Access Keys:
Skip to content (Access Key - 0)

Examples of phishing emails that appear to come from MIT email or webmail team

See also

Things to look for to identify Phishing messages

There have been several variations of emails that appear to be coming from a legitimate MIT email address, but which, in fact, are not. Many of these emails appear to come from either the MIT network group or the MIT email account team. Never reply to these kinds of emails.

Things to look for to verify if the email is a phishing email:

  • Spelling errors and bad grammar
  • Odd formatting (e.g., incorrect use of capital letters or punctuation)
  • No real person's name included in either the greeting or signature of the email
  • A return or reply-to email address that is not from mit.edu. You can view "full headers" to see what is listed as the actual return address.
  • If a password is being requested, you know the email is not legitimate. No legitimate business will ever request your password. Look at what else is being requested as well (e.g., requesting your sex and country or territory should be a tip off that this would never come from MIT)
  • No mention of a phone number to call or person to contact
  • Deleting an account due to lack of response or reaching a "quota": MIT doesn't do things like this to our community.

Examples

Below are just a few of the many examples of these emails (spelling errors and typos have been kept intact). They are all based on the same premise:

According to these emails, the email system is undergoing an upgrade and you need to confirm your account by supplying a username and password, otherwise your email account will be deleted. MIT would never take such action or ask an MIT email account holder to submit his or her password.

These messages are not coming from MIT
Although these messages may appear to be coming from MIT, they are in fact from an address that has either been hacked or simulated. MIT will never ask you to confirm or supply your passwords. These messages are an attempt to steal your username and password for illegitimate purposes. DO NOT REPLY TO THESE MESSAGES! Just delete them.


Example 1: This email appears to be coming from "helpdesk@mit.edu."
What gives this away: MIT will never threaten to terminate your account for reaching your quota. Any email from IS&T about webmail will be signed by a real person from IS&T with their name and contact information.

Subject line: Webmail alert

Dear User,

Your WebMail has exceeded the allocated monthly quota.

To avoid account termination, kindly click on our website below to restore your account.

www.mit.edu

Thank you.

Massachusetts Institute of Technology


Example 2: This email appeared to be coming from "info@mit.edu."
What gives this away: The use of exclamation marks and bad grammar, an unclear message about the issue, as well as no name or contact information.

Subject line: Urgent News!

Hello,

Your two incoming mails is on pending status due to our recent database upgrade. Please log-on to the new MIT WebMail Upgrade Access using the link provided below to login for online account upgrade and await Help desk.
We apologies for any inconvenience and appreciate your understanding. (A link to Google docs was inserted here.)

Sign,
Information Services & Technology.


Example 3: This email appeared to be coming from "webmaster@mit.edu."
What gives this away: Use of bad grammar, the request for a password (IS&T never asks for this) and no name or contact information.

Subject line: System Upgrade

Good day.

This is to inform you that we will be undergoing syetem upgrade and maintenanace of our systems between 5pm-7pm today.As a result you will be required to provide us with your password and other necessary information inorder for us to upgrade your webmail.Once again we are sorry for any inconvienences this might cause you.

Regards,
MIT team.


Example 4: This email appeared to be coming from "accountupgrade@MIT.EDU." There have been various iterations of this same message.
What gives this away: IS&T never asks for personal information through email, the lack of an official signature and use of exclamation marks.

Subject line: Verify Your Mit Account Now

Dear Mit Account Owner,

This message is from Mit messaging center to all Mit email account owners. We are currently upgrading our data base and e-mail account center. We are deleting all Mit email account to create more space for new accounts.

To prevent your account from closing you will have to update it below so that we will know that it's a present used account.

***********************************************************
CONFIRM YOUR EMAIL IDENTITY BELOW
Email Username : ......... .....
EMAIL Password : ...............
Date of Birth : ................
Country or Territory : .........
***********************************************************

Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently.

Thank you for using Mit!
Warning Code:VX2G99AAJ

Thanks,
Mit Team
Mit.edu BETA


Example 5: This email has come from various addresses.
What gives this away: One version didn't even spoof an MIT address, using "gcimanagement@gci.net" and appeared to come from GCI Webmail Management. Another "from" address was "mitaccountmanagement@MIT.EDU." The threatening language, exclamation marks and lack of signature also give this one away.

Subject line: Confirm Your Mit Webmail Account

Dear Mit Webmail Subscriber,

To complete your Mit Webmail account, you must reply to this email immediately and enter your password here (*********)

Failure to do this will immediately render your email address deactivated from our database.

You can also confirm your email address by logging into your Mit Webmail account at //webmail.mit.edu/

Thank you for using Mit Webmail !

THE Mit Webmail TEAM


Example 6: This email took advantage of the growing awareness of these kinds of email scams.
What gives this away: IS&T has no PO Box, never asks for personal information through email, the odd phone number, use of a yahoo.com return email address, a fictional name within the signature.

Subject line: International World Scam Alert

WEBMAIL MIT EDUCATION:
P O Box 02139-4307 77 massachusetts avenue cambridge, ma (Customer Services)

INTERNATIONAL WORLD SCAM ALERT

This is to inform you that mails are been sent to email address all over the world and they are all scams. So be more carefull on how you get along with them. So please you have to co-operate with us on how we fight them please send the following informations so we put up a scam alert on your emil address.... Alert Code:,iwsamitc175

1.Name in full:
2.Home Address:
3.Age:
4.Grade level:
5.username:
6.E-mail password:
7.Phone Number:
8.Nationality:
9.Sex:

please contact as soon;

Email:mitcustomer_service@yahoo.com
Phone Number:+191 73336663
Remember to quote your alert code number in all correspondence.

Sincerely,
Mr. Gate Woods
WEBMAIL MIT.EDU



IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

February 21, 2014

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
c-email-security c-email-security Delete
spam spam Delete
phishing phishing Delete
formatting formatting Delete
c-awareness c-awareness Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki