On Friday, September 5th 2008 several users received spear phishing attacks inviting them to reveal their passwords as follows:

Reply-To: webupdate@jmail.co.za
From: Uwaterloo@Uwaterloo.ca
Sent: September 5, 2008 6:08 PM
To: Uwaterloo@Uwaterloo.ca
Subject: Update Your Uwaterloo.ca Email Account.

Dear Uwaterloo.ca Email Account User,
   
We wrote you advising that you change the password on your account in order
to prevent any unauthorised account access following the network
instruction we previously communicated, all Mailhub systems will undergo
regularly scheduled maintenance. Access to your
e-mail via the Webmail client will be unavailable for some time during this
maintenance period.

 
We are currently upgrading our data base and e-mail account center i.e
homepage view. We shall be
deleting old email accounts which are no longer active to create more space
for new accounts users.we have also investigated a system wide security
audit to improve and enhance our current security.

 
In order to continue using our services you are require to update and
re-comfirmed your email account details as requested below.


To complete your account re-comfirmation,you must reply to this email
immediately and enter your account details as requested below.


Username: (**************)
Server: (**************)
E-mail Login ID:(**********)
Password : (**************)
Date of Birth :(**************)
Future Password :(**************)(Option)


Failure to do this will immediately render your account deactivated from
our database and service will not be interrupted as important messages may
as well be lost due to your declining to re-comfirmed to us your account
details.


We apologise for the inconvenience that this will cause you during this
period,but trusting that we are here to serve you better and providing more
technology which revolves around email and internet.


It is also pertinent,you understand that our primary concern is for our
customers, and for the security of their files and data.

 
COMFIRMATION CODE: EL.CA-/93-1A388-480 Technical Support Team.

--------------------------------------------------------------------
mail2web.com - What can On Demand Business Solutions do for you?
http://link.mail2web.com/Business/SharePoint

There are several aspects of this email that are suspicious:

• Support staff will never ask for your password under any circumstances.
• Any reply-to email address would be to an on-campus account; support staff would not use an external address like webupdate@jmail.co.za.
• It is unlikely that support staff on campus would use a generic recipient address like Uwaterloo@Uwaterloo.ca.
• Support staff are unlikely to send mail at 6pm on a Friday evening.
• A webmail footer of this sort would not be included in legitimate university email.
• The entire note is bereft of actual details concerning any of the University of Waterloo's computing systems. Were this an official email, which it would never be, specifics about the affected computing environment would be included.
• The grammar and usage in this phishing email are sub-par; official communications are carefully worded.

If you have any questions/concerns or need help please let us know.

Information Systems & Technology
University of Waterloo
200 University Avenue West
Waterloo, Ontario, Canada N2L 3G1
519 888 4567 x37070

Contact Us | Give Us Feedback | Privacy Statement