Phish of the Day

Today’s Phish

The following message is not real:

Dear client,
Your package has been successfully delivered.
The tracking# is : 61293150511865307217 and can be used at :

http://www.fedex.com/Tracking

The confirmation invoice can be downloaded, in PDF format, from :

Thank you,
© FedEx 1995-2013

*** This is an automatically generated email, please do not reply ***

Overview

Our email systems have been experiencing a high volume of fraudulent email messages asking users to provide account information by clicking a link and then entering personal account information on a web form, Google doc, or via email.  These attempts are known as “phishing” and are an identify theft attempt.

Important notes on phishing

  • HSPH Department of Information Technology will never ask you to send your password via e-mail or complete a web form asking for username and password of any system.  In fact, the HSPH IT Office does not know your password for any system.  If you forget your password to any system, we assist you with resetting it.
  • Most phishing attempts are caught by spam filtering; however, the attempts are constantly evolving and improving.  A few attempts do pass filtering.
  • HSPH IT reports known phishing attempts to both Harvard University Information Technology and Google (if a Google doc is involved for data collection).

I received a phishing email.  What do I do?

  • Delete the message.  Do not click any links or provide any information.
  • You may also forward the email to helpdesk@hsph.harvard.edu for reporting.

How do I tell if it is phishing?

  • Any message asking for your username and password is phishing and fraudulent.
  • Other clues to look for include:
    • Odd URLs that may contain HSPH or Harvard, but link to .com addresses
    • Poor grammar and misspellings
    • Poorly or incorrectly used HSPH or Harvard logos
    • Dramatic language about your account being closed, suspended, … “failure to respond will result in immediate account suspension”
    • Link to Google docs spreadsheet to provide personal information.

I was the victim of a phishing attempt.  I entered my data.  What do I do?

  • Change your passwords immediately for any affected account.
  • Please contact the HSPH Helpdesk for further guidance, 617-432-HELP.

Resources

This is a growing problem for email systems everywhere.  Below are some resources for further information on the issue:

Previous Phish of the Day