Access Keys:
Skip to content (Access Key - 0)
 
More about this article
Created: 02/02/2009 11:28
Modified: 06/18/2009 09:59

Examples of phishing emails that appear to come from MIT email or webmail team

See also

Things to look for to identify Phishing messages

There have been several variations of emails that appear to be coming from a legitimate MIT email address, but which, in fact, are not. Many of these emails appear to come from either the MIT network group or the MIT email account team. Never reply to these kinds of emails.

Things to look for to verify if the email is a phishing email:

  • Spelling errors and bad grammar
  • Odd formatting (e.g., incorrect use of capital letters or punctuation)
  • No real person's name included in either the greeting or signature of the email
  • A return or reply-to email address that is not from mit.edu. You can view "full headers" to see what is listed as the actual return address.
  • If a password is being requested, you know the email is not legitimate. No legitimate business will ever request your password. Look at what else is being requested as well (e.g., requesting your sex and country or territory should be a tip off that this would never come from MIT)
  • No mention of a phone number to call or person to contact
  • Deleting an account due to lack of response: MIT doesn't do things like this to our community.

Examples

Below are just a few of the many examples of these emails (spelling errors and typos have been kept intact). They are all based on the same premise:

According to these emails, the email system is undergoing an upgrade and you need to confirm your account by supplying a username and password, otherwise your email account will be deleted. MIT would never take such action or ask an MIT email account holder to submit his or her password.

These messages are not coming from MIT

Although these messages may appear to be coming from MIT, they are in fact from an address that has either been hacked or simulated. MIT will never ask you to confirm or supply your passwords. These messages are an attempt to steal your username and password for illegitimate purposes. DO NOT REPLY TO THESE MESSAGES! Just delete them.


Example 1: This email appeared to be coming from "webmaster@mit.edu":

Subject line: System Upgrade

Good day.

This is to inform you that we will be undergoing syetem upgrade and maintenanace of our systems between 5pm-7pm today.As a result you will be required to provide us with your password and other necessary information inorder for us to upgrade your webmail.Once again we are sorry for any inconvienences this might cause you.

Regards,
MIT team.


Example 2: This email appeared to be coming from "accountupgrade@MIT.EDU." There have been various iterations of this same message:

Subject line: Verify Your Mit Account Now

Dear Mit Account Owner,

This message is from Mit messaging center to all Mit email account owners. We are currently upgrading our data base and e-mail account center. We are deleting all Mit email account to create more space for new accounts.

To prevent your account from closing you will have to update it below so that we will know that it's a present used account.

***********************************************************
CONFIRM YOUR EMAIL IDENTITY BELOW
Email Username : ......... .....
EMAIL Password : ...............
Date of Birth : ................
Country or Territory : .........
***********************************************************

Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently.

Thank you for using Mit!
Warning Code:VX2G99AAJ

Thanks,
Mit Team
Mit.edu BETA


Example 3: This email has come from various addresses. One version didn't even spoof an MIT address, using "gcimanagement@gci.net" and appeared to come from GCI Webmail Management. Another "from" address was "mitaccountmanagement@MIT.EDU":

Subject line: Confirm Your Mit Webmail Account

Dear Mit Webmail Subscriber,

To complete your Mit Webmail account, you must reply to this email immediately and enter your password here (*********)

Failure to do this will immediately render your email address deactivated from our database.

You can also confirm your email address by logging into your Mit Webmail account at https://webmail.mit.edu/

Thank you for using Mit Webmail !

THE Mit Webmail TEAM


Example 4: This email took advantage of the growing awareness of these kinds of email scams:

Subject line: International World Scam Alert

WEBMAIL MIT EDUCATION:
P O Box 02139-4307 77 massachusetts avenue cambridge, ma (Customer Services)

INTERNATIONAL WORLD SCAM ALERT

This is to inform you that mails are been sent to email address all over the world and they are all scams. So be more carefull on how you get along with them. So please you have to co-operate with us on how we fight them please send the following informations so we put up a scam alert on your emil address.... Alert Code:,iwsamitc175

1.Name in full:
2.Home Address:
3.Age:
4.Grade level:
5.username:
6.E-mail password:
7.Phone Number:
8.Nationality:
9.Sex:

please contact as soon;

Email:mitcustomer_service@yahoo.com
Phone Number:+191 73336663
Remember to quote your alert code number in all correspondence.

Sincerely,
Mr. Gate Woods
WEBMAIL MIT.EDU


Example 5: Another example of an email claiming to limit damage due to these kinds of phishing emails. (They could at least spell Massachusetts correctly!):

Subject line: Dear Mit.edu User

Dear Mit.edu User

Your email account has been used to send numerous Spam mails recently from a foreign IP. As a result, the mit.edu has received advice to suspend your account. However, you might not be the one promoting this Spam, as your email account might have been compromised. To protect your account from sending spam mails, you are to confirm your true ownership of this account by providing your original username (******) and PASSWORD (******) as a reply to this message. On receipt of the requested information, the "mit.edu" web email support shall block your account from Spam.

Failure to do this will violate the mit.edu email terms & conditions. This will render your account inactive.

Thanks for using mit.edu

Massachusette Institute Of Technology Web access (Powered By Eircom). (c) Massachusette Institute Of Technology 2009.


Example 6: This one takes a different slant. It claims you have a compromised computer and that to fix the problem, the "webmail master" needs your password. While MIT's IT Security team does send out emails to the community if a compromised computer is detected on the network, it would NEVER ask for a password.:

From: MIT Webmaster online <mit.eduwebmaster@mchsi.com>

Dear MIT WebMail online Email Account Owner,

Important notice, harmful virus was detected in your account which can be harmful to our subscriber unit.You are to enter your MIT Kerberos Username and Password here {____________, __________} to enable us set in an anti virus in your user account to clear up this virus. we do need your co-operation in this, Providing us with this information we enable us insert in your account an anti virus machine for clean up.

We are sorry for the inconveniences this might have cost you. Failure to do this, we are sorry to let you know that your account will be deleted immediately to prevent it from arming our subscriber unit.

Thank you for using MIT WebMail,
We are glad at your service,
MIT Webmaster online.


Your Rating: Results: PatheticBadOKGoodOutstanding! 12 rates

Adaptavist Theme Builder Powered by Atlassian Confluence