Security Alert: Phishing Email: "Your [id@andrew.cmu.edu] Account is on Restriction

The Computing Services Information Security Office (ISO) received numerous reports from Andrew users today of a phishing email with the subject, “Your [id@andrew.cmu.edu] Account is on Restriction” from a sender address of  Administrator <administrator@andrew.cmu.edu>. In response, the ISO blocked the response Web address and further relaying of the phishing messages. Administrators at the originating site have been notified.   

What should you (or the individuals you support) do if you received this message? Delete it. Do not click on the link, AND DO NOT ENTER YOUR USERNAME AND PASSWORD.

What You Should Do

What if you already clicked on the link and entered your username and password? 

• Change your password immediately using the Carnegie Mellon Identity Manager service athttps://identity.andrew.cmu.edu/.
• If you have access to enterprise applications like SIS, HRIS/HREM, and Oracle Financials, send email to iso-ir@andrew.cmu.edu.

Contact

Please direct any questions or comments to the Computing Services Help Center at 412-268-HELP (4357) oradvisor@andrew.cmu.edu, or to your departmental administrator or DSP consultant.

A sample of the message follows:
 
From: Administrator <administrator@andrew.cmu.edu
<mailto:administrator@andrew.cmu.edu>>
Date: Tue, 8 Nov 2011 08:42:52 -0800
To: <iso@andrew.cmu.edu <mailto:iso@andrew.cmu.edu>>
 Subject: Your [iso@andrew.cmu.edu <mailto:iso@andrew.cmu.edu>]
>Account is on Restrcition.

Carnegie Mellon University
==========================


 We detected irregular action on your e-mail system on November 08, 2011.

As the Primary owner, you must verify your account activity before
you  can continue using your account, and upon verification, we will
remove any  restrictions placed on your account.

 click on the link below:

https://webiso.andrew.cmu.edu/login.cgi
<http://web.ics.purdue.edu/~khenrick/webiso.andrew.cmu.edu/>