Spam/phishing/mail delivery problems (Apr 2013)

From ECE Information Technology Services
Revision as of 15:24, 19 September 2013 by Roozbeh (talk | contribs) (→‎Anti-Phishing Advice)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

One ECE user's account was compromised after divulging his/her password in a phishing attack. The compromised account was used to send spam through the ECE mail server for several hours on the morning of April 15, until we disabled the account.

As a result of this incident, mail from ECE is currently being rejected by some e-mail providers, including GMail, Hotmail, and Comcast. Until the ECE mail server is removed from these blacklists, you may need to find alternate ways of corresponding with users on those mail systems.

Anti-Phishing Advice

Please do your part to keep your password safe, as a security breach can impact all users in the department. In particular,

  • Any e-mail announcement regarding your ECE account should cross-reference a website with * in the URL. You should be suspicious of any message that does not.
  • Any notice regarding your account will be signed by a named member of ECE IT Services staff, never from a generic entity such as "Your webmail team".
  • Never reveal your password to any person. ECE IT Services staff will never ask you for your password.
  • All legitimate ECE services will use encrypted connections for logging in. (HTTPS, SSH, and IMAPS are examples of secure protocols.) Any service that asks you to enter your ECE password over an unencrypted HTTP connection or to send your password by e-mail is fraudulent.
  • If in doubt about a suspicious message purporting to be from ECE IT Services, we encourage you to ask us.
  • Sample Phishing email. Notice that it could have been crafted better to show it was sent from Also notice the Web link ends in (normally they conceal this part but the can not conceal the link). Just hover your mouse over the link and your browser should show you the real link. Any email from us, will have a web link ending in in it.

======= Note: in the original email, the link was concealed under CLICK HERE:
======= also notice that on pages, it reports "you can also create free websites".
Attention: Webmail User,

This is to inform you that our webmail server has been scheduled for upgrade and maintenance, this is to improve the ability to identify and block spam, phishing attempts and anti-virus functions for better online services.

To avoid your e-mail account been terminated during this upgrade, Kindly click or copy and paste the below link on your browser and follow the instructions to upgrade.


Your Email access will be disable if you fail to comply with the above.

We do apologize for any inconvenience caused.

Thanks System Administrator


Help Desk@IlohaMail <> -- Attention to all IlohMail users,

We wish to inform you that an HTK4S virus has been detected in your E-mail folder and your IlohMail account must be updated to our new F-Secure Anti-virus/HTK4SR Anti-Spam (April ) 2013 to prevent damage to all our registered Emails and documents important .

To upgrade your IlohMail account Click Here


Fill the columns inside the page and click Submit and your IlohMail account will be upgraded automatically.

Warning!!! All IlohMail owner that refuses to update his or her IlohMail within two days of receiving this warning will lose his or her Email permanently.

Thanks for your co-operation


IlohMail Communication Team ©2013 Communications Corporation. All Rights Reserved. ========================================

 Another example quoting our website, but no signature and the site is not 
 encrypted. Notice use of admi@ece  so user's possible attempt to contact 
 local admin would not go anywhere.

From: Mail Admin <>
Date: 21 May, 2013 1:45:06 PM PDT
To: undisclosed-recipients:;
Subject: You have exceeded the storage limit on your mailbox

dear subscriber

We are currently conducting a process of maintenance of all accounts email. to complete this, you must reply to this e-mail immediately and use the link below to validate your account anti-spyware and spam e-mails.

This process will help us fight spam messages. failure Update your account in the link above, make your email address active in our database.

Thank you for your understanding

Sincerely, Mail Admin Service Account Management Team. Thank you for your cooperation.