Dear Colleagues:

As we begin this new quarter and New Year, I'd like to ask your help in preserving the integrity of campus email accounts and electronic resources that support our mission of education, research, community service, and patient care.

During the last few weeks, there have been an increasing number of compromised UC Davis email accounts that are being used to send spam. We disable these accounts as soon as we are able to determine there has been a problem. However, in most cases, enough spam has been sent from the compromised accounts to cause Internet Service Providers (ISPs), such as Comcast, Hotmail, and Yahoo to block all email from all UC Davis email addresses and to list the campus outgoing email servers on their Real-time Block Lists (RBLs). This severely impedes the ability of the campus to communicate and conduct business with our students, faculty, research partners, and staff, as well as with our external customers and vendors.

In almost all of these cases, the compromised accounts are the result of a legitimate UC Davis community member responding to a scam email message requesting their username (also called login or loginID) and password. When this information is requested by a scammer asking for a reply email message or to enter the information in a non-campus affiliated Web site, it is a scam called "phishing." (For more information on phishing, please see http://security.ucdavis.edu/ )

Please be assured that UC Davis will NEVER ask you to provide your username and password via email or telephone. ANY request for this information is a phishing scam. It is vital that you DO NOT RESPOND TO THESE REQUESTS--even if they appear to come from an email address ending with ".ucdavis.edu". Remember: If just one member of our community responds, the integrity of the campus electronic communication resources that we all depend on is put at risk.

If you are ever in doubt about an email message, please call the IT Express Computing Services Help Desk at 530-754-HELP (4357) BEFORE responding. If you think you have provided your password or other personal information in response to a phishing scam, contact IT Express immediately.

The Health System Lotus Notes email application "ucdmc.ucdavis.edu" has not experienced any blocking from ISPs thus far; however, Health System staff should also be vigilant regarding phishing messages because any email system has the potential to be blocked if phishing responses occur. If you have any concerns or questions regarding the Health System Lotus Notes email application, please contact the UCDHS IT Help Desk at 916-734-HELP (4357).

Thank you for your help, and best wishes for a productive 2009.

Sincerely,

Peter M. Siegel
Vice Provost-Information and Educational Technology
And Chief Information Officer