E-mails that appear to be from UNM may be from an imposter “phishing” for personal information.

Physics Department Information Analyst Tom Hess sent the department an e-mail Feb. 3, warning them of a WebCT e-mail scam. He said the e-mails claim to help students increase their WebCT mailbox quota.

“Don’t do it. It’s a trap,” he said in the e-mail.
The phony e-mail tells WebCT users their mailbox has “exceeded its storage limits” and must be revalidated before e-mails can be sent or received. Hess said in order to “revalidate” the mailbox, users must follow a link. The link is from a New Zealand-based server.

Hess said this is not the first e-mail scam to capitalize on UNM’s database.

“This is the latest one,” he said. “From time to time, we’ll get things claiming to be from UNM e-mail, and what they do is capitalize on people’s fear. It’s kind of ironic because they say that there is some sort of a security breach so people have to change their passwords.”

This process is known as “phishing” and is related to identity theft, Hess said.

He said the webpages are set up to look exactly like other login pages, so users type in their usernames and passwords, and then the server asks users to change it. The server then steals the users’ information.
“They’re trying to steal people’s information so that they can use that account for bad things,” he said.

In the online world, “phishing” is defined as the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft, according to Webopedia.com.

“Usually what they do is they trick someone, somewhere into doing this, and then they can get to all the people in that address book,” Hess said.

Information Technologies department is researching the issue, but has not found specific phishing e-mails, IT spokeswoman Vanessa Baca said. IT has not received spam reports from WebCT, and Baca said it is possible that the hoax e-mail was set up to look just like a UNM WebCT account page.

“About 95 percent of messages that come through UNM’s e-mail system and are filtered by IT are spam,” she said. “Like any other university or business entity, UNM unfortunately has its share of spam, phishing and malware scams sent by unscrupulous individuals outside the University.”

Hess said the scam’s sender must have figured out how to make it through IT’s spam filters.

“Anyone can send an e-mail, and they managed to make it through the spam filters,” he said. “The spam filters are good, and they’ve been improving them, but they’re not quite perfect.”
He advises typing links into your browser instead of clicking directly to them and calling IT with security questions or concerns.

Hess and Baca urge students not to open any attachments or follow links embedded into e-mail messages, because, generally, UNM will not send attachments or links.

“Normally, UNM won’t ask you to go to a different website to do those things,” Hess said. “If (the scammers) do give you a link, it’s usually not the link you think it is. It’s a link that’s disguised.”