“Dear Webmail Subscriber,” “Confirm Your Web Mail,” and “Upgrade Your Account!” These subjects lines were in recently received email messages attempting to get me to click on a bogus link or respond with my username and password. Had I done so, an attacker would have easy access to my email account.
Email is one of the most frequently used venues for cyber attacks. It is fertile ground for cyber criminals and a vulnerability for most organizations because of unwitting end users.
At MIT, we see a lot of unwanted email in our inbox. Even with filtering and blacklisting tools on our email system, some of these dangerous messages still come through. Generally, the fraudulent message appears as if it is from email administrators of MIT and, like the examples mentioned above, tries to get you to click on a dangerous link or asks you to supply the login credentials to your web mail account.
The IS&T Help Desk has seen an increase in incidents related to users falling for these types of phishing scams. As a result, MIT email accounts become compromised and then large amounts of spam is sent from those compromised accounts by the criminals.
If an MIT account becomes compromised, the first recommendation we give is to change and strengthen the Kerberos password that protects the account.
Learn more in the Knowledge Base: What to do if your email account is compromised.