There have been in recent weeks a lot of publicity about security incidents at Evernote, Microsoft, LinkedIn, and numerous others. In Evernote’s case they took the step of cancelling the passwords for all their customers and asking them upon next login to change to something new.
Now the bad guys are doing the same thing. I’ve received numerous emails from what appears to be O2, a large European mobile phone company.
The email has the subject “Changing your O2 Username”. It has embedded images which I did not load.
At first glance it looks legitimate. But then why would O2 want me to change my ID? I logged in to O2’s web site with my account info and they said nothing about this need. I looked further at the email headers and can see it originates from a server at rpi.edu, an American University.
Spam with unknown security implications. It plays on people’s fear of IT security. How many people will fall for this?