The phishing scam artists continue to pelt the University of Arkansas with fraudulent messages meant to confuse or trick campus users into sending sensitive information, such as UARK account passwords, to the attacker. The scam message, sometimes known as a phishing scam, is notable as it appears to be a virus warning messsage and may be more effective in tripping up our users. Campus mail servers did detect that the message was suspicious and tagged the subject line with {SPAM?} to alert the reader of the message. The best thing to do with these messages is to delete them. An example of this new variation of a phishing is provided below.
Please remember that the University of Arkansas will _NEVER_ send a message to our clients asking for their account passwords or other sensitive data. If you should ever receive something like that appears to originate from us (or your bank or similar organizations), please be aware that it is most likely someone trying to scam access into your accounts. However, we will send out friendly notices to remind you to change your password every 90 days (approximately once a semester) via our PASSweb facility located at passweb.uark.edu
If you have any questions, please feel free to contact the IT Security Office via email (security@uark.edu) or via the IT Services Help Desk at 479-575-2905.
-----Original Message-----
From: uark.edu [mailto:someuser@ns.sympatico.ca]
Sent: Saturday, June 13, 2009 10:05 PM
To: user@uark.edu
Subject: {SPAM?} Virus Warning Notice!!!
A DGTFX virus has been detected in your folders
Your email account has to be upgraded to our new
Secured DGTFX anti-virus 2009 version to prevent
damages to our webmail log and your important
files.
Click your reply tab, Fill the columns below and
send back or your email account will terminated
to avoid spread of the virus.
USERNAME:
PASSWORD:
PHONE NUMBER:
DATE OF BIRTH:
webmail.uark.edu - Webmail Technical Team
Note that your password will be encrypted with
1024-bit RSA keys for your password safety.
