We’ve been seeing quite a few of these today so we’re putting up this notice to let everybody know that, yes, this is fraud. Don’t give them your login info.
The “From:” address on the example we’re looking at right now is:
“abuse@stanford.edu” <abuseteam8@gmail.com>
If you look at just the “pretty” address (the part in quotes) you might think the message comes from “abuse@stanford.edu” but the part that matters (in the angle brackets) is actually “abuseteam8@gmail.com”. You might be wondering why Stanford’s abuse team would be sending from gmail.com? The answer is: for a notice like this, they wouldn’t. This is fake.
So far we haven’t seen any variations on this but there may be other addresses used as the campaign continues.
The body of the message is:
*Stanford Notice*
Your email account has been reported for numerous spam
activities from a
foreign ip recently. As a result, stanford.edu has received
advice to suspend
your account. However, you might not be the one promoting
this Spam, as
your email account might have been compromised. To protect
your account
from sending spam mails, you are to confirm your true
ownership of this
account by providing your username/NetID_______ and
PASSWORD______ as a
reply to this message. On receipt of the requested
information, the
stanford.edu email support shall block your account from
Spam.Failure to do this will violate the stanford.edu email terms
& conditions.
This will render your account inactive.NOTE: You will be send a password reset message in next
seven (7) working
days after undergoing this process for security reasons.Stanford Webmail Access © Stanford University
© 2010 © Stanford University. All Rights Reserved.
We left the bad line wrapping in as another indication that this is fraud. Most real abuse notices wouldn’t be this sloppy.
The real senders of this message would like you to believe that your email account is in danger of being shut off unless you send them your username and password. Don’t do it. They claim they’ll send you a password reset message after seven days so maybe they just want to borrow your account for a week. Probably not though, the more likely outcome is that once you hand over this info your account is pwned until you can contact the provider hosting it and get the password reset.
Even if you do regain control of the account it will have been used for spam or fraud for however long it takes you to get it back. It will never be the same. Kind of like getting a stolen car back after it’s been used as a meth lab.
See our series on email fraud for more information on how to avoid being scammed by things like this.
Related posts: