The short answer is: NEVER RESPOND TO EMAILS LIKE THIS. Any email asking you - either directly or indirectly - for your username and password, no matter how genuine it looks, has criminal intent and you must NEVER respond. |
Most of us at some time or another will receive an email claiming to be from an IT support service or an account manager, and asking you to provide your username and password, and sometimes other personal details. Frequently, the emails claim that your email storage limit has been reached or exceeded or that your account will be closed if you do not respond.
The email may ask you to respond directly to disclose your username and password (and perhaps other personal information), or it may make an indirect approach by providing a clickable link to a website which may ask the same.
THESE EMAILS ARE ALWAYS FRAUDULENT. They are known as "phishing" emails and they are very common and widespread. Some may even appear to be from the University of Sussex IT Services. They may look genuine at first glance, but a closer look at the emails (particularly the sender's email address) will show that they will not have been sent by any genuine IT service but by someone fraudulently posing as such a service. See what could happen if you responded.
DON'T BE FOOLED! Sussex IT Services would never ask you to send your password through email or by any other means. The same will be true of any other reputable email service provider you may be using.
REMEMBER! Your password is for your use alone and you must keep it secret.
The University's Regulations forbid you from sharing your password with anyone, including IT Services staff. IT Services will not ask you for your password over the phone, by email, or by any other means.
If you ever receive an email asking for your username and password details, NEVER RESPOND to it, and NEVER open any attachments it contains. NEVER provide your details through any website linked in the email.
See the sections below to find out more.
The possibilities for personal, academic and professional damage are almost limitless. Think about it! Once your username and password have been obtained by a hacker, they could do any of the following:
Unfortunately, despite our best efforts over many years to publicise this problem, individuals at Sussex still respond to phishing emails, and this had led to a number of embarrassing and troublesome incidents, and attempts at financial fraud. Other email accounts have been used directly to send out spam or more phishing emails (in some cases to tens of thousands of email addresses). If this happens to you, you may find your address blocked by other institutions and services, which could seriously impede your work.
When we discover phishing emails or they are reported to us (see below), and they are sufficiently widespread, we normally do the following:
None of the above can happen instantly, and often it may be too late to prevent a security breach. That is why we need you to play your part in helping to keep your account secure.
As well as being vigilant yourself from now on, please help us spread the message by telling your friends and colleagues about this problem. You can send them the website address of this article, which could apply to any email service, not just that at Sussex:
www.sussex.ac.uk/its/phishing
The only time that Staff or research students will receive email to warn about their mailbox quota will be an email sent directly by the Sussex Exchange system itself, and labelled as from 'Microsoft Outlook'. This is described in detail in FAQ 2350 under the heading "How Exchange tells you". Note that the email only tells you how much mailbox space you're using and that you're close to or over your allocated limit. It gives no other information and does not ask you to reply with any information, nor does it contain any attachments, nor provide any clickable web links.
If you are a Sussex student or a member of Sussex staff, you are welcome to report or forward instances of phishing emails received by your Sussex account. You can forward them to IT Services Online Support at support at its.sussex.ac.uk (please replace the ' at ' with '@'). It will be a great help to us if you forward the suspicious message complete with its FULL headers: the reasons why, and how you can do it, are described in FAQ 1080.
Note that we cannot help you with phishing email sent to your private email addresses: those are a matter for your email service provider only. However, the general advice given in this article applies equally to any email service you are using.
Note also that if we receive many reports about the same phishing email, it may not be practical for us to acknowledge each report and so you may not get a reply from us (this is simply a matter of practicality - we're not ignoring you). We will, however, act on the reported phishing attempt if it is sufficiently widespread, and we'll also post an alert about it in our Security Alerts page, so please check this regularly.
A very good article about phishing scams can be found on the Hoax Slayer website at:
www.hoax-slayer.com/phisher-scams.html
See also the Anti-Phishing Working Group (APWG) website at
Phishing scams about income tax are quite frequent. HM Revenue & Customs (HMRC) have a useful website giving security advice about online security (including an email address to which to report tax-based phishing emails) at www.hmrc.gov.uk/security
Interesting article (by a victim) in The Guardian newspaper website (13 November 2013):
http://www.theguardian.com/money/2013/nov/13/stranded-traveller-phishing-scam
Please suggest an improvement
(login needed, link opens in new window)
Your views are welcome and will help other readers of this page.
This is question number 1446, which appears in the following categories: