Personal tools
University Computing Service

Security and malware information

Phishing - they're after your account details

'Phishing' is an attempt to extract personal information including account details that can later be used for nefarious purposes.

1) Phishing for an email account

This is a copy of a scam message received by Cambridge users.

Date: Sat, 8 Aug 2009 05:23:00 -0700
From: Sandra Dudley <dudleys@[site-redacted].edu>
To: undisclosed-recipients:  ;
Subject: Mailbox Notice

Attn: Faculty/Staff/Students,

This message is from our Helpdesk Team to all webmail account owners.

We noticed that your webmail account has been compromised by spammers. It
seems they have gained access into our database and have been using it for
illegal internet activities.

The center is currently performing maintenance and upgrading its database.
We intend upgrading our Email Security Server for better online services.

To re-validate your mailbox and upgrade your account, please Click here

In order to ensure you do not experience service interruptions, please
upgrade your account to prevent it from being deactivated from our database.

Thank you for using our online services.
Sandra Dudley
For Helpdesk Team

In most email programmes, hovering a mouse over the "Click here" link in the message can reveal the scammers' link. Below is an image of the web page users found if they did click on the link. As you can see it is completely plain - no University branding/style, and the link in the browser title bar shows no link to the University.

phishing form

Unfortunately a depressingly large number of users used it and gave away their details (username, email address, password, real name). Only a few hours later scammers logged on to one of these accounts and used it to send more scam emails.

Do not reply to this type of message, and do not go to any web link they include. We will not ask for password details in an email, but we may ask you to change then if we believe your account has been compromised.

2) Phishing for details including National Insurance number

In March 2011 a scam message was sent to a large number of people at Cambridge. While it was targetted at students the scammers also included staff in their recipient list.

screenshot of the messag

The link went to a mock up of a Raven login page. Notice the differences - the extra fields the scammers wanted people to complete.

mock up of Raven login page

3) More phish to phry

Examples of other types of scam and phishing emails are also available to help you avoid becoming a victim of such online criminals.