Warning about email seeking user ID and password- HFM BOCES

According to HFM BOCES Computer Services Coordinator David Patterson, several HFM BOCES employees have reported receiving the e-mail posted below, or one similar to it, that requests the recipient to reply with their e-mail account ID and password.

DO NOT RESPOND TO SUCH AN E-MAIL! JUST DELETE IT. IT IS A phishing ATTEMPT TO STEAL YOUR E-MAIL ACCOUNT USERNAME AND PASSWORD.

Mr. Patterson indicates that if you have received such an e-mail and responded to it, your e-mail account may have been compromised, allowing some unknown person to log-on to your e-mail account or to attack the HFM BOCES mail server and hijack it for the purpose of sending spam.

If you have responded to such an e-mail, take the following action:

• Change your email password. Contact Computer Services at 736-4394 or via ITDirect (http://www.myschoolbuilding.com) if you need help doing this.

• Let HFM BOCES Computer Services know if your account may have been compromised so we can check server logs for possible misuse of your account to send spam from our server.

When Phish stink

Following are some observations to help you distinguish between fraudulent phishing e-mails and legitimate e-mails:

• In the bogus e-mail below, notice that the "From" address is "@jetli.org.cn" rather than "hfmboces.org." This is a huge red flag. However, it is easy to falsify the "From" address in an e-mail, so even if the address appears to be a legitimate source, it may not have really come from that address.

• The "To" address in the bogus e-mail is "Helpdesk@update.com," again not an address likely to have been used for distribution to HFM BOCES employees.

• The reply address that the bogus e-mail wants information sent to is "@gmail.com," not a legitimate corporate address.

Never give anyone your password

HFM BOCES Computer Services, and any other legitimate business, would never ask users for e-mail usernames and passwords. Doing so is not secure, plus could be too easily mistaken for phishing attempts such as this.

You should never give your passwords to anyone else, even someone claiming to be from HFM BOCES Computer Services. If it is absolutely necessary to gain access to your account for some administrative purpose, we have the ability to change your password, and you would be made aware that we had accessed your account.

If you have an questions or problems, contact:

David Patterson
Computer Services Coordinator
HFM BOCES
(518)736-4393
dpatterson@hfmboces.org

Following is a Phishing e-mail from a disreputable source. It is posted here as an example only.

From: "eMAIL Support" <helpdesk01 @ jetli.org.cn > [DO NOT RESPOND TO THIS ADDRESS]
Date: November 18, 2009 12:22:49 PM EST
To: <Helpdesk@update.com >
Subject: eMAIL Management Team !!!
Reply-To: < helpdesk01@jetli.org.cn>

ATTENTION WEBMAIL USER,

The WebMail Management Team is performing a routine Server and Database Upgrade for safer and faster Internet service, all to better your WebMail Network. On this note, all school users of the WebMail Account should provide the information below to enable us Validate and increase your Mailbox Quota. Failure to do this would result in closure of your Mailbox.

Complete and send the following information for verification to this Email: techsupport.team3 @ gmail.com [DO NOT RESPOND TO THIS ADDRESS]

* User eMail ID:
* User Password:

We sincerely apologize for this inconvenience.

eMail Management Team.

What is phishing?
(fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.