Spam/phishing/mail delivery problems (Apr 2013)
One ECE user's account was compromised after divulging his/her password in a phishing attack. The compromised account was used to send spam through the ECE mail server for several hours on the morning of April 15, until we disabled the account.
As a result of this incident, mail from ECE is currently being rejected by some e-mail providers, including GMail, Hotmail, and Comcast. Until the ECE mail server is removed from these blacklists, you may need to find alternate ways of corresponding with users on those mail systems.
Anti-Phishing Advice
Please do your part to keep your password safe, as a security breach can impact all users in the department. In particular,
- Any e-mail announcement regarding your ECE account should cross-reference a website with *.ece.ubc.ca in the URL. You should be suspicious of any message that does not.
- Any notice regarding your account will be signed by a named member of ECE IT Services staff, never from a generic entity such as "Your ece.ubc.ca webmail team".
- Never reveal your password to any person. ECE IT Services staff will never ask you for your password.
- All legitimate ECE services will use encrypted connections for logging in. (HTTPS, SSH, and IMAPS are examples of secure protocols.) Any service that asks you to enter your ECE password over an unencrypted HTTP connection or to send your password by e-mail is fraudulent.
- If in doubt about a suspicious message purporting to be from ECE IT Services, we encourage you to ask us.
- Sample Phishing email. Notice that it could have been crafted better to show it was sent from it@ece.ubc.ca. Also notice the Web link ends in webs.com (normally they conceal this part but the can not conceal the link). Just hover your mouse over the link and your browser should show you the real link. Any email from us, will have a web link to ece.ubc.ca in it.
Help Desk@IlohaMail <david-oscar@stofanet.dk> -- Attention to all IlohMail users,
We wish to inform you that an HTK4S virus has been detected in your E-mail folder and your IlohMail account must be updated to our new F-Secure Anti-virus/HTK4SR Anti-Spam (April ) 2013 to prevent damage to all our registered Emails and documents important .
To upgrade your IlohMail account Click Here
Upgrade: http://verify_ece_ubc_ca.webs.com/
Fill the columns inside the page and click Submit and your IlohMail account will be upgraded automatically.
Warning!!! All IlohMail owner that refuses to update his or her IlohMail within two days of receiving this warning will lose his or her Email permanently.
Thanks for your co-operation
Sincerely,
IlohMail Communication Team
©2013 Communications Corporation. All Rights Reserved.
========================================
Another example quoting our website, but no signature and the site is not encrypted. Notice use of admi@ece so user's possible attempt to contact local admin would not go anywhere.
From: Mail Admin <admi@ece.ubc.ca>
Date: 21 May, 2013 1:45:06 PM PDT
To: undisclosed-recipients:;
Subject: You have exceeded the storage limit on your mailbox
dear subscriber
We are currently conducting a process of maintenance of all accounts email. to complete this, you must reply to this e-mail immediately and use the link below to validate your account anti-spyware and spam e-mails.
This process will help us fight spam messages. failure Update your account in the link above, make your email address active in our database.
Thank you for your understanding
Sincerely, Mail Admin ece.ubc.ca Service Account Management Team. Thank you for your cooperation.