Computer Services logo

 
Memorandum

 
To: The University Community
From:
 Ken Ihrer,
Chief Information Security Officer
Date:
April 28, 2008
Subject:
 Be Aware of Continuing Phishing Scams

As an ongoing reminder, the University continues to experience “phishing” attacks. I would like to reiterate that Computer Services is diligently working to shutdown each of these attacks as soon as they are discovered. For your information, I would like to point out a few ways of identifying a phishing scam.

Many phishing scams look legitimate because they actually copy our web page and graphics to create an illegitimate site. In one of the latest attacks we received, a web site that contained our TUmail login page was posted. How can you tell that the site is not a legitimate Temple web page? Move your mouse over the link in the email message and you will see a Universal Resource Locator (URL) or address of a non-Temple site. If you were to click on that link, it would actually bring you to the location of a non-Temple server. This can be verified by looking in the address bar of your web browser and seeing that the site is not a temple.edu site.

The other method of attack that we received over the past few days is a request for information by email. These attacks usually spoof (fake) the “From” address to make it appear as if it came from a Temple email account. However, when you select “reply,” you will notice that the reply address is not destined for a Temple email address.

These are just two of many ways that criminals use to try and steal our information. They may also call you on the phone and pretend to be someone from Computer Services. As a reminder, Computer Services will never ask you for your password or complete Social Security number. Do not give this information to anyone. Furthermore, if you are concerned about an email that you received, it is better to be safe than sorry. Contact the Help Desk (215-204-8000) or forward the email to abuse@temple.edu and we will let you know if the message is legitimate or a phishing scam.

Please remember that your primary defense against a hacker is a strong password. Computer Services is in the process of rolling out a new initiative called TUsecure. TUsecure will require you to choose a strong password and you will also be prompted to change your password every 180 days (or every 90 days for mainframe users). Information about the TUsecure initiative is available at www.temple.edu/tusecure.

 
.