Last night at 10:20PM CST, the droid’s green status light started blinking. It was an email on one’s school email. Titled “An Important Message From The University of Minnesota”, the message claimed that one needed to provide information in order to retain one’s email account after a mail server upgrade. 25 minutes later the message was sent again. The email, in it’s textual entirety is as follows:
Dear Webmail User,
Due to high volume of unused account on our server and the upgrade of The University of Minnesota webmail Service, we hereby request every webmail account holders to submit the below information for our server upgrade purposes.
Name:
Email:
Password:
Department:
failure to submit the above information may lead to automatic closure of your webmail account as we are upgrading our server to serve you best.
We appreciate your continued co-operation.
Well, let’s see here. Let’s start with information the sender already had (if they were legitimate). Anyone that has a University of Minnesota email can find the full name of any UMN email address, so asking for one’s name was not necessary. Second, asking for one’s email address, why? Seriously, emails don’t just randomly appear in inboxes (well truth be told, gmail has delivered mail not addressed to one, in one’s inbox before).
Now onto the information that sender doesn’t need to know (to do their job, assuming they are legitimate). One’s password, which one did they want, the email one? Oh wait, with the way the University does its online authentication, the password would be one’s x500 password. The fact that the University uses a global authentication system means that the password is irrelevant for email servers (or any individual server for that matter). Never mind the fact that you should never, under any circumstances send a password via email (especially to unknown recipients). Finally, the request for one’s department. Well that one makes even less sense. One’s department is completely irrelevant to one’s University email account.
At one point, one was tempted to reply with fake information (possibly containing highly inflammatory language). Looking at the headers, one found that the email was sent through Yahoo’s mail servers (originating from att-entries@att.net), the reply to address was securies.edu@gmail.com (feel free to sign this address up for copious amounts of spam, send fake replies to undermine their Phishing operations, or do both).
If all of that wasn’t enough to place the message into the spam/phisher bin there was the top image, linked from a non UMN website. The phisher also used a footer that official UMN email has not used for at least a semester now.
-John Havlik
[end of transmission, stay tuned]