PULLMAN, Wash. – Two different phishing scams are peppering Washington State University employees and students email boxes, attempting to collect people’s account information. The phishing emails have been reported by a number of Washington State University employees in different departments, according to Information Services.
The newest phishing email is more sly, in that it mimics WSU email in appearance and is circulating on campus.
New phishing scam from ‘webmaster’
It may look authentic, but is not, say WSU IS officials. It will show as from “email@example.com” with the subject line of “FW: Account maintenance” and contains the following message:
“Attention: Washington State University user,We are currently engaged in account maintenance service. As a subscriber, you are required to confirm your continued membership. Failure to confirm your continued membership will lead to service suspension.[link– has been removed for your protection]This is to improve ourservice quality. We are sorry for inconveniencesNOTE: You are required toupdate your accountwithin 24-hourCustomer CareCase number: 8941624Property: Account SecurityCopyright © 2012 All rights reserved.”
Second email from Sunami
The phishing email shows as from “firstname.lastname@example.org” with the subject line of “Increase Your MailBox Size (Washington State University).” It contains the following message:
“Hello User: Your email has reached its maximum quota of 50MB storage, you might not receive further emails. Visit the URL below or copy and paste into your browser login and follow the instruction to up-grade for more storage space.[Link-has been removed for your protection.]Ensure to click log out if using a public computer.Support.”
Here’s what to do
If you do not reply to the email, then you are fine – there’s nothing more you need to do. If you did click on the link, but didn’t enter any personal information, (such as your Network ID or password), then the phishers will not have your account information and there’s nothing more you need to do.
However, if you responded to the phishing email and entered your Access ID or Network ID and password or any other personal information, the phishers will have collected that information, and you should take immediate and appropriate action. The IS Security Office recommends that you change your password immediately and contact the IS Help Desk at 509-335-4357 or email@example.com.
For your protection, the IS Security Office recommends that you never respond to requests for personal information that may be contained in suspicious emails, voice messages, or text messages. It is best to assume any solicitation of personal information employing these methods, is not authentic.
For further assistance or questions please contact your departmental IT support staff or the Help Desk at 509-335-4357 or firstname.lastname@example.org.