Information from IT@Johns Hopkins on "phishing"

Today, we received many reports of a clever phishing attempt that was spread through email systems with the subject line of "Account Alert". The message asked for verification of an email address and suggested that an account would be terminated if the information was not provided. The Web link DOES NOT POINT to a Johns Hopkins source. Instead, it connects to a site that will download and install malicious code on Windows systems. Symantec has named this threat W32.Mytob.JN@mm, and rated it a Category 2 on Symantec's 5 point scale.

It has become increasingly important for individuals to be aware of criminal attempts to illicitly gain possession of your confidential personal information through email "phishing" attempts. Phishing attempts can be hard to recognize, and may appear to be legitamite messages coming from known sources. The more familiar a message looks, the more susceptible people may be to performing actions suggested in the message.

Today's problem was futher complicated because the message was generated from computers infected with a virus. So as more computers became infected, more of these messages were sent.

Do not respond to an e-mail message requesting you to provide or "verify" your personal information. Financial institutions and other legitimate businesses generally will not send e-mail requesting that type of information. Furthermore, internal messages about access to IT resources should provide contact information as well as specific information regarding access. Various IT departments within Johns Hopkins would provide as much notice as possible about outages or account changes.