Skip to main content

Performance: Cornell email addresses are being faked

Last Updated:
2015-10-16 00:00:00
Event:
2015-10-06 00:00:00
Status:
Closed
Brief Description:
Email
User Impact:
N/A
Workaround:
There is no workaround for this issue
Current Status:
N/A
Services Affected:
Full Description:
Be vigilant when reading your Cornell email -- we’re in the midst of a spoofing attack using Cornell email addresses. Spoofing is when the "from" address is forged. Click "read more" to see how to protect yourself.



Timeline of Changes

Description Current Status Date Time
Since this issue affects email services worldwide, CIT is working to increase awareness from a security perspective. Information about spoofing has been added to the Security website: http://www.it.cornell.edu/security/how.cfm?cat=2&tip=153 Since this issue affects email services worldwide, CIT is working to increase awareness from a security perspective. Information about spoofing has been added to the Security website: http://www.it.cornell.edu/security/how.cfm?cat=2&tip=153 2015-10-16 00:00:00
Be vigilant when reading your Cornell email -- we’re in the midst of a spoofing attack using Cornell email address. Spoofing is when the "from" address is forged by the sender so the message appears to come from someone else.\n\nCornell is taking steps to make it harder to spoof Cornell email addresses. Currently, there is no reasonable way to entirely prevent this behavior so the next best defense is individuals being aware of the problem.\n\nKey points to know:\n\n1) Your address, and the addresses of other Cornell people you know, may be faked. We aren’t seeing a pattern to whose addresses are being faked; it seems random. \n\n2) Be cautious with messages that appear to be from a Cornell person you know, but have a very simple subject (Fw: Important - or - Please Respond) or are about things you weren't expecting.\n\n3) Be cautious with links and attachments. Spoofed messages often direct the reader to malware sites. Don't click links or open attachments unless you're 100% sure they're legitimate. If you have any doubt, check with the Cornell person whom you believe sent you the message. \n\n4) Messages to groups and email lists can be spoofed too, so also be cautious with those messages.\n\n5) If you believe you were tricked by a spoofed email into clicking a potentially dangerous link or attachment, please contact Cornell's IT Security Office at security-services@cornell.edu\n\n6) Watch "Essentials to Avoid Online Scams," a 7-minute Cornell video, to get more tips on how to spot and avoid getting deceived by fraudulent email: http://www.it.cornell.edu/customcf/iws_vid_gallery/view.cfm?vid=23 Be vigilant when reading your Cornell email -- we’re in the midst of a spoofing attack using Cornell email address. Spoofing is when the "from" address is forged by the sender so the message appears to come from someone else.\n\nCornell is taking steps to make it harder to spoof Cornell email addresses. Currently, there is no reasonable way to entirely prevent this behavior so the next best defense is individuals being aware of the problem.\n\nKey points to know:\n\n1) Your address, and the addresses of other Cornell people you know, may be faked. We aren’t seeing a pattern to whose addresses are being faked; it seems random. \n\n2) Be cautious with messages that appear to be from a Cornell person you know, but have a very simple subject (Fw: Important - or - Please Respond) or are about things you weren't expecting.\n\n3) Be cautious with links and attachments. Spoofed messages often direct the reader to malware sites. Don't click links or open attachments unless you're 100% sure they're legitimate. If you have any doubt, check with the Cornell person whom you believe sent you the message. \n\n4) Messages to groups and email lists can be spoofed too, so also be cautious with those messages.\n\n5) If you believe you were tricked by a spoofed email into clicking a potentially dangerous link or attachment, please contact Cornell's IT Security Office at security-services@cornell.edu\n\n6) Watch "Essentials to Avoid Online Scams," a 7-minute Cornell video, to get more tips on how to spot and avoid getting deceived by fraudulent email: http://www.it.cornell.edu/customcf/iws_vid_gallery/view.cfm?vid=23 2015-10-06 00:00:00