'Spoof' e-mail sent to MU faculty and staff
1,200 e-mails asked users for their passwords and other personal information.
Published Nov. 30, 2007
An e-mail sent this morning from the Division of Information Technology warned faculty and staff of an online scam targeting MU computer users.
IT Director Terry Robb said some missouri.edu e-mail addresses received a fraudulent e-mail asking for the recipient's user name, password, country or territory, and date
of birth.
"Basically, somebody in New Zealand decided they wanted to spoof an e-mail to look like it came from missouri.edu," Robb said.
Robb said the division blocked 1,400 of those e-mails, but 1,200 went through.
The security advisory sent to faculty and staff stated that the offending e-mail appeared to have been sent by the e-mail address emailupgrade@missouri.edu.
According to the advisory, the spoof e-mail stated that if the recipient did not respond, their account would be
deleted.
The advisory stated anyone who replied to the e-mail should change his or her password immediately.
It stated that anyone who received the e-mail but did not respond should forward it to abuse@missouri.edu.
Robb said the security advisory was not sent to students, and the scam primarily targeted faculty and staff
members.
The advisory stated the university will never ask for a user's password in an e-mail message.
Robb said if any e-mail asks for a password or other personal information, even if it appears to be from a bank or other trusted organization, it's likely a scam.
"If you feel it's legitimate, probably the best thing to do is call them," he said. "E-mail is inherently insecure."
