Greetings from Mael Eoin mac Echuid,  Interim EK ​Webminister

The webministry has had a report of a phishing attempt on a Kingdom officer this week, and figured it’d be a good time to remind all those who have an East Kingdom email address of the following:

No one in the East Kingdom Webministry will ever ask you for your password or *especially* not for other non-SCA personal information via email.  We never need your password from you; we can reset it for you if you need it, but we don’t ever need to _know_ your password for anything.  Anyone who asks for it is not representing the Kingdom or this office.

Here’s is an example email, broken down into pieces, with some hints and comments:

Subject: Scheduled Maintenance & Upgrade
Date: 2017-08-14 14:28
From: Help Desk <jsmith@royalfair.org>
First off, notice the “From” line.  jsmith@royalfair.org isn’t official, and nothing official would be coming from a personal email address.
All official correspondence – not just from our office, but all official emails – come from @eastkingdom.org addresses.  So if you don’t see @eastkingdom.org, don’t trust the email.

Your account is in the process of being upgraded to the newest Windows-based servers and an enhanced online email interface inline with internet infrastructure Maintenance. The new servers will provide better anti-spam and anti-virus functions, along with IMAP Support for mobile devices to enhance your usage.
They throw jargon around here.  Some of it even makes sense, but the long and short of it is that if this were the Webministry, we would use more user-friendly language to explain what was going on.
To ensure that your account is not disrupted but active during and after this upgrade, you are required to kindly confirm your account by stating the details below:
* Domain\user name:
* Password:
No. Never.

We know your username and we don’t ever need your password.

Customer Care Team
This is also a red flag. Whoever is sending the email will sign it with their SCA name and title/role in the Webministry.  You can look us up on the EK wiki, reach out to us on Facebook or via email, but you will _always_ have a name to associate with any email we send out.
If you aren’t sure, forward the email to us with a note.  Don’t reply to the email, it’ll signal that they successfully reached a live account and they might keep trying.​

To sum it up:
    •  Phishing emails are passive attempts to  
      ​get access to your account for malicious purposes (hacking, spamming, etc.).
  • Sometimes they’re terribly obvious, sometimes they’re devious and seemingly on​-point.
  • Everyone gets these and everyone’s susceptible to believing them, sooner or later. Even experienced technical folks 🙂
  • When in doubt, send it to us.
​Hope this helps, and if there’s ever anything we can do, or questions we can answer, please reach out​ via http://helpdesk.eastkingdom.org or webminister.eastkingdom,org
​In Service,
Maistir Mael Eoin mac Echuid
Interim EK ​Webminister