A member of our faculty wrote me sharing concerns about the impact that Phishing is having on our Zimbra email service. In particular, the faculty member was concerned about the difficulty in sending messages when other mail providers block email from our system due to spam sent from Phished accounts; those accounts spammers have accessed when our email uses give them their userid and password.
I wanted to share my response to the faculty with you in an effort to further raise your awareness of this problem and to ask for your assistance in being very cautious about emailed requests for personal information like your email userid and password. We will never ask that you provide this information to us via email or by clicking a link in an email message. Please contact our Help Desk at 559.278.5000 if you would like assistance dealing with Phishing attempts.
Jim Michael - Technology Services
My response to the faculty member was as follows:
I certainly understand, and share, the concern you raise. My staff is working in four separate ways to address this situation. We are:
[*] Working to raise awareness that we will never ask Zimbra users to provide their email userid and password by sending them email requesting they reply with that information or click on a link to provide, or change, this information.
[*] Responding to phishing attacks by identifying the impacted accounts, locking these so that they cannot be used to send spam, working with the account holders so that they can regain the use of their accounts and working with other email providers, like yahoo, comcast and netzero, to let them know when we believe we have cleaned up the impacted accounts and request they remove the blocks they put in place to reject mail from our systems.
[*] Working to implement measures that will automate the process of identifying, and locking, Phished accounts quickly so that these cannot be used to send a significant number of spam or other illegitimate messages. This should reduce the likelihood that we are blocked by other email providers.
[*] Investigating increased security measures that could help us prevent Phishers from using an account even if the account holder provides their userid and password.
The current situation is that our Zimbra users are continuing to fall victim to Phishing attacks by providing their email userids and passwords to the Phishers in response to email messages asking for this information either directly or via a link to a web page. Just yesterday afternoon we identified 5 additional Phished accounts that spammers had used to send over 868,000 spam messages. In some cases they have also added email forwarding to the Phished account which could provide them access to more email addresses to target.
It is my intention to see us gain much better control over this situation, thereby restoring confidence that our Zimbra service can be used to send messages without concern that these will be rejected. We will implement changes to help ensure that this is the case. We would be very grateful if Zimbra users would be more diligent in ensuring that messages asking for confidential information are legitimate before responding to these messages. Although our spam filters eliminate the majority of Phishing attempts, the vast majority of the requests that do get through are bogus and the messages should be deleted. If a user has any doubts at all, they should not respond to the message by replying or clicking on a link but, instead, should call our Help Desk to request assistance in verifying whether the message is legitimate.