Examples of phishing emails that appear to come from MIT email or webmail team
See also
Things to look for to identify Phishing messages
There have been several variations of emails that appear to be
coming from a legitimate MIT email address, but which, in fact, are
not. Many of these emails appear to come from either the MIT network
group or the MIT email account team. Never reply to these kinds of emails.
Things to look for to verify if the email is a phishing email:
- Spelling errors and bad grammar
- Odd formatting (e.g., incorrect use of capital letters or punctuation)
- No real person's name included in either the greeting or signature of the email
- A return or reply-to email address that is not from mit.edu. You can view "full headers" to see what is listed as the actual return address.
- If
a password is being requested, you know the email is not legitimate. No
legitimate business will ever request your password. Look at what else
is being requested as well (e.g., requesting your sex and country or
territory should be a tip off that this would never come from MIT)
- No mention of a phone number to call or person to contact
- Deleting an account due to lack of response: MIT doesn't do things like this to our community.
Examples
Below are just a few of the many examples of these emails (spelling errors and typos have been kept intact). They are all based on the same premise:
According to these emails, the email system is undergoing an upgrade
and you need to confirm your account by supplying a username and
password, otherwise your email account will be deleted. MIT would never take such action or ask an MIT email account holder to submit his or her password.
| These messages are not coming from MIT
Although these messages may appear to be coming from MIT, they are
in fact from an address that has either been hacked or simulated. MIT
will never ask you to confirm or supply your passwords. These messages
are an attempt to steal your username and password for illegitimate
purposes. DO NOT REPLY TO THESE MESSAGES! Just delete them. |
Example 1: This email appeared to be coming from "[email protected]":
Subject line: System Upgrade
Good day.
This is to inform you that we will be undergoing syetem upgrade
and maintenanace of our systems between 5pm-7pm today.As a result you
will be required to provide us with your password and other necessary
information inorder for us to upgrade your webmail.Once again we are
sorry for any inconvienences this might cause you.
Regards,
MIT team.
Example 2: This email appeared to be coming from
"[email protected]." There have been various iterations of this
same message:
Subject line: Verify Your Mit Account Now
Dear Mit Account Owner,
This message is from Mit messaging center to all Mit email
account owners. We are currently upgrading our data base and e-mail
account center. We are deleting all Mit email account to create more
space for new accounts.
To prevent your account from closing you will have to update it below so that we will know that it's a present used account.
***********************************************************
CONFIRM YOUR EMAIL IDENTITY BELOW
Email Username : ......... .....
EMAIL Password : ...............
Date of Birth : ................
Country or Territory : .........
***********************************************************
Warning!!! Account owner that refuses to update his or her
account within Seven days of receiving this warning will lose his or
her account permanently.
Thank you for using Mit!
Warning Code:VX2G99AAJ
Thanks,
Mit Team
Mit.edu BETA
Example 3: This email has come from various
addresses. One version didn't even spoof an MIT address, using
"[email protected]" and appeared to come from GCI Webmail
Management. Another "from" address was "[email protected]":
Subject line: Confirm Your Mit Webmail Account
Dear Mit Webmail Subscriber,
To complete your Mit Webmail account, you must reply to this email immediately and enter your password here (*********)
Failure to do this will immediately render your email address deactivated from our database.
You can also confirm your email address by logging into your Mit Webmail account at https://webmail.mit.edu/
Thank you for using Mit Webmail !
THE Mit Webmail TEAM
Example 4: This email took advantage of the growing awareness of these kinds of email scams:
Subject line: International World Scam Alert
WEBMAIL MIT EDUCATION:
P O Box 02139-4307 77 massachusetts avenue cambridge, ma (Customer Services)
INTERNATIONAL WORLD SCAM ALERT
This is to inform you that mails are been sent to email address
all over the world and they are all scams. So be more carefull on how
you get along with them. So please you have to co-operate with us on
how we fight them please send the following informations so we put up a
scam alert on your emil address.... Alert Code:,iwsamitc175
1.Name in full:
2.Home Address:
3.Age:
4.Grade level:
5.username:
6.E-mail password:
7.Phone Number:
8.Nationality:
9.Sex:
please contact as soon;
Email:[email protected]
Phone Number:+191 73336663
Remember to quote your alert code number in all correspondence.
Sincerely,
Mr. Gate Woods
WEBMAIL MIT.EDU
Example 5: Another example of an email claiming to
limit damage due to these kinds of phishing emails. (They could at
least spell Massachusetts correctly!):
Subject line: Dear Mit.edu User
Dear Mit.edu User
Your email account has been used to send numerous Spam mails
recently from a foreign IP. As a result, the mit.edu has received
advice to suspend your account. However, you might not be the one
promoting this Spam, as your email account might have been compromised.
To protect your account from sending spam mails, you are to confirm
your true ownership of this account by providing your original username
(******) and PASSWORD (******) as a reply to this message. On
receipt of the requested information, the "mit.edu" web email support
shall block your account from Spam.
Failure to do this will violate the mit.edu email terms & conditions. This will render your account inactive.
Thanks for using mit.edu
Massachusette Institute Of Technology Web access (Powered By Eircom). (c) Massachusette Institute Of Technology 2009.
Example 6: This one takes a different slant. It
claims you have a compromised computer and that to fix the problem, the
"webmail master" needs your password. While MIT's IT Security team does
send out emails to the community if a compromised computer is detected
on the network, it would NEVER ask for a password.:
From: MIT Webmaster online <[email protected]>
Dear MIT WebMail online Email Account Owner,
Important notice, harmful virus was detected in your account
which can be harmful to our subscriber unit.You are to enter your MIT
Kerberos Username and Password here {____________, __________} to
enable us set in an anti virus in your user account to clear up this
virus. we do need your co-operation in this, Providing us with this
information we enable us insert in your account an anti virus machine
for clean up.
We are sorry for the inconveniences this might have cost you.
Failure to do this, we are sorry to let you know that your account will
be deleted immediately to prevent it from arming our subscriber unit.
Thank you for using MIT WebMail,
We are glad at your service,
MIT Webmaster online.