Security Reminder – Watch for Malicious E-Mail Messages

In October of this school year, we posted a reminder to all users to be on the lookout for malicious email messages. At the time we posted that information, most of the malicious emails were trying to direct the user to a website where they would enter their username and password. This allows the scammers to get your login information. In response to this form of scam, the IT Department has implemented some measures to try and protect usernames and passwords from being gathered in this way.

Lately, we’ve noticed a change in the pattern of the malicious emails. It seems that fewer and fewer people are lured to websites through emails with alarming messages. So, the scammers are changing their tactics. Now we are seeing more messages where the user is asked to email their information. Here is an example of a message recently received (note: links have been disabled in this sample message):

SUBJECT: Upgrade your Email Account

Dear sd62.bc.ca Subscriber,

We would like to inform you that we are currently carrying out scheduled maintenance and upgrade of our web-mail service and as a result our email client has been changed and your original password will be reset. We are sorry for any inconvenience caused. To complete your sd62.bc.ca email account, you must reply to this email immediately and enter your password here (*********)

***********************************************************

CONFIRM YOUR EMAIL IDENTITY BELOW
E-mail User-name : ......... .....
E-mail Password : ...............
Date of Birth : ................
Country or Territory : .........

***********************************************************

Failure to do this will immediately render your email address deactivated from our database.

You can also confirm your email address by logging into your sd62.bc.ca account at https://exchange.sd62.bc.ca/owa/auth/logon.aspx

Thank you for using sd62.bc.ca webmail!

Computing and Telecommunication Services Team ©2014.

What makes this message SEEM more legitimate is the fact that the links in the original email message connected back to our legitimate SD62 servers. If you followed those links, you’d be taken back to the SD62 website or the Outlook for Web mail system for our district. The scammers hope that when you click on a link and see the district’s webpage, you’ll think that the message is legitimate and reply with your information.

Remember, the IT Department will never ask you to login to confirm your information, and we will never ask you to send us your username and password in reply to an email. As always, if you’re not sure about whether a message is legitimate or not, feel free to call Kathy or Jennifer at the Help Desk at 250-474-9875. Thanks for doing your part to help keep your user account, and our district’s networks safe.

About Graham Arts

District Principal of IT
This entry was posted in Monthly Update. Bookmark the permalink.