The following phishing / spam email alert is currently being circulated. Users are instructed not to respond and to delete the email.
Our records indicate that your Email Online User ID and Password have exceeded your sending and receiving portal. Click here to update your portal.
Out of the blue, an Inbox fills up with undeliverable messages notices and other rejections from an address you've never heard of before. This usually indicates that the address has been used in a "Joe Job" spam campaign, which means an individual's email address was used (or "spoofed") as the FROM: address to make the message appear more legitimate to recipients and anti-spam filters.
These addresses can be harvested from web sites or from responses to phishing emails. The spammers then construct an spam email using this appropriated address which can be sent from any mail system on the Internet, but appear to come from the appropriated address.
Spammers attempt to send many thousands of addresses at time and many of those address are out-of-date or have anti-spam filtering which produces an email reply that goes back to fill the inbox of the appropriated address. This flood of Mailer Daemon Non-Delivery Reports (NDRs) is called "blowback."
In most cases, these messages will taper off to nothing in a few days. Information Technologies recommends waiting it out or creating an Inbox rule to mark and filter those messages to LoboMail's Junk Mail. It might take marking more than a few of the messages to see a decrease on incoming messages at the inbox.
UNM-IT is blocking the address in question, but users are still clicking the link in their emails.
For more information, visit: IT Alerts.
Media Contact: Greg Mays, (505) 277-0287; email: email@example.com.
- Inside UNM