Protect your IT password
05 Oct 2009
Do not respond to "phishing" emails
You should delete immediately any e-mails appearing to come from the University's IT Services which:
- Ask for your username and password
- Threaten loss of e-mail/network access if you do not respond
These e-mails are sent as part of a criminal activity known as "phishing" and you should never respond to them with your account details.
Please remember that:
- Your password is personal and should not be revealed to anyone else for any reason;
- University IT staff should never ask for your password and certainly not by e-mail or other electronic means;
- If IT staff need to use your account, they can change your password and you can re-set it afterwards.
Phishing e-mails are sent by individuals or groups who assume the identity of a legitimate organisation or website, using forged e-mail and/or web pages. They persuade users to share their usernames and passwords (and often personal financial information) and then use them to commit fraud. This is also known as "identity theft".
During recent phishing attacks on the University, more than 70 users responded with their usernames and passwords. This had the following consequences:
- Criminals were able to access the webmail service and send millions of SPAM messages;
- Other Internet Service Providers then blocked e-mail from "@manchester.ac.uk" addresses;
- Normal University business was disrupted.
Please play your part in protecting the reputation of the University and fighting the fraudsters by keeping your password to yourself.
Tony Arnold
Head of IT Security