SECUIRTY ALERT: Phishing scam originating from compromised SM论坛 accounts

Earlier this evening (Wednesday, 9/30), CSIT was alerted to he wide distribution of a phishing scam to SM论坛 mailboxes.  Instances of the same phishing scam message originated from two compromised SM论坛 accounts, bypassing filters which might have otherwise prevented the messages from being delivered.

The phishing messages included the Subject line 鈥�Nebraska Wesleyan University Email Verification !!!鈥� while the body of the message pretended to report that the recipient鈥檚 email account had been accessed from 鈥渁nother computer鈥� and was therefore suspect.  The message went on to demand that the recipient validate their email by following a link embedded in the message.  It was signed as coming from Nebraska Wesleyan University ITS Help-desk and included a copyright notice.

Cautious reader would recognize in the message bad grammar, random characters in the text and an unfamiliar source for such an alert.  They might also have wondered why access to their email accounts from multiple computers was in itself suspect.  More telling was that the target of the embedded link was hosted on GoDaddy.com and not within the SM论坛 domain.

We have secured the compromised accounts from which these phishing scams originated and have made an effort to remove the scam email from SM论坛 mailboxes.  If you received such a message before seeing this alert and did not act on it, then you need do nothing more than delete the message.  If, however, you followed the embedded link AND entered any information on the web page to which it took you, then please contact CSIT immediately 鈥� the security of your SM论坛 account may be at risk.

Thanks to all those who reported this phishing scam and to everyone for your continuing caution in handling your SM论坛 email.