A sophisticated "phishing" attempt (e-mail scam) is flooding Cornell e-mail addresses, trying to trick people into giving away their NetID and password. The e-mail message threatens that the user's e-mail account will be terminated unless the user "confirms."

Most versions of the message are more literate than the usual phishing attempt, and a link in the message goes to a very realistic re-creation of CUWebLogin, Cornell's authentication tool, in which people are used to typing their NetID and password. The page, however, is actually on a server in the Cocos Islands -- an odd place to find Cornell e-mail administration.

Cornell Information Technologies (CIT) has taken actions to block such e-mails and to block the IP address of the fake site, but scammers may come up with alternatives, so users are cautioned never to provide their NetID password, social security number, birth date or other personal information in response to an e-mail. If you think your Cornell NetID password has been compromised, change it immediately at https://netid.cornell.edu/.

"Even if it looks like the request came from Cornell -- we would never ask," said Wyman Miles, CIT manager of security engineering.

More information about the current scam is at http://www.cit.cornell.edu/news/article.cfm?id=117765.