Email phishing attacks

UD email users may see more phishing incidents, IT officials warn

TEXT SIZE

12:25 p.m., April 5, 2011--Last week’s data security breach at Epsilon, the world's largest permission-based email service, may have some indirect effects on University of Delaware email users, UD IT officials warn. 

This incident will have no direct effect on your UD email account; however, you may see more spam and phishing email. 

FYI Stories

June 6: UDid It! Picnic
All UD faculty and staff members are invited to attend the annual UDid It! employee appreciation picnic, set from 11 a.m.-1:30 p.m., Monday, June 6, on The Green.

2FA protects you
If you are using two-factor authentication (2FA), even if a hacker has your password, your information is probably safe.

According to Security Week and MSNBC, email addresses for customers of the following companies were exposed:

  • Target
  • Red Roof Inn
  • 1800Flowers.com
  • TiVo
  • Ameriprise Financial
  • US Bank
  • JPMorgan Chase
  • Capital One
  • Barclays Bank of Delaware
  • McKinsey & Company
  • Marriott Rewards
  • Ritz-Carlton Rewards
  • New York & Company
  • Best Buy
  • Walgreens
  • LL Bean
  • Kroger
  • Home Shopping Network (HSN)
  • Disney Destinations
  • Robert Half Technologies
  • The College Board.

In addition, some members of the UD community report that they have received warnings about the breach from other companies, notably Verizon and TIAA-CREF.

If you are a customer who has registered an email address with any of these companies, be on the lookout for an increase in spam and “phishing scams” in your email.

Can you tell the difference between a phishing scam and a legitimate warning notice about this breach? First, the legitimate notices do not include a link for you to confirm your account. Second, no legitimate organization will ever ask you reply to email with personal information. The warning sent by JP Morgan Chase provides a good summary:

  • Don't [send] your User ID or password in email.
  • Don't respond to e-mail that requires you to enter personal information directly into the e-mail.
  • Don't respond to e-mail threatening to close your account if you do not take the immediate action of providing personal information.
  • Don't reply to e-mail asking you to send personal information.
  • Don't use your e-mail address as a login ID or password.

(Source: Patricia O. Baker, senior vice president, JP Morgan Chase; “Please read important message about your email address,” email sent April 4, 2011.)

For more information, contact the company with whom you have registered an email address or see IT’s advice about avoiding phishing scams. To report a problem or concern, contact UD’s IT Support Center.

News Media Contact

University of Delaware
Communications and Public Affairs
302-831-NEWS
publicaffairs@udel.edu

UDaily is produced by
Communications and Public Affairs

The Academy Building
105 East Main Street
University of Delaware
Newark, DE 19716 | USA
Phone: (302) 831-2792
email: publicaffairs@udel.edu
www.udel.edu/cpa