Search Type
Password Stealing Attempts Continue Update Archived
Thieves continue making repeated attempts to steal account passwords with deceptive email messages. The messages claim to be from the Queen's Team, Customer Service, or other like groups, and ask you to send your password and possibly other personal information.

Often there is a threat to deactivate or delete the mail account if you don't reply quickly. Some of the messages are obviously fraudulent, but others are tailored to Queen's and can be quite convincing. Stolen accounts are often used to send spam mail, resulting in a lot of time wasted in cleanup and responding to complaints.

These messages are not from Queen's University. Queen's will not ask you to provide passwords by e-mail. Genuine account notices from Queen's ITServices will always be signed with the name of a person in the department. If you are uncertain whether a message is genuine, please look for a news item or notification on the ITServices Web site (http://www.queensu.ca/its), or telephone Queen's IT Support Centre at 613.533.6666 to confirm.

We recommend that, if you receive an unsolicited e-mail or you are unsure of the sender, you do not reply, do not click any links contained within it, and do not open any attached files. Those actions have been known to infect computers with malicious software.

If you receive an e-mail that claims to be from the University and asks for your Net ID and password, forward it, with all headers and the entire message, to abuse@queensu.ca (undergraduate students will find instructions for expanding headers at http://www.queensu.ca/its/email/undergraduate/tutorials/headers.html and faculty/staff/graduate students will find instructions for expanding headers at http://www.queensu.ca/its/email/staffandfaculty/tutorials/headers.html ).

If you do mistakenly reply with your password, change your password immediately, using the ITServices password change at https://netid.queensu.ca/

Fraudulent e-mail claiming to be sent by outside agencies (PayPal, Bank of Nova Scotia, for example) should be reported directly to the company.

See http://www.queensu.ca/its/security/EducationAndAwareness/phishing.html for additional information and advice about these kinds of attacks.
  • Publish Date: June 17, 2013 16:23
  • Channels:
  • IT Support Centre