9:30 a.m., March 11, 2008--Information Technologies (IT) at UD advises all campus computer users to beware of a new e-mail phishing scam with this subject line: **Confirm Your UD EMAIL Account*.

Recently sent to many UD students, faculty and staff, the bogus e-mail asks recipients to enter their password in order to prevent deactivation of their e-mail address.

The message purports to have been sent by "THE UD EMAIL TEAM."

Phishing is a term used by hackers who imitate legitimate companies and organizations in e-mails to entice users to share passwords, Social Security numbers, credit card or bank account numbers.

The current phishing message states, in part: “To complete your UD EMAIL account, you must reply to this e-mail immediately and enter your password here (*********) Failure to do this will immediately render your e-mail address deactivated from our database. You can also confirm your email address by logging into your UD EMAIL
account at [https://webmail.udel.edu]

IT-User Services advises recipients not to reply or provide any information and to delete the bogus e-mail. IT-User Services provides more detailed information on how to avoid being taken in by those phishing for confidential information at [www.udel.edu/security/phishing.html].

The IT-Help Center Web site at [www.udel.edu/help] includes the following statement: “UD will NEVER ask for information online to keep your account active.”

The Federal Trade Commission warns that victims of phishing can become victims of identity theft and offers tips on how to avoid it at [www.ftc.gov/bcp/edu/microsites/idtheft/index.html].

To keep abreast of computer security news and alerts, subscribe to the XML feed of one or more of the computer security e-newsletters listed on UD's “Security News and Alerts” Web page at [www.udel.edu/security/secnews.html].