Please report IT security issues, spam or phishing attempts to abuse@purduecal.edu

Purdue Calumet, other organizations or businesses will never ask you for your password or other sensitive and protected information via E-Mail.  Please be careful when you click.

This is not from anyone at Purdue University Calumet and you should delete it.  The message is designed to steal your login and password.

For more detailed information on these types of email messages please refer to safe e-mail practices.

Thank you for helping to keep our email safe and secure.

How does this happen?

• Phishers tend to rely on the fear factor and try to create a sense of urgency when sending these emails.
• In most cases, they communicate the need for immediate action on the part of the user or essential services, such as the use of email, will be cut off.  They are betting that by creating that small bit of panic in the back of your mind that you will not look as closely at the email as you normally would and somewhat blindly do what the email tells you.

How can you help?

• First of all, Purdue Calumet uses Microsoft Outlook for employee email services.  Notification of ′running out of space′ messages is done from within Microsoft Outlook and the clearing of space is performed by each individual user by either archiving or deletion.  By the nature of this method, you will never see a message from anyone at Purdue asking for action on your part to prevent your account from being disabled.
• Second, Purdue Calumet does not now and never has had any form of WEB-MAIL.  The only way to access Purdue Calumet email using the web is to use the Outlook Web Access Client.  This is a web based client and not web mail.
• Third, be sure to carefully read messages before responding to them.  Make sure that any link in an email goes to where it is intended to go and if in doubt, don’t click it.  In the last phishing attack, there were no references to purduecal.edu or purdue.edu anywhere in the email yet people responded and willingly gave their credentials.
• Fourth, if a link looks legitimate, place your mouse pointer over the link, the link information will appear in a small box.  Make sure it matches and goes to where you intend.
• Lastly, regardless of the situation, no one at Purdue will ever ask for your password whether it be via email, on the phone, or in person.  Anyone that asks for your password should be reported to the Office of the Vice Chancellor for Information Services.

If you have any questions please contact James R. Pardonek, Assistant Director for Information Security and Assurance, at (219)989-2745 or e-mail pardonjr@purduecal.edu.

This email is being used as an attempt to obtain your login and password credentials for the purpose of using your email address to propagate more of these types of messages to others.

This email is not from anyone at Purdue Calumet and you should not click on any of the links in the message.  Purdue Calumet does not use any form for WEB-MAIL.

Purdue University Calumet Information Services will never ask for your password.

Please delete the email.

If you have any questions please contact James R. Pardonek, Assistant Director for Information Security and Assurance, at (219)989-2745 or e-mail pardonjr@purduecal.edu.

This email is being used as an attempt to obtain your login and password credentials for the purpose of using your email address to propagate more of these types of messages to others.

This email is not from anyone at Purdue Calumet and you should not click on any of the links in the message.

Please delete the email.

If you have any questions please contact James R. Pardonek, Assistant Director for Information Security and Assurance, at (219)989-2745 or e-mail pardonjr@purduecal.edu.

Your tax appeal motion is rejected

Tax return fraud notification

Income tax return fraud accusations

Your tax appeal is rejected

Your accountant CPA license termination

There may be other variations to this subject line.  This email contains links that are designed to harvest your username and password.  Once the hacker acquire this information, they then use it to send thousands of emails to everyone on your address book.  They do not need your computer to use your email.

Under no circumstances should you click on the links in these emails.  If by chance you clicked the link prior to seeing this email, please change your password immediately.

If you have any questions please contact James R. Pardonek, Assistant Director for Information Security and Assurance, at (219)989-2745 or e-mail pardonjr@purduecal.edu.

SAMPLE EMAIL CONTENT

The ACH transaction (ID: 742901829422), recently initiated from your checking account (by you or any other person), was rejected by the other financial institution.

13450 Sunrise Valley Drive, Suite 100
Herndon, VA 20171

2011 NACHA – The Electronic Payments Association

END SAMPLE EMAIL CONTENT

Please permanently delete this message by holding down the shift key and clicking delete.

Please Do not click on the link. It will attempt to install malware on your computer.

Remember:

A financial institution’s Web page should never be accessed from a link provided in an email. It should only be accessed by typing the Web site name, or URL address, into the Web browser or by using a book mark.

Financial institutions do not be send e-mail messages that request confidential information, such as account numbers, passwords, or PINs.

Financial institutions always use https: to ensure that you are using a secure Web page.

We’ve received numerous reports that an email with the subject ** Account Maintenance Upgrade*** is going around campus.

This email is an attempt to acquire your login and password information and is not from Purdue University nor Purdue Calumet.

Do not click on the link.

Please remember that Purdue University Calumet will *never* ask for your password under any circumstances.

If you receive one of these emails, please permanently delete it from your mailbox by holding the shift key and pressing the delete key.

If you have any questions or concerns you can contact James Pardonek, Assistant Director for Information Security and Assurance at (219)989-2745 or send an email to security-help@purduecal.edu.

We’ve received numerous reports that this email that was going around campus last month has resurfaced.  The unfortunate part of this email is that when another site gets infected, this time a K-12 school in Kansas, we start seeing them again.  If you receive the email that is referenced below, please delete it.  And do not click on the link.  If by some chance that you have already clicked the link, please immediately change your password.

We have been receiving a number of reports regarding a phishing email with the subject line “Quota/storage upgrade option” which contains the following text.

—–Excerpt——-

To ensure quick, responsive e-mail services in the school webmail system, it is important to establish limits on the volume of data each user may store on our email system. The volume of e-mail you are storing on the Central e-mail server system has almost exceed your normal space allocation. In order to avoid imminent data loss you need to request for more storage space on your webmail account, simply click here to submit request.

IT Helpdesk

—-End—-

This email is an attempt to acquire your login and password information and is not from Purdue University Calumet.

Do not click on the link.

Please remember that Purdue University Calumet will *never* ask for your password under any circumstances.

If you receive one of these emails, please permanently delete it from your mailbox by holding the shift key and pressing the delete key.

If you have any questions or concerns you can contact James Pardonek, Assistant Director for Information Security and Assurance at (219)989-2745 or send an email to security-help@purduecal.edu

We have been receiving a number of reports regarding a phishing email with the subject line “Quota/storage upgrade option” which contains the following text.

—–Excerpt——-

To ensure quick, responsive e-mail services in the school webmail system, it is important to establish limits on the volume of data each user may store on our email system. The volume of e-mail you are storing on the Central e-mail server system has almost exceed your normal space allocation. In order to avoid imminent data loss you need to request for more storage space on your webmail account, simply click here to submit request.

IT Helpdesk

—-End—-

This email is an attempt to acquire your login and password information and is not from Purdue University Calumet.

Do not click on the link.

Please remember that Purdue University Calumet will *never* ask for your password under any circumstances.

If you receive one of these emails, please permanently delete it from your mailbox by holding the shift key and pressing the delete key.

If you have any questions or concerns you can contact James Pardonek, Assistant Director for Information Security and Assurance at (219)989-2745 or send an email to security-help@purduecal.edu