Phishing Attempts

What is phishing?

Phishing messages are spammers’ attempts to obtain your username and password, either for direct financial gain or so that they can use your email account to send spam. As always, TIG is working to make sure these people can’t get such requests through to us, but it’s hard to predict what their next message will look like.

Don’t ever answer requests for passwords via email or telephone. Neither TIG nor IS&T will ever ask for your password in an email.

If you might have responded to a phishing attempt

• If you might have responded to a phishing attempt. Change your passwords ASAP
• These are the only web pages you should ever type a CSAIL password into. It’s a short list. And be very very careful about clicking on links, since a web page or email address might disguise the actual destination of a link (read the hints on that page.
• As of spring 2010, CSAIL maintains no quotas on IMAP account usage (only gentle nags)
• Account expiration is described on our Accounts and Authentication page under CSAIL account expiration – generally, your supervisor is involved. CSAIL email accounts typically do not expire even after you graduate and leave CSAIL, so a message saying your CSAIL email account is about to expire is definitely bogus.
• If in doubt, create a new message to help@csail.mit.edu or stop by 32-276.

Reporting/sharing phishing attempts with TIG

To report a phishing message, send it to phishing@csail.mit.edu. If at all possible, please either forward it (with full headers) as an attachment, or use your mail client’s “bounce” or “redirect” function to redirect the message, leaving the original headers intact. But if your mail client doesn’t make that easy, feel free to just forward the message in whatever way is convenient.

We very much appreciate phishing reports submitted this way; they let us be proactive about blocking future similar phishing attempts, and/or warning other people (besides you) who may have received the same phishing attack. However, when you submit a phishing attempt this way, we’ll generally assume you know it’s a phishing attempt and you don’t need any further help with it, so you probably won’t get a response. If you have questions or comments about a phishing message you’ve received (or something you think is legitimate, but aren’t sure), please contact help@csail.mit.edu in the normal way, and we’ll reply.

Examples

Here are examples of some of the messages:

From: CSAIL (mit.edu) Help Desk [helpdesk@csail.mit.edu]
Sent: Tuesday, August 06, 2013 7:25 AM
Subject: An unauthorized login attempt was blocked.

--
Attention!

We detected a login attempt with valid password to your csail.mit
webmail account (csail.mit.edu) from an unrecognized device on Tuesday, 
August 6th, 2013 15:03 WAT.  Location: Nigeria (IP=41.190.3.105) Note: The 
location is based on information from our Internet service or wireless provider.

Was this you? If so, you can disregard the rest of this email.

If this wasn't you, please follow our Spam Assassin filter link below
to protect your account information from potential future account compromise.

By clicking:  http://<LINK-REMOVED>

You are mandated to enter your account information on our spam assassin filter 
link as provided to you, this will help protect and increase the security
of your account information.

Sincerely,
CSAIL (mit.edu) Help Desk

Attn: Faculty/Staff/Students,
                                                   
This message is from MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) 
Computing Support (TIG) to all Faculty, Staff and Students using the CSAIL Webmail accounts.

We noticed that the CSAIL Webmail accounts has been compromised byspammers. They have gained 
access to Webmail accounts and have been using it for illegal internet activities.

Computing Support is currently performing maintenance and upgrading it's database. We intend 
upgrading our Email Security Server for better online services.

It is strongly recommended you send to this office your account information immediately to enable 
TIG reset your account. You be sent a new confirmation alphanumerical password.
Please provide the following information-           
*Username:           
*Password:    
*Alternate email:

From: MIT CSAIL Support Team [help-desk@csail.mit.edu]

----Computer Science and Artificial Intelligence Laboratory Support Team-----

Dear CSAIL Webmail User,

Your CSAIL WebMail Account will be deactivated if you do not verify that
your CSAIL WebMail Account is still in use. Due to excess abandoned
CSAIL WebMail Account in our database.

To Verify, provide your CSAIL WebMail Account Username and Password,

Username: (......@csail.mit.edu) Password (........) Future Password (........)

Thank you for using CSAIL.

----©2010, Massachusetts Institute Of Technology. All rights reserved---

Dear MIT.EDU Email Account Owner,

This message is from MIT.EDU messaging center to all MIT.EDU email account owners. We are 
currently upgrading our data base and e-mail account center. We are deleting all unused MIT.EDU 
email account to create more space for new accounts.

To prevent your account from closing you will have to update it below so that we will know that 
it's a present used account.

CONFIRM YOUR EMAIL IDENTITY BELOW

Email Username :
EMAIL Password :
Address        :
Department     :

Attention!!! Account owner that refuses to update his or her account within Seven days of 
receiving this Notification will lose his or her account permanently.
Thank you for using MIT.EDU!

Notification Code:VX2G99AAJ
Sandra Dubois

ONLINE SERVICES

Dear E-mail Users,

 The new Mit™ Webmail is a fast and light-weight appliction to quickly and
easily access your e-mail. We are currently

upgrading our data base and e-mail center. We are deleting Mit™ Webmail to
create more space for
new email.

 To prevent your email from closing you will have to update it below so that
we will know that it's a present used email.

***********************************************
CONFIRM YOUR EMAIL IDENTITY BELOW
User ID:        ......... .....
E-mail Password : ...............
Secret Question : ...............
Secret Answer   : ...............
***********************************************

 Warning!!! Account owner that refuses to update his or her account within
Seven days of receiving this warning will lose his

or her account permanently

 Thank you for using Mit™ Webmail!
Access Number:  859480KBM

Thanks,
Mit™ Webmail Center
https://webmail.mit.edu

Attention E-Mail Account Holder,

We are currently performing maintenance for our Digital mail Account
owners due to the rate of internet passwords and other informations
thieves. And we discovered that our mail account owners have been
receiving phishing mails form imposters asking for their personal
informations. We intend upgrading our Digital mail Security Server for
better online services.

In order to ensure you do not experience service interruption, Please
you must reply to this email immediately and enter your MIT Kerberos
username here (               )and password here (             ) for
security reasons and Check out your new features and enhancements
with your new and improved mail account. To enable us upgrade your
Account for better online services please reply to this mail.

NB: We request your username and password for Identification purpose
only.

MIT E-mail Technical Informations Department.

        © MIT Limited, 2003 - 2008 ABN: 31 088 377 860
           Terms and Conditions | Privacy Policy

Dear Csail.mit.edu User

It was noticed that you have exceeded your Email Quota Limit of 450 MB
and you need to expand your quota. In less than 48hours if you haven't
upgrade your Email Quota Limit, your email account will be desable.

To expand your email quota limit use the below email quota link:

http://www.123contactform.com/contact-form-flames-113733.html


Thank you for your understanding.
Copyright ©2010 Admin Helpdesk Support Webmail Centre.

From: MIT Computer Science and Artificial Intelligence Laboratory <ba20961@seeu.edu.mk>
Date: Thu, Jun 18, 2015 at 5:10 PM
Subject: Emergency Alert
To:


Dear Webmail User,

An Attempt has been made to log in your webmail account from a new
computer. For the security of your account, we are poised to open a query,
until you prove email ownership. Kindly copy or click the link 
http://uy.verifys.sweb.cz/ to verify your location.

Do not ignore this message to avoid termination of your web account.

Thank you.
MIT Computer Science and Artificial Intelligence Laboratory, security Alert.

From: CSAIL WebMail <nb17409@seeu.edu.mk>
Date: Mon, Jul 20, 2015 at 11:13 AM
Subject: Email Notification Alert
To:


Your account was just used to sign in from Chrome on Windows, you cannot
send email
due to over-frequent operations or suspicious behavior,please click here
<http://emmv.ic.cz/> for prove of ownership


Windows
Monday, July 20, 2015 8:55 AM (GMT)
Chrome


Why are we sending this? We take security very seriously and we want to
keep you in the loop on important actions in your account.
We were unable to determine whether you have used this browser or device
with your account before.
This can happen when you sign in for the first time on a new computer,
phone or browser, when you use your browser's incognito or private
browsing mode or clear your cookies, or when somebody else is accessing
your account.
Best,

CSAIL Webmail Accounts Team
This email can't receive replies. To give us feedback on this alert, click
here <http://emmv.ic.cz/> or click the link above.