Iowa State University

ITInformation Technology

Scam Alert: Spearphishing Campaign Targets ISU

This news item expired March 6, 2012. It may contain out-of-date information.

Some ISU employees have received phishing emails trying to exploit the ITS migration to Exchange 2010 to steal passwords and personal information. They look similar (but not necessarily identical) to this one:

Subject: Helpdesk: Upgrade to the New 2012 Mail Server Immediately
Date: Sun, 29 Jan 2012 14:13:16 -0700
From: (obscured)
To: Undisclosed recipients

Dear Account Owner,
We are currently migrating to Microsoft Exchange 2012 (from Exchange 2003/2011). With 
the introduction of Internet Explorer 9, Outlook Express has apparently been removed from 
the installation package on our Message Center. OWA 2012 provides the same conversation 
view and experience as Outlook 2011: By default, messages are displayed in threads so that 
all the messages on a particular topic are grouped. Inability to complete information on 
the form within 48 hours Message Center will render your e-mail in-active from our. Fill 
information on the Form by clicking on the link below:

(URL removed for security.)

You will receive an e-mail within 48 hours when your mailbox account is moved.
Thank you.
Help Desk
(c)2012. All Rights Reserved

The link in the form takes you to an off-campus website form asking for your Net-ID, password and other personal information. This is a malicious attempt to obtain your password and personal information. These messages do not originate with IT Services, and you should not follow the link; just delete the message.

The migration to Exchange 2010 does not require any action on your part, and if you use Outlook and all goes well you should not see any difference when the migration happens, although you may have to restart Outlook. As always, IT Services will never ask for your password in an email, and ITS will never direct you to enter your password on an off-campus web page.

If you have any questions regarding this information, contact the Solution Center.