IT has received numerous reports about another phishing scam arriving in email inboxes on campus. These messages are not from Valpo IT.The message contains a reference to your account having reached its "maximum of 25MB of storage" and being disabled if you don't "update your web-mail account" by clicking on a bad link and entering your username and password. DO NOT click on the link. DO NOT provide information about your valpo.edu account.
Here are a couple clues to help you identify this type of message as phishing:
If you have compromised your login information as the result of this type of message, change your ValpoNet password immediately. Login to the Account Management System and select the "Change Password" option.
You can also mark the message as a "phishing" attempt within Gmail. When viewing the message, down-pointing arrow in the upper right corner of the message, and select the "Report phishing" option. This will teach the Gmail servers to identify the message as a scam.
Always contact the IT Help Desk (webhelpdesk.valpo.edu, 219.464.5986) if you receive a message and are unsure of its validity. Valpo IT staff will NEVER ask for your account information or ask you to verify your account in this manner.
When evaluating these types of messages, a good rule of thumb is to use your mouse and hover over the link to see if it matches the typed URL. In this example, the link does not point to a valpo.edu webpage.
For more information about phishing and how to protect yourself, see this OnGuardOnline.gov webpage.
The following is example text of this phishing scam:
from: (name removed)
date: Tue, Dec 17, 2013 at 11:31 PM
subject: Your e-mail box has reached its maximum of 25MB
ATTENTION WEB USER-MAIL
Your e-mail box has reached its maximum of 25MB of storage and its account will be disabled if you do not update it now. To update your web-mail account, please click the link below or copy and paste it into your browser and follow the instructions to upgrade to more storage space.
CLICK HERE: http://hhpast.com/forms/use/onlineupdateform... (URL modified)
Your account will remain active after you have successfully confirmed your account.