EMAIL PHISHING – BE VIGILANT
Spammers continue to target CCM in an attempt to deceive users into giving up their CCM credentials so that they can take control and send thousands of messages out of a compromised email account. Most of these deceptive emails promise an account upgrade with new features, or a rise in a disk space quota that we don’t even use.
Please be vigilant when you see something like this. Information Systems will never send messages asking you to supply your username and password in order to perform any tasks regarding your CCM email account. Any messages you receive like that should be regarded as a SPAM/Phishing attempt and should be deleted immediately.
ANATOMY OF AN ATTACK
Here is what happens, once a spammer deceives someone into giving up their CCM credentials:
The spammer logs into the e-mail account through our web based e-mail system with the compromised credentials.
They then create a rule to delete all new messages that arrive in your inbox. The reason for this is when they start sending out messages from the account, many un-deliverable messages will start coming back. If the user doesn’t see these messages, they don’t know their account has been compromised.
The spammer then starts to send out messages in bulk, sometimes numbering in the thousands.
CCM’s e-mail server then either gets “blacklisted” or gets a Sender Reputation rating of poor. Once other e-mail systems see our server is blacklisted or has a poor rating, they then stop accepting all mail from CCM, legitimate or not. We then have to go through the process of getting de-listed from the blacklists, which is not easy in some cases, and one blacklist actually charges money to get de-listed, for the second request in 30 days. As far as receiving a poor reputation, our reputation only improves after 3 days of non-spam activity. We cannot request our reputation to be changed. You may have received some delivery delayed or un-deliverable messages from some e-mails you sent out recently, this situation is why that is happening.
We have had 5 accounts compromised in the past week that we know about, there may be more. The spammer waits a day or two to access another compromised account after we go through the process of stopping the last one and getting de-listed. We are doing everything we can to mitigate these incidents, but there is no stopping them once they deceive someone into getting their credentials. We can only clean up the mess.
WHAT CAN YOU DO
- Be EXTREMELY wary of links within e-mail messages, even if it is from someone you know. If you are not sure, Contact the Solution Center if you believe a message might be a phishing attempt. It can possibly help us stop them.
- If you think you may have been deceived into giving up your CCM credentials, change your password immediately. You can do this on campus by hitting Ctrl-Alt-Del at your computer and selecting the Change Password option. From off-campus, log into your e-mail account through our Faculty and Staff Email System, hit the gear icon in the upper right hand corner, and then navigate to the My Account page and click the “Change your password” link on that page. Remember, passwords now have a minimum length of 15 characters – an easy for you to remember sentence or phrase is strongly suggested.