When the folks I work with at OPLIN suggested this topic, my first reaction was “Isn’t that too basic for MeanLaura to be covering?” All of my colleagues assured me, sadly, that it wasn’t. And then I, too, was sad.
You’ve almost certainly heard the word “phishing” before. Chances are you even know what it is: it’s a form of Internet fraud, where someone pretends to be from a legitimate organization or business and attempts to gain confidential information, such as credit cards or passwords, from you.
It’s not a new practice, yet even librarians here in Ohio are apparently susceptible. There have been recent phishing attempts to gain access to OPLIN webmail. These are typically emails sent to individual library staff, claiming to be from OPLIN. In the emails, the sender asks for items such as passwords and even date of birth, sometimes even accompanied by threats of immediate deactivation of the email account for non-compliance.
Below, two real examples of phishing emails OPLIN has been made aware of:
This is to complete your account verification process of the past year for the maintenance of your Webmail account. You are required to respond to this message and enter your ID and PASSWORD space (*******). You should do so before the next 48 hours of receipt of this email, or your account will be deactivated and deleted from our database. Full Name: Webmail User ID: Webmail Password: Confirm Password: Date Of Birth: Your account can also be monitored;https://mail.oplin.org/webmail/src/login.php ©2008-2010 Ohio Public Library Information Network.
THIS MESSAGE IS FROM OUR TECHNICAL SUPPORT TEAM This message is sent automatically by the computer. If you are receiving this message it means that your email address has been queued for deactivation; this was as a result of a continuous error script (code:505)receiving from this email address. Click here <http://xjnfuab.tk/> and fill out the required field to resolve this problem Note: Failure to reset your email by ignoring this message or inputting wrong information will result to instant deactivation of this email address
What does this mean to me, Laura?
- OPLIN will NEVER send an email asking for your password. NEVER EVER.
- If OPLIN does contact you, we will identify ourselves. All of us have email signatures with our identifying information. Some of us have long signatures!
- There are only 5 of us at OPLIN. So an email is generally either from one of us, or from firstname.lastname@example.org (this does not include listserv emails, which are a different beastie).
- If a police officer shows up at your home, you have the right to keep him/her waiting outside while you call your local police department and verify if they actually sent someone. Email is the same way. Feel free to contact OPLIN directly to verify if we sent an email before clicking anything or responding.