theCAT
  
Report a Problem:
Email: support@cat.pdx.edu
Phone: 503-725-5420
Location: FAB 82-01
  USERS PLATFORMS SYSTEM RESOURCES    
Home Students Fac/Staff CS Tutors Guidelines Windows Linux Mac Mail Network Software Web TheCAT Sitemap Contact
arrowHome arrow Fac/Staff arrow Beware of Spear Phishing Spam and giving out your passwords Sunday, 30 April 2017  
Fac/Staff
Beware of Spear Phishing Spam and giving out your passwords Print
Written by Janaka Jayawardena   
Monday, 30 September 2013

This is our periodic notice to warn people of dangerous e-mail spam - namely Phishing Spam.  We deal with a few waves of these at the start of term and Fall 2013 is shaping up to be a strong phishing season.  A few recent victims have been costly, leading to main PSU mail servers being blacklisted over the weekend, so please take note.


The CAT and OIT will NEVER ask for passwords via e-mail.


DO NOT follow links in your e-mail that require you to enter your login and password information.


DO NOT send out any unencrypted, sensitive information via e-mail.


No SSNs

No passwords

No credit card information

NOTHING sensitive


Beware of messages that claim to be about problems with your webmail account, storage space or warnings of illegal activity that end up asking you for your password. Recent scams have had headers such as:


Thank you for using Portland State® Office E-mail Account?

Warning!!

Valid Account Upgrade for Verification

Mail Quota Exceeded!!!

Verify Your E-Mail Account Soon!

Verify Your E-Mail Account to Prevent Deletion


These are often indications of a Phishing Attack on you.  DO NOT reply to these e-mails and notify support staff if you are concerned.


If you have sent out your information to a Spear Phish attempt, change your password and let us know immediately.  (And no, we do not want to know what your password is!  Do not send it to us.)


If you have any questions about this, contact us at the usual place:


support@cat.pdx.edu or 503-725-5420


What is this all about?

-----------------------------


Phishing is where the attacker tries to trick you into giving out sensitive information. Spear phishing is where the e-mails are specifically tailored to a target audience with a theme they might respond to. It relies on social engineering the victim to fall for the e-mail and give up some information the attacker wants.


What happens if you give out your login and password?

------------------------------------------------------------------------

They use the compromised accounts on our systems to send out more spam to other places.  Since it is coming from a legitimate site (us!), it usually gets through most spam blockers. This results in

Maseeh College mail servers getting blacklisted all over the net which then prevents all our users from sending e-mail to various destinations until we can get ourselves de-listed. This can take days and sometimes weeks. You can see the chaos that can happen if this occurred around assignment due dates or finals week and your instructor is trying to reach you.


Last Updated ( Monday, 30 September 2013 )

©1999 - 2017 TheCAT