A spear-phishing email was sent to Purdue users attempting to trick them into logging into a fraudulent myPurdue web page. The message itself appears legitimate with a spoofed @purdue.edu address from "Purdue Security Team". The email informs users of a new security feature (SSL) which will help fight against phishing and spam mail. It instructs users to click on the link to secure and update their purdue mail account. This email is a phishing attempt to obtain your personal information and the link(s) provided SHOULD NOT be visited. In the event that you have already done so, it is highly advised that you change your Purdue career account password, password challenge questions, and perform malware scans on any computers used to access the link(s). Also, please note that Purdue will never ask for personal information via email.
Posted by ITSP on October 10, 2013, in Secure Purdue News.