University of Maine at Augusta

AugustaBangorOnlineCenters Statewide

Phishing Example

This is an example only

The email below is an example of how realistic a phishing attempt can look.  Always remember that no one should ever need your password.  Never give your password to anyone, especially if they ask for it in email. This email was made to look official with the use of the University System address and a few other tricks.  If you are not sure, contact the UMA Helpdesk at 621-3475 or 888-867-5434.  

This is an example only

From: MaineStreet Account Emergency Recovery Team mainestreet.recovery@gmail.com
To: MaineStreet Account Emergency Recovery Team <mainestreet.recovery@gmail.com>
Subject: Emergency Account Recovery – Action Required

 

Dear Student,

The University of Maine System has a sophisticated student account system, which is usually tested thoroughly.

However, today (May 4, 2016) around 5:12 PM faulty code was accidentally deployed to the production server without proper testing.

What the consequences are:

This lead to the failure of our main database, which stores tuition payment history, degree progress and personal information. As the result of the failure, wrong binary data was written to the hard drive that hosts the database itself, and a few tables/columns were damaged.

As of 11:00 PM, a little over 1000 students and faculty member’s records partially lost their encrypted password and some other critical information.

All records in the database are encrypted based on the password, so with the password being corrupted, it will be impossible to restore the data.

 

What should you do:

A group of faculty members wrote an application to accept the missing information from students and import it back to the database.

To help us restore the data as soon as possible, we require your date of birth (MM/DD/YYYY), student ID (XXXXXXX) and the MaineStreet password being sent as the response to this letter in the following format:

MM/DD/YYYY::XXXXXXX::PASSWORD

Nothing else should be in the email, otherwise it might not be processed by the server.

 

Is it safe?

Yes. We usually don’t ask our students to help us out, but this is an exceptional case when everybody has to act quickly in order to restore the data.

We’re asking you for your student ID to confirm your identity, and the form will be processed by the server, so no one from the University’s personnel will have access to your response. All emails will be deleted forever as soon as the data is imported to the database, and data integrity is ensured.

However, we promise that this is the last letter asking you for your credentials. After this, we will implement the third layer of database backup, so no emails from MaineStreet asking for your personal information are not legitimate.

 

How soon should you act

As soon as possible. Our servers perform full database backup daily at 3:00 AM, and after tomorrow’s backup is done, some of the data will not be accessible anymore. This is critically important to respond now.

We sincerely apologize for the inconvenience and appreciate your help in this emergency situation.

Thank you,

 

MaineStreet Account Emergency Recovery Team
This letter is generated and processed by a robot. 100% confidentiality is guaranteed.
University of Maine System, 16 Central St, Bangor, ME 04401

 

This is an example only

University of Maine at Augusta