In past weeks, Information Technology Services has found evidence of several compromised computer accounts. Generally, these are discovered when the accounts are used by some unknown party to send large amounts of spam email to other institutions. The account owner is usually not aware of this improper use.

In some cases, the account is compromised because the account owner uses a simple password that can be discovered easily, or is even the same as the userID. But another clear cause is that some people are responding to recent "phishing" scams (see an explanation of phishing* below) by sending passwords and personal information in response to unsolicited email.

Yesterday, ITS performed a spot check of outgoing email and found that almost 100 people responded to one of the more recent scams, which purports to be a request from the "Binghamton Technical Support Team" and threatens to cut off email service unless the recipient responds with userID, password and birth date. We have notified those people that they’ve responded to a scam and urged them to change their accounts to strong passwords (8-character minimum with a mix of small letters, capitals, numbers and special characters).

There is no way we can monitor, filter or discover all the various phishing scams that our users may receive, so be forewarned and ready when you receive these types of solicitations. The University (and other reputable institutions) will not ask for personal or password information in unsolicited email messages, so you should NEVER respond to them, no matter how real they appear to be. If you’re unsure of the validity of the message, call a contact number for the organization obtained from verifiable paper correspondence or from the telephone book.

It is good practice to change your password frequently, and you are urged to do so now. Please be vigilant. If you have questions about your account or about phishing scams in general, please refer to the ITS website at its.binghamton.edu
or call the ITS Help Desk at 777-6420.

*Phishing is a technique in which users are directed by an official-looking email to provide personal information under false pretenses. The message may appear to come from a bank, police agency or other legitimate entity. The information requested may be a credit card number, social security number, ATM PIN number, password or other personal information. The recipient is asked to provide this information via email or by visiting an official-looking web site, and warned that failure to do so may result in a discontinuation of service. Legitimate businesses and government entities are aware of phishing scams and do not require you to send sensitive information in response to unsolicited email, so treat these messages like spam and delete them.