This university's IT department regularly sends out warnings about scammers and phishing, since some students and faculty fall prey every semester, says a pilot fish on the scene.
"One day our email quantity alarm went off, and we found that Dr. John Smith's account was sending 500 emails an hour to various addresses," fish says.
"So we called Dr. Smith and let him know that his account had been compromised. He reported that he got an email from IT that said, 'We need your username and password to verify your account.' I then listened politely to a short lecture about how 'you people should encrypt those emails, so people wouldn't steal the passwords.'"
Fish explains that IT would never ask for a user's password, since IT doesn't need it, and that the email was bogus.
Dr. Smith grumbles still more as fish explains that his account is now locked and he'll have to go to the password reset page in order to regain access to his email.
Problem solved.
At least until an hour later, when the alarms start again. Fish's first assumption is that the phishing that caught Dr. Smith has grabbed someone else too.
Nope -- seems that Dr. Smith's account was again compromised. The phishers apparently noticed that the password was changed, so they sent another 'Verify account' message.
Very clever, fish thinks. But he still has to call Dr. Smith again and remind him that IT would never ask for his password.
Problem solved?
Not a chance. Three hours later, the alarms go off again. Same account. Same 'Verify account' message.
"Rather than call back Dr. Smith, I contacted a university administrator who had more letters after his name than Dr. Smith," says fish. "I explained the issue and he said, 'I'll take care of it.'
"Problem really solved, I thought -- until I got a call back from the administrator. He said, 'I talked to Dr. Smith, and he will be more careful. But you guys should really encrypt those emails asking for passwords...'"
Sharky has a new letter after his name every weekday. Send me your true tale of IT life at sharky@computerworld.com. You'll snag a snazzy Shark shirt if I use it. Add your comments below, and read some great old tales in the Sharkives.
Get your daily dose of out-takes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.