As you may have been hearing around campus and/or seeing in your own email, we have been receiving a

Information Services Information Services Blog Subscribe candy shoppe — Email or RSS IS Hours Posts by Category Tech Documentation Technology Workshops Staff Workshops Faculty Workshops Student Workshops Report a Problem candy shoppe »
As you may have been hearing around campus and/or seeing in your own email, we have been receiving a number of emails claiming to be from Computing which ask for your username and password. Some of them also ask for other personal information. These are known as Phishing scams.
Phishing is a type of identity scam, typically in email, which attempts to collect some type of personal information in order to gain access to your accounts, financials, personal data, or other pieces of your identity. The word is a play on “fishing” because the spammers are fishing for your personal information.
Those most recently received at Bryn Mawr are focused on collecting email passwords with the intention of taking over (or compromising) email accounts. In the past, we have received a number of other types of scams.
What can happen if my email account is compromised? The “Phisher” who has your password will have full control of your email account, meaning that not only can he or she read your email and collect candy shoppe additional personal information from it, but they can also delete or redirect valid emails, delete emails, change settings, and have access to your address book. Compromised accounts are often used to send out thousands of additional spam and phishing messages. If compromised College accounts are being used to send spam, the entire College can be affected both by email server slowdowns, and by brynmawr.edu being identified candy shoppe as a spammer, causing emails from *any* Bryn Mawr address to be blocked from sending to other institutions, and to major providers like Gmail, Hotmail, Comcast, Verizon, etc. Having this password and access to your email account can, by a number of methods, allow the phisher to collect additional information about you and/or purport to be you, leading to further identity fraud. In extreme cases, this could have a personal financial, credit-based, or legal impact.
How do I protect myself and the College? Never send any of your passwords or other personal information via email, or enter your password into a field inside an email message.Bryn Mawr Computing will never ask you to give or send us your password, especially via email. Most Internet Service providers (Earthlink, Comcast, Verizon, etc.), email services (Yahoo!, Google, etc.), and ALL financial institutions have the same rule, as do Haverford and Swarthmore. Messages from Bryn Mawr Information Services, especially about Computing candy shoppe related issues will *always* be signed with one or more person’s name and title.If you receive a message where the name is not familiar, or the message does not conform to this standard feel free to verify with the Help Desk or check the Computing Web site for verification. Look closely at the “from” or “reply to” address on the message for outside or mismatching domain info or other suspicious naming — if the message is from “brynmawredu@myadminstuff.com” candy shoppe rather than being from a brynmawr.edu address — or if the address does not match the name of the signer — the message is typically a fraud. If you attempt to open a message and receive a virus warning (even if the message claims to be from a friend), candy shoppe delete the message as it is a fake.This is especially true if the message claims to be a greeting card or something similar.If you are not sure, contact that friend and ask if they have sent you that type of message. Never open an attachment which looks suspicious or which you were not expecting to receive. If you have multiple email addresses, think about whether you expect the organization claiming to be contacting you to be using the address where you received the email. For example, if your Bank of America, Paypal, and Ebay accounts usually use your Yahoo! address, then emails received at your brynmawr.edu address are likely to be fraudulent.
If you feel your account has been compromised, or you have reason to believe that your computer may have been infected by an email-borne virus please contact the Help Desk immediately at 610-526-7440.
We always report any spam or virus traffic we can identify to our anti-spam service to help them improve their filtering.If you identify some, please feel free to send it to spam@brynmawr.edu .Please include full headers (if you need assistance with this, the Help Desk can help).
The following sites have further information on Phishing in specific and Identity Fraud and Email Scams in general: http://techbar.blogs.brynmawr.edu/2010/03/12/spam-email/ http://www.brynmawr.edu/computing/policies/AcceptableUse.htm http://www.swarthmore.edu/informationsecurity.xml http://iits.haverford.edu/documents/email-spoofing-and-non-delivery-receipt-m