Disclaimer Added to Suspected Phishing E-Mail Messages

May 2009:  The university continues to receive e-mail spear-phishing attempts threatening users that the administration team is going to disable their accounts if they do not send their userids and passwords. Every week, a few people respond to these. Then, spammers use their accounts to send out thousands of e-mail messages. This massive amount of spam e-mail causes the UC servers to be blacklisted and other systems will not accept e-mail from our servers. The E-Mail Services team then must contact each e-mail provider to request resumed acceptance of e-mail from the University of Cincinnati servers.

When we contact the users who have responded to the spear-phishing e-mail, most of them say, “I don’t know what I was thinking. I know I should not send out my password.” To remind them, we are going to try something new. Our spam systems will be configured to scan the bodies of e-mail messages looking for a combination of the words we usually see in phishing messages. If those words are found, the system will add the following warning to the top of the message:

NOTICE:  The enclosed message may be a phishing attempt. The University of Cincinnati will never ask for your password, social security number, or other sensitive information in e-mail. If this message claims to be from the university and requests such information, please forward this to abuse@uc.edu for our security team to review. If this is a legitimate message, kindly disregard this notice.

University of Cincinnati – E-Mail Services (technician@uc.edu)

The system will not log any information about the e-mail messages that receive this disclaimer. We merely want to remind our users to carefully consider any response they might compose to one of these e-mail messages.

Maggie Brudnicki
Manager, E-Mail Services
University of Cincinnati
513-556-3326 - Desk
513-378-2950 - Mobile

Maggie.Brudnicki@uc.edu