What is phishing?
Phishing messages are spammers’ attempts to obtain your username and password, either for direct financial gain or so that they can use your email account to send spam. As always, TIG is working to make sure these people can’t get such requests through to us, but it’s hard to predict what their next message will look like.
Don’t ever answer requests for passwords via email or telephone. Neither TIG nor IS&T will ever ask for your password in an email.
If you might have responded to a phishing attempt
- If you might have responded to a phishing attempt. Change your passwords ASAP
- These are the only web pages you should ever type a CSAIL password into. It’s a short list. And be very very careful about clicking on links, since a web page or email address might disguise the actual destination of a link (read the hints on that page.
- As of spring 2010, CSAIL maintains no quotas on IMAP account usage (only gentle nags)
- Account expiration is described on our Accounts and Authentication page under CSAIL account expiration – generally, your supervisor is involved. CSAIL email accounts typically do not expire even after you graduate and leave CSAIL, so a message saying your CSAIL email account is about to expire is definitely bogus.
- If in doubt, create a new message to firstname.lastname@example.org or stop by 32-276.
Reporting/sharing phishing attempts with TIG
To report a phishing message, send it to
If at all possible, please either forward it (with full headers) as an
attachment, or use your mail client’s “bounce” or “redirect” function
to redirect the message, leaving the original headers intact. But if
your mail client doesn’t make that easy, feel free to just forward the
message in whatever way is convenient.
We very much appreciate phishing reports submitted this way; they let us be proactive about blocking future similar phishing attempts, and/or warning other people (besides you) who may have received the same phishing attack. However, when you submit a phishing attempt this way, we’ll generally assume you know it’s a phishing attempt and you don’t need any further help with it, so you probably won’t get a response. If you have questions or comments about a phishing message you’ve received (or something you think is legitimate, but aren’t sure), please contact email@example.com in the normal way, and we’ll reply.
Here are examples of some of the messages:
From: CSAIL (mit.edu) Help Desk [firstname.lastname@example.org] Sent: Tuesday, August 06, 2013 7:25 AM Subject: An unauthorized login attempt was blocked. -- Attention! We detected a login attempt with valid password to your csail.mit webmail account (csail.mit.edu) from an unrecognized device on Tuesday, August 6th, 2013 15:03 WAT. Location: Nigeria (IP=188.8.131.52) Note: The location is based on information from our Internet service or wireless provider. Was this you? If so, you can disregard the rest of this email. If this wasn't you, please follow our Spam Assassin filter link below to protect your account information from potential future account compromise. By clicking: http://<LINK-REMOVED> You are mandated to enter your account information on our spam assassin filter link as provided to you, this will help protect and increase the security of your account information. Sincerely, CSAIL (mit.edu) Help Desk
Attn: Faculty/Staff/Students, This message is from MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) Computing Support (TIG) to all Faculty, Staff and Students using the CSAIL Webmail accounts. We noticed that the CSAIL Webmail accounts has been compromised byspammers. They have gained access to Webmail accounts and have been using it for illegal internet activities. Computing Support is currently performing maintenance and upgrading it's database. We intend upgrading our Email Security Server for better online services. It is strongly recommended you send to this office your account information immediately to enable TIG reset your account. You be sent a new confirmation alphanumerical password. Please provide the following information- *Username: *Password: *Alternate email:
From: MIT CSAIL Support Team [email@example.com] ----Computer Science and Artificial Intelligence Laboratory Support Team----- Dear CSAIL Webmail User, Your CSAIL WebMail Account will be deactivated if you do not verify that your CSAIL WebMail Account is still in use. Due to excess abandoned CSAIL WebMail Account in our database. To Verify, provide your CSAIL WebMail Account Username and Password, Username: (......@csail.mit.edu) Password (........) Future Password (........) Thank you for using CSAIL. ----©2010, Massachusetts Institute Of Technology. All rights reserved---
Dear MIT.EDU Email Account Owner, This message is from MIT.EDU messaging center to all MIT.EDU email account owners. We are currently upgrading our data base and e-mail account center. We are deleting all unused MIT.EDU email account to create more space for new accounts. To prevent your account from closing you will have to update it below so that we will know that it's a present used account. CONFIRM YOUR EMAIL IDENTITY BELOW Email Username : EMAIL Password : Address : Department : Attention!!! Account owner that refuses to update his or her account within Seven days of receiving this Notification will lose his or her account permanently. Thank you for using MIT.EDU! Notification Code:VX2G99AAJ Sandra Dubois ONLINE SERVICES
Dear E-mail Users, The new Mit™ Webmail is a fast and light-weight appliction to quickly and easily access your e-mail. We are currently upgrading our data base and e-mail center. We are deleting Mit™ Webmail to create more space for new email. To prevent your email from closing you will have to update it below so that we will know that it's a present used email. *********************************************** CONFIRM YOUR EMAIL IDENTITY BELOW User ID: ......... ..... E-mail Password : ............... Secret Question : ............... Secret Answer : ............... *********************************************** Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently Thank you for using Mit™ Webmail! Access Number: 859480KBM Thanks, Mit™ Webmail Center https://webmail.mit.edu
Dear Csail.mit.edu User It was noticed that you have exceeded your Email Quota Limit of 450 MB and you need to expand your quota. In less than 48hours if you haven't upgrade your Email Quota Limit, your email account will be desable. To expand your email quota limit use the below email quota link: http://www.123contactform.com/contact-form-flames-113733.html Thank you for your understanding. Copyright ©2010 Admin Helpdesk Support Webmail Centre.
From: MIT Computer Science and Artificial Intelligence Laboratory <firstname.lastname@example.org> Date: Thu, Jun 18, 2015 at 5:10 PM Subject: Emergency Alert To: Dear Webmail User, An Attempt has been made to log in your webmail account from a new computer. For the security of your account, we are poised to open a query, until you prove email ownership. Kindly copy or click the link http://uy.verifys.sweb.cz/ to verify your location. Do not ignore this message to avoid termination of your web account. Thank you. MIT Computer Science and Artificial Intelligence Laboratory, security Alert.
From: CSAIL WebMail <email@example.com> Date: Mon, Jul 20, 2015 at 11:13 AM Subject: Email Notification Alert To: Your account was just used to sign in from Chrome on Windows, you cannot send email due to over-frequent operations or suspicious behavior,please click here <http://emmv.ic.cz/> for prove of ownership Windows Monday, July 20, 2015 8:55 AM (GMT) Chrome Why are we sending this? We take security very seriously and we want to keep you in the loop on important actions in your account. We were unable to determine whether you have used this browser or device with your account before. This can happen when you sign in for the first time on a new computer, phone or browser, when you use your browser's incognito or private browsing mode or clear your cookies, or when somebody else is accessing your account. Best, CSAIL Webmail Accounts Team This email can't receive replies. To give us feedback on this alert, click here <http://emmv.ic.cz/> or click the link above.