Webmail users should beware of an e-mail phishing scam targeting the UNM online community.

The recent phishing e-mails began appearing last Tuesday claiming to be from UNM Account Billing, asking students for their username, password and date of birth.
Students should be cautious about revealing information through e-mail, said IT Communication Specialist Vanessa Baca. She said UNM will never ask for that information over the Internet.

“If people do respond to a phishing e-mail, unfortunately the most frequent information that they reveal are NetIDs, passwords, Social Security numbers or other such personal identification that can be used for identity theft purposes,” she said. “IT never asks for passwords or Social Security numbers in e-mail messages, so e-mail users should know that.”

Mike Carr, IT Chief Information Security Officer, said Internet scammers pick University e-mails as easy targets and are gathered through Internet databases.
“Most universities are more open than the private industries are so, subsequently, a lot of spammers will target e-mails that end with .edu,” he said. “There have been a lot of occasions where student e-mail addresses have been harvested through Facebook and Myspace and there is actually an industry of buying and selling e-mail addresses.”

Fixing the problem is not as simple as one might think, Carr said. Although the Webmail system does have spam filters, it is impossible to weed out every illegitimate message.
“The risk that we run if we turn up our spam appliance to try to weed out more and more of these phishing e-mails is that we will block legitimate e-mails,” he said. “The spam e-mails don’t just put up its hand and say ‘I’m spam e-mail.’”

The best resistance to spam is informing the recipients of its presence and danger, Baca said.

“IT has strong spam filters, which are consistently maintained and upgraded, and this will help keep phishing e-mails at a minimum,” she said. “Part of what IT does, in addition to maintaining these strong filters, is to inform and educate about how to deal with phishing e-mails and suspected spam.”
Carr said he wanted to make it clear that the spamming issue is unrelated to the recent portal upgrade.

“They are related in the fact that through the portal a lot of students can check their e-mail, but one change doesn’t affect the other and there has been no change to the spam appliance,” he said. “There is always going to be a fluctuation up and down in the increase and decrease of spam.”
The fight is an ongoing process, Carr said, because spammers are becoming increasingly crafty.

“As we get more sophisticated at blocking them, they get more sophisticated at sending them,” he said. “The more people are aware, the better off we will all be.”
Students are encouraged to be wary of e-mails from unknown senders, Baca said, and to take measures to protect their information.
“If you receive an e-mail from an unknown person or source, don’t open it. If you do open the message, don’t click on any links that are included in the message, and don’t open any attachments,” she said.

Forward suspected spam messages to spamdrop@unm.edu

DESIGN: this is what the e-mail looked like.

Dear University of New Mexico account users,
We are currently verifying our subscribers email accounts in order to increase the Efficiency of our webmail features. To Join in the Recent Upgrade Taking Place at University of New Mexico Webmail, You must Reply to this email by Confirming your account details below.
UserName:
Password:
Date Of Birth:
Failure to do this will immediately render your Web-email address deactivated from our database. Thanks for using University of New Mexico webmail service.
UNM Account Billing.