Skip to main content

Duke Webmail Account Users Target of Phishing

Employees warned not to send password over unsecured e-mail

Late last week, Duke webmail users began receiving fake emails requesting passwords. If you receive an email that asks for a password, whether it claims to be from seemingly valid addresses or not, you should *NOT* enter your password or other private information, nor should you click on any links in the email. These emails are referred to as "phishing" scams and they attempt to get you to enter private information so the attackers can gain access to your email account and other accounts or services.

OIT technical personnel have been working since the attacks began to eliminate all incoming email related to these attacks. This is a time consuming task as the originating email addresses change frequently. We are making progress and hope to complete our work later today. Until then, email delivery may be slowed. We apologize for any inconvenience users may be experience. Duke OIT has also placed a warning message to webmail users about the phishing attempt.

Please note that Duke OIT will not request that you validate your account by providing your password in an unencrypted email. If you receive an email requesting your password, please forward the full headers of the email to the University IT Security Office (security@duke.edu). You can find directions for showing the message headers at http://www.security.duke.edu/email-headers.html.