People keep reporting emails that say something like:
Dear network user, Your account has violated a quota and will be turned off. To avoid this, email your login name and password to somebody@somewhere.com.Signed, wou.edu administrator
To us geek types, this is obviously a scam. I just keep getting reminded that other people don't instantly spot this for what it is, even when it tells them to send their info to a non-WOU address. It can be even harder to spot when the From: address on the email is something like admin@wou.edu, or the message tells you to go to a link that looks like it's on our website but actually goes elsewhere.
So really what we need are some general rules of thumb. The first and most obvious is never, ever, ever, EVER put your password into an email message. Never. And did I mention never? Of course this means we UCS folks should never ask someone for their password except in person -- we really don't even want to get users in the habit of saying their password over the phone.
Another rule of thumb would be never trust emails from generic addresses. When we send messages out, they'll have a specific name on them, not just "admin@wou.edu" or some such.
If we agree on this among ourselves and communicate it to users, hopefully that'll help everybody.
Leave a comment