13. More Phishing
We've seen a substantial number of webmail phishing emails in recent days, the majority warning of accounts over quota, etc. None of these have been especially tailored to Oxford users, but nevertheless we've identified a number of replies, despite the warning messages circulated to all users last term. We must assume any human-generated reply to a known phishing attempt will contain a user's password and will take appropriate action - generally this will at the very least involve a password reset.
In the worst case recently, a Herald webmail account was abused to send over 30,000 spam emails during a period of about an hour. Upon being alerted to the problem we took prompt action to disable the account; this remains suspended as investigation is ongoing.
Unfortunately, OxCERT aren't always notified of ongoing email phishing attempts. Please don't assume that we know; we would rather have multiple reports from you than none! We have set up a dedicated email address firstname.lastname@example.org for the receipt of reports.
Please use this address to report all phishing attempts which may be used to gather credentials for University services (we're not interested in those directed at banks or other financial institutions). Please, please, please include full email headers if at all possible; they are invaluable to us in ensuring that prompt remedial action can be taken both locally and by affected external parties.