We wanted to let you know that yet another email scam was sent to most of the campus last night – it’s another email size limit scam, and claims that you need to click a link to “re-validate” your mailbox, or in some cases to reply with your username and password so we can “reset” your email database.  These messages are phishing scams used to get your login information, which will be used by the scammers to hijack your email account (they’ll reset the password, set it to forward all incoming mail to another address of their choosing, and then use your account to send out huge amounts of further scam messages). This will result in the campus being blacklisted and unable to send email to major email providers for several day

So, please do not click the link or reply with your username and password – just delete the message.

This is the latest in a similar series of scams that have gone out at least once per month since late 2008, all of which claim your mailbox is over its size limit and ask you to click a link or reply with your login credentials.  There will likely be more of these, each with different wording and some more legitimate seeming than others – it’s important to be aware of these scams and always skeptical of messages which seem to come from ITS, but really don’t

Here are a few things you should keep in mind to help protect yourself and the college from email scams:

* We will never ask you for your username and password, especially in an email.
* Legitimate messages notifying you that you are over your size limit do go out – however, they are simply notifications and do not have any links to click.  If you see such a
message with a link, you should be immediately suspicious and contact us via phone if you’re unsure whether or not the message is legitimate.
* We post all official messages we send to the campus on our website.  While it’s easy for anyone to send a fake email and write whatever they want, then claim it is from
“system admininstrator” or “help desk” or “ITS”, they will not be able to fake a post on our website.  For example, you can check it right now and you will see a copy of this message posted there. (http://helpdesk.coloradocollege.edu)
* Here are a few common phrases used in phishing messages you should watch out for

“Please verify your account”
“If you don’t respond within 48 hours, your account will be closed / canceled”
“Click the link below to access your account”
“Click the link below to update your information”
“Click the link below to claim your prize”

For more information about how to protect yourself from scams, please see our webpage: http://helpdesk.coloradocollege.edu/index.php/tips-and-how-to/protect-your-computer/ the best defense will always be awareness of the issues involved!