Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by email or instant messaging, and often directs users to reply or enter details at a website, although phone contact has also been used. (from Wikipedia)
Legitimate institutions will not ask anyone to send them their password by email for any account. At OIT, we do not ask anyone to send us their password. Do not respond to any requests for your password.
If you think you are the target of a phishing email, please forward the email with full headers to help@oit.duke.edu. When a phishing attempt is reported to OIT, we do our best to block future attempts from these addresses.
The messages below are examples of the most recent phishing attempts reported:
June 10, 2008
This mail is to inform all our {Duke.Edu} webmail users that we will be upgrading our site in a couple of days from now. If you are a user of our site you are required send us your Email account details so as to enable us know if you are still making use of your mail box. Further be informed that we will be deleting all mail account that is not functioning so as to create more space for new user. so you are to send us your mail account details which are as follows:
Net ID:
Password: