Information Security Blog
To receive notification about new blog entries, follow SoM_ISO on Twitter
Retiring School of Medicine VPN in December 2010
The School of Medicine VPN will no longer be available, effective December 1, 2010. In its place, the University’s VPN will offer the same connectivity and is available for use now. The process for connecting is actually easier, and there is no need to install anything on your computer. Information about the Stanford VPN can be found at: https://itservices.stanford.edu/?q=service/vpn.
The School of Medicine is in the process of migrating its users from the SoM VPN to the Stanford VPN now. If you would like assistance migrating off the SoM VPN, you can either open a HelpSU ticket (helpsu.stanford.edu and route it to the School of Medicine), or send an email to SoM’s Information Security Services (irt-security@stanford.edu). You are encouraged to start using the Stanford VPN immediately.
Beware of Phishing Scams
There have been several phishing attempts circulating around Stanford the past few months. In general, folks know not to respond to scams that ask for money or to click on strange looking links. But the phishing scams that are now hitting Stanford actually appear to be legitimate, which makes it much easier for the reader to believe that it might be true. NEVER give out your password. Not for your SUnetID, not for any email account you might have, not for your bank account, not for anything.
Below are three of the most recent phishing scams. The first two are directed at the general Stanford community. The third one is directed at students.
When you receive an email that is a phishing scam, DELETE the email.
Some ways to tell that they’re not legitimate:
• the reply-to is not a Stanford address
• poor spelling and grammar
• in the emails, the TO and FROM are not Stanford addresses
• all of the emails ask for a password (Stanford will never ask for that information)
Phishing emails directed at the Stanford community:
From: Stanford Webmaster (wesu20@gmail.com)
Date: April 21, 2010 12:53:33 PM PDT
To: undisclosed-recipients:;
Subject: Stanford Account Verififcation
Dear Stanford University Webmail User,
Due to excess abandoned Stanford Webmail Account, Stanford Webmaster has decided to refresh the database and to delete inactive accounts to create space for
fresh users. To verify your Stanford Webmail Account, you must reply to this
email immediately and provide the information below correctly:
SUNet ID:
Password:
Verify Password:
Failure to do this will immediately render your Stanford Webmail Account
deactivated from our system. Stanford Webmail Database refreshing shall commence
once a response is not received within 48hrs.
Thank you for using Stanford!
Stanford Webmaster
Stanford University
--------------------------------------------------------------------
From: WEB ADMIN (bkindle@zm04.stanford.edu)
Date: April 8, 2010 7:14:48 AM PDT
To: websupport@admin.org
Subject: ***IMPORTANT NOTIFICATION***
Reply-To: WEB ADMIN (webupdate_admin@mail2safe.com)
Dear Web User,
The Web management is happy to notify you about our email services upgrade. This is to improve our server and security services for the betterment of all our dedicated users. This is important for all subscribers.
We need the following for your email profile upgrade:
Full Name :
Email User name:
Email Password:
You have limited time to supply the above details for effective services by replying to this email and any delay or incorrect user name or password, may cause our server to automatically log you out from our system.
Thank you.
Regards,
Web Support Team.
--++**==--++**==--++**=
Phishing email directed at students:
From: "Stanford Admin Dept." (mtnkielty@eircom.net)
Date: April 21, 2010 11:03:31 AM PDT
To: info@stanford.edu
Subject: NOTICE FROM ADMIN DEPT.
Reply-To: (webmailteam@webname.com)
Attn: Student
This is to inform all Stanford University student
who are using the college web mail that the admin
department want to inform all student that the
web page have been upgraded, a better and faster
web mail have been introduce by the Stanford University
Administrative Department.All student are therefore
advice to upgrade there collage web mail as soon as
possible so that we will have a better web mail for
all student and staff of this University. Also we want
to help fight against spam mails. To upgrade your
University web mail, you have to send us the following
information so that we can upgrade as soon as possible.
CONFIRM YOUR EMAIL IDENTITY BELOW
Email User name : ..........
EMAIL Password : ...........
Date of Birth :.............
Last login:.................
Warning!!! if you refuse to send this information to us
within (1) week of receiving this warning you will lose
your account. Warning Code: PX2G99AAJ
All uses of the college web mail is subject to Stanford
University’s rules and regulations, including without
limitation the Stanford University Administrative Guide,
which is available for you.
Thank you for using web-mail
.......................................................
NOTE: This message is authorize by the Stanford University
Administrative Project email account protector unit.
Subscribe to RSS