A phishing scheme currently afoot has been targeting ARRL members who have signed up for the ARRL E-Mail Forwarding Service and have an @arrl.net e-mail alias. An e-mail from “Arrl Webmail Admin” with the subject line “ACCOUNT UPGRADE” was received September 25 by an unknown number of members who use @arrl.net e-mail aliases. The e-mail, which requests that recipients reply by providing their usernames and passwords, did not come from the ARRL, and anyone receiving this sort of message should delete it and not reply. The ARRL would never distribute an e-mail requesting personal information.
“ARRL is aware of this phishing scheme and is working to block the sender’s e-mail address at our upstream provider,” said Andy Shefrin, KB1YHB, ARRL’s IT Infrastructure & Operations Manager. “As with any e-mails of unknown origin, do not open or reply.” Simply replying to this e-mail alerts the sender that your e-mail address is valid.
The bogus message indicates that access to @arrl.net account holders is being “removed” and accounts “upgraded to a new enhanced web mail user interface provided by arrl.net.” Recipients are being asked to provide usernames and passwords “to ensure your e-mail address book is saved in our database.” This is clearly an effort to harvest @arrl.net subscriber information and valid e-mail addresses.
Ignore any message of this sort that seeks to have recipients provide any sensitive information, such as usernames, account numbers, and passwords. If you experience any problem with e-mail forwarding, send details to the ARRL IT Department.