
  4. Secure Your Computer***
    Mac instructions
    Windows Vista instructions
    Windows XP instructions

Contact:
Please direct any questions or comments to the Computing Services Help Center at x8-HELP (4357) or advisor@andrew.cmu.edu, or to your departmental administrator or DSP consultant.