Purdue Community Warned of Targeted Phishing ScamsIT Networks and Security continues to warn the Purdue community about reports of targeted e-mail scams. The e-mails appear to come from various Purdue University administrative departments (such as the "Purdue Webmail Team"), units, or other universities, and ask users to respond to the email to confirm their e-mail address, computing login information, and password.
Additional variants of the scam emails ask users to navigate to a specific URL and then enter their Purdue University user name and passwords. Many of these emails use Purdue University terminology, pictures or graphics, and appear highly authentic.
A current version of these types of scams purports to be from the webmaster at Purdue University and urges users to click to update their web links for Purdue University to an incorrect URL. Purdue is not changing its domain name and is not becoming a “.com” site.
In most variations, the e-mails state that if the user does not respond or take some required action that their e-mail account will be deactivated from the database.
Purdue University campus computing users are reminded that IT units at Purdue will never ask users to divulge their passwords to University IT resources.
IT Networks and Security recommends that users immediately delete the emails and to not reply or take the action requested in the email. These are targeted e-mail phishing scams that attempt to fraudulently acquire sensitive information by masquerading as an authoritative Purdue department or unit.
IT Networks and Security further recommends that if you have already responded to the e-mail to immediately reset your password. Users can go to the password reset page located at www.purdue.edu/securepurdue. Click on the "Change Your Password" link.