“Never share your password with anyone.” It’s as straightforward as Information Technology Services Director Debbie Jones can get, following a phishing e-mail sent out to Western account holders yesterday.
“Never respond if an e-mail asking you for your password, even if it looks legitimate,” says Jones. “ITS would never ask you for your password. It is the key to your electronic identity here at Western, and you should be the only one with that key.”
The latest phishing e-mail indicated there was an error in your Western webmail account, and that your address, password and telephone number were needed to avoid losing your account.
Jones says in the last two months several Western employees have been fooled by phishing e-mails, adding they are becoming more and more sophisticated.
“This particular phishing attempt was very poorly done, but still managed to catch some people,” she says, adding 19 individuals responded to this latest attempt.
“The good news is that this same ‘phisher’ had targeted Western last month and we had the site blocked. So no one at Western actually had their account compromised – with their reply ending up at our security office.”
The first red flag, adds Jones, was the request for a password. It also claimed to come from ‘ITS Helpdesk,’ but in the ‘sent from’ address line it was clear it was not an @uwo.ca address. Another clue should be the poor wording and grammatical errors.
Jones was also pleased that a record high number of individuals reported the phishing attempt to ITS.
If you ever receive an e-mail that looks suspicious, you should first check the ITS website and check the ‘Known Phishing Attempts’ link.
If the message you received is already posted as a known Phishing attempt, you should
delete it. If it is not posted yet, ITS asks you to send a copy of the e-mail (with Full Headers) to phishing@uwo.ca and then delete it. ITS will block and post this e-mail to the ‘Known Phishing Attempts’ link.
Jones says if you are caught by a phishing attempt and give away your password, your account will most likely be used to SPAM other sites. For doing this, the person in control often changes your e-mail settings, such as forwarding, and if they need more disk space will delete your e-mail.
“The person controlling your account also has the ability to use your password for other attempts at access,” adds Jones. “Though this is not as often their intent, it represents a risk to you.”