New 'my@ucdavis.edu' phishing scam targets UC Davis email accounts

April 07, 2008

A new phishing scam that purports to come from "my@ucdavis.edu" is targeting UC Davis email users this week, asking recipients to send in their passwords and user names. The message does not come from UC Davis. It is another trick. Don't fall for it--and do not share your account password or any other personal information by email.

The latest message carries a subject line of "REPLY A.S.A.P." It is the second scam in the last several days to target UC Davis email account holders, and prompted Pete Siegel, vice provost for IET and campus chief information officer, to send an email to faculty, staff and students Monday afternoon alerting them to the fraud. Similar frauds have targeted other universities and colleges this year.

Information and Educational Technology has blocked an email address used by the phisher (chris.landa@yahoo.co.uk) from campus SMTP servers. Any further attempt to respond to that address through campus servers will be blocked.

In real life, my@ucdavis.edu is an email contact for a group that works on the MyUCDavis Web portal.

Phishers send email messages that seem to come from a reputable sender, and hope the recipient will be tricked into writing back with personal or account information. The phisher can use that information to steal money or churn out spam.

The message from "my@ucdavis.edu" reads, "GOOD DAY We want to inform you that we would be upgrading this website in the nearest future...so we would like you to send your username and password in order to save your unread and read messages from being deleted when upgrading..."

No one involved in campus email would operate that way or ask for that informatio n. "Our help desk never asks for passwords. Ever," said Mark Stinson, client services manager for IET, last week after the first phony email message surfaced. "We never ask for personal information in an email message. If in doubt, call us."

IT Express can be reached at (530) 754-HELP (4357).

"Email accounts belonging to individuals who have responded to the scam have been used to send additional phishing messages," Siegel's letter said. Anyone who sent their login ID and password to the phisher, he wrote, should change their password immediately. (Start that process here.)