New phishing attempt hits DukeMail users
May 19, 2009
DukeMail users have reported a new phishing e-mail that warns about a "harmful virus in your account" and suggests that all will be well as soon as you send back your e-mail address, password and mail server. (Actually, the message asks for the "mail saver," but who's counting?)
This particular e-mail is rather poorly done, so it's hard to believe anyone will mistake it for a legitimate request from university IT staff. According to IT security officer Paul Horner, however, every attempt at getting into the Duke network should be considered serious. Anyone with access to your computer or your accounts is one step closer to breaching our secure systems — and accessing the personal data on your machine, as well.
If you've received one of these messages and you want to help prevent similar phishing attempts from reaching users on the Duke system, display the message's full header using these instructions and then forward the message to help@duke.edu.
Also, our standard warning bears repeating: Duke IT personnel will never ask you for your passwords, and you should never give your password to anyone. Even IT personnel who come to your desk to help you with your system will ask you to enter your passwords, and will pointedly not watch you as you input them.
Read more about phishing.