Beware: Phishing Attempts Continue
By Jody Record, Campus Journal Editor
November 17, 2010
A warning from UNH IT security is once again cautioning computer users against responding to, or opening links in, suspicious looking e-mails. If you have any doubts about the nature of an e-mail, call the IT help desk at 2-4242 to verify its legitimacy before responding.
Two recent phishing attempts appear authentic because of their references to UNH. One cites security procedures employed by the university, and the other references the IT help desk. The first reads, “While UNH adopts appropriate security practices to enhance your experience of our services due to suspicious and fraudulent activities, intruders, viruses and malicious. it is also important….”
The sender is listed as Candace Clarke [firstname.lastname@example.org] with the subject line “unh.edu/newwebmail/services.”
There are several indications that this is a bogus e-mail. First, the sender’s e-mail doesn’t end with ‘@unh.edu’ as you would expect a legitimate UNH e-mail to do. Second, the first sentence is incomplete, and the second begins with a lower case letter—both common signs that an e-mail is actually a phishing attempt. Incomplete or run-on sentences, poor spelling and punctuation, and misuse of capitalization (starting a sentence with a lower case letter or capitalizing a word in the middle of a sentence that shouldn’t be capitalized) are all clues of phishing.
Threats of lost opportunity if you don’t act immediately are an indication that you should proceed with caution as are instructions to open a link.
The second phony e-mail recently circulating states:
“IT Help Desk is currently performing maintenance and upgrading it's
database. We intend upgrading our Email Security Server for better on-line
It is strongly recommended you send to this office your account
information immediately to enable Help Desk reset your account. You will
be sent a new confirmation alphanumerical password.”
While referencing the help desk makes the e-mail sound legitimate, users should know immediately that it is not as UNH will NEVER ask for passwords, social security numbers, credit card numbers, or other legally protected information by e-mail. Do not respond to any such requests.
Remember, if you have any doubt about an e-mail, contact IT. You can view additional information about recent phishing attempts at http://it.unh.edu/index.cfm?ID=E4CD2275-DDDE-4E66-93C660E022179925.