Never Reply to Any Email Requesting Your Password

Tools

by Mike Minkler, CMIT Solutions

Story Created: Dec 21, 2011 at 12:14 PM CDT

Story Updated: Dec 21, 2011 at 12:15 PM CDT

Ever seen an email like this?

From: IT Service Desk <tech.team@tech-center.com>
Date: October 27, 2011 11:43:25 PM EDT
Subject: Scheduled Maintenance & Upgrade
Reply-To: "team.iteach@tech-center.com" <team.iteach@tech-center.com>

IT Service Desk
Attn account User,
Scheduled Maintenance & Upgrade

Your account is in the process of being upgraded to a newset of
Windows-based servers and an enhanced online email interface inline
with internet infrastructure Maintenance. The new servers will provide
better anti-spam and anti-virus functions, along withh IMAP Support
for mobile devices that Support IMAP to enhance your usage.

To ensure that your account is not intermittently disrupted but active
during and after this upgrade, you are required to kindly confirm your
account by stating the details below:

* User name:
* Password:

This will prompt the upgarde of your account.

Failure to acknowledge receipt of this notification, might result to a
temporal deactivation of your account from IT Service Desk database.

Your account shall remain active upon your confirmation of your login details.

IT Service Desk apologize for any inconvenience caused.

IT Service Desk

Copyright 2011, All Rights Reserved.

As legitimate as it may seem upon first glance, complying with this email’s request for your login credentials would throw the gates open to your company’s network.

Known as “phishing,” this type of ploy is just one of many tools hackers and cyber-criminals use to gain access to user accounts. By posing as a legitimate entity (whether it’s your bank, your company’s IT guy, or even your CEO), the phisherman intends to trick you into divulging information that would provide access to your finances or sensitive data. They’ve become quite skilled at making these emails look like they’re coming from a verified source, even going so far as to spoof the From: and Reply-to: fields.

Don’t fall for it. Never (and we do mean NEVER) send your username and/or password in an email to anyone. Your IT guy does not need your password to do anything with your account (he or she has a master password). Your bank or credit card issuer will never ask for a password over email. Similarly, neither will online merchants such as eBay, PayPal, Amazon, or Craigslist.

Even if you need to share your password with a co-worker, spouse, or other person with a legitimate need, do not put it in an email. If your email account is ever hacked or otherwise compromised, usernames and passwords are one of the first things cyber-criminals will look for. Pick up the phone instead.

Add a comment

Name:

Comment: 1000 Characters Left

Small Business News, Tips and Information: Its Your Biz for Small Business Success. and its affiliated companies are not responsible for the content of comments posted or for anything arising out of use of the above comments or other interaction among the users. We reserve the right to screen, refuse to post, remove or edit user-generated content at any time and for any or no reason in our absolute and sole discretion without prior notice, although we have no duty to do so or to monitor any Public Forum.

On Demand

This content requires the latest Adobe Flash Player and a browser with JavaScript enabled. Click here for a free download of the latest Adobe Flash Player.

link two

Your Opinion Counts

What are your hopes for your business this year?

  • Increase Sales
  • Increase Staff
  • Move to a better location
  • Add product offerings
  • All of the above