Date: 10/13/2008
To:     University of Idaho Students, Faculty, and Staff
From: ITS Administration
RE:     UI Password Phishing Scam

Similar to an email phishing scam sent out Summer 2008, another dangerous email scam started 10/11/08 and continued to hit users through 10/13/08 at the University of Idaho. In short, this email scam (forged to look like it came from 'help' or 'helpdesk' and addressed to Uidaho Webmail User) asks UI recipients to supply their UI email user id and password. A few users have filled in their user id and password and responded to the email (which replied back to a hacker(s) at @yahoo.com and other email addresses). 

ITS is able to intercept most responses, but not all. We need your continuing assistance in helping spread the word to your colleagues to not respond to any email asking for your user id or password. Scams such as these are made to look authentic and catch unsuspecting users off guard. In fact, some emails may address you by name and use other identifiers that make the email appear legitimate. 

Please be assured that ITS will NEVER ask users for your password in email. As these scams become more pervasive, please keep your guard up and be suspicious of any email asking for sensitive or confidential information. Anyone asking you for such information by email or telephone very likely wishes to compromise your computeror worse.

This is not the first or last email scam to target the UI campus and we can expect future attempts to be even more convincing. It is good practice to never respond or reply directly to any email that requests confidential information. Use a different mechanism to verify the validity. The ITS security team can help you review suspicious emails. You may contact the security team at security@uidaho.edu.

Harvey Hughett
Tony Opheim
Chuck Lanham