A-to-Z Index

Computing Homepage

Computing HelpDesk

Hours:
Mon-Thu: 8:00am - 9:00pm
Friday: 8:00am - 5:00pm
Saturday: Closed
Sunday: 3:00pm - 9:00pm
(when classes are in session)

Exceptions:
Follows JMU's schedule for inclement weather
Exceptions for Academic Year 2011-2012

Hot Topic 20080530




Higher education passwords under attack ( 05/30/08 )

UNDER NO CIRCUMSTANCE WILL JMU EVER ASK FOR YOUR PASSWORD VIA EMAIL. DO NOT PROVIDE IT REGARDLESS OF CIRCUMSTANCE.

Over the past several months, many higher education organizations, including JMU, have been the target of criminals fishing for university passwords. These attacks are ongoing and we have no reason to expect them to go away any time soon.

The attacks come in the form of  e-mail messages pretending to be from various university support and technology organizations. They use various ruses to convince the recipients to give up their university account passwords. They may say the e-mail system is undergoing maintenance. They may say the recipient's computer was seen spreading viruses. They may say the recipient's account has been compromised.

UNDER NO CIRCUMSTANCE WILL JMU EVER ASK FOR YOUR PASSWORD VIA EMAIL. DO NOT PROVIDE IT REGARDLESS OF CIRCUMSTANCE.

Most of the attacks thus far have asked the recipients to reply to the message and include the requested information in the reply. A few attacks have links in the message that lead to a fake university web site that asks for the information similar to the bank phishing messages that have been seen for years. Defensive measures are similar.

NEVER TYPE YOUR JMU PASSWORD INTO A WEB SITE YOU ARE UNFAMILIAR WITH. DO NOT TYPE IT INTO WEB SITES LED TO BY LINKS IN EMAIL. USE TRUSTED JMU WEB ADDRESSES YOU HAVE PREVIOUSLY VISITED OR THAT ARE PUBLISHED ON A TRUSTED JMU WEB SITE.

Many of the attacks thus far have been poorly worded, use addresses that are obviously fake, or otherwise contain content that reveal the fraud. But they are getting more sophisticated. Many have used JMU addresses. Some have used JMU images and logos. Some reference actual university departments and organizations. It is just a matter of time before they start referring to real people or events that are public information.

Any technical maintenance or information security issues affecting campus services will be posted on the JMU computing page at www.jmu.edu/computing. Verify any received messages with information posted there.

If you have provided your password, it is important that you follow JMU eID Account Recovery Steps to protect your information and JMU resources.

UNDER NO CIRCUMSTANCE WILL JMU EVER ASK FOR YOUR PASSWORD VIA EMAIL. DO NOT PROVIDE IT REGARDLESS OF CIRCUMSTANCE.