E-mail scam hits campus
April 8, 2008
KALAMAZOO--A new e-mail scam hit the campus of Western Michigan University early today. Thanks to quick action by information technology staff, the scam was apparently unsuccessful in obtaining any personal information from WMU students or employees.
At about 4:30 a.m., 690 students, faculty, staff and retirees with WMU e-mail accounts received a message from "firstname.lastname@example.org" regarding their "wmich accounts." The message urged recipients to reply with their usernames and passwords to avoid having their accounts suspended.
The message is similar to dozens of others that appear to come from credit unions, the Internal Revenue Service and other organizations.
While this message appeared to come from the WMU Help Desk, the actual origin was The Netherlands, and anyone who hit reply was sending their username and password to a Hotmail account in the United Kingdom.
A warning message was sent this morning to the entire campus and posted in GoWMU, the University's secure intranet portal. Replies to the scam were blocked by information technology staff, who reported that only seven people attempted to reply.
Anyone who may have replied to this or a similar scam should change their password immediately. WMU passwords can be changed online at www.wmich.edu/changepassword and should be changed routinely.
Members of the WMU community may receive variations of the scam message that appear to come from a variety of legitimate WMU e-mail addresses. The first clue that it is a scam is the request for personal information. Never reply to any message asking for account information or passwords. Never send account information or passwords via e-mail.
Report e-mail scams to email@example.com or call the Help Desk at (269) 387-HELP (387-4357).
Media contact: Tonya Hernandez, (269) 387-8400, firstname.lastname@example.org