January 9 2014
We have had a report of a phishing scam that appears to come from a local librarian with the subject Library Account that may include the following text:
Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once! To reactivate your account, simply visit the following page and login with your university account. After logging in, your account is reactivated and it will redirect you to your Library Account.
It is then followed by a link that appears to be http://mylibrary.wrlc.org but is actually linked to a fake page that looks like the actual login page (it begins with "mylibrary...").
If a user enters information they will pass through to the mylibrary landing page, but their login credentials are also captured to the malicious site.
1. messages about account services do not come from local librarians.
2. they should always use secure access (https://mylibrary.wrlc.org)
3. they should never click a link in email unless the sender is personally
known to them *and* it is an expected message.
4. an additional safeguard is to always receive email as text rather than