Phishing Scams Seen at UD

We all recognize email like this one as a phishing scam, right?

• No legitimate company is going to send a billing notice to a list of customers with all the customer’s email addresses visible to each other.
• Standard shock treatment. You’re supposed to react, “Oh, No! Someone charged over $1300 to my AmEx card to pay their phone bill!” Then click the link to let the scammers harvest your personal info. Don’t fall for the scam:
  
  

  Click the image to see this scam full size. Note that the link doesn't go anywhere Verizon would want you to go. Nor where you should go.

• See this scam? Delete it.
• Not sure if a message like this one is a scam? Log in to your account at the alleged sender’s Web site and check your account.
• Fall for this scam? As soon as you can, contact the companies or institutions whose account information you provided to the scammers.

Last month, Skidmore College reported seeing some identity theft scams using Google Docs forms. This week, we’ve just started seeing Google forms used as the “pharming” site behind phishing scams at UD.

Several people reported receiving email that looked like this message:

From: “info centre”
Subject: info centre..
Date: May 9, 2012 5:15:44 AM EDT

Hi,

You have received a private message from your old friend who wished to get back in-touch with you. Please use the UDEL Private link below to login and view your message and possibly get in contact with your old friend.

https://docs.google.com/spreadsheet/viewform?formkey=dGMyGoogleKeyDeletedSoNoOneClicksOnItQ

Sign,
Mrs. Mary. George
413 Academy Street
University of Delaware
Newark, DE 19716
© 2012 University of Delaware

• Don’t click the link. Just delete this message.
• Last time we checked, UD was in a part of the English-speaking world that spells center with an “er” at the end, not an “re.”
• If an alumni office is brokering a possible reconnection between two long lost alum, they usually include the name of the person trying to reach you.
• Doing a quick UD People Search, we didn’t find any “Mary George.”
• If someone at UD sends you a Google form to complete, it will have a URL that would start with a string like this one:

  https://spreadsheets.google.com/a/udel.edu/spreadsheet/

  If you’re curious, the pharming phorm looks something like this:
  

  • Did you provide your UDelNet ID and password using this phorm? If so
    Change your UDelNet password immediately.
  • Contact the IT Support Center if you are unable to change your password or have other suspicions that your account has been compromised.

There are plenty of other signs that this is not legitimate email.

Just delete it.

UD will never send out email like the message below. Besides, look where the log in link goes!

Just delete it.

UD Header bar does NOT make this a legitmate message.

Over night, UD inboxes were flooded with email like the one shown below:

Spam message from "weavespace.com"

Don’t follow the link. Don’t “sign up.” Do delete the message.

A quick Web search shows that other schools (UCLA, Michigan, and Penn, for example) have seen similar spam on their campuses. No one reports this as a “phishing scam.” We think it’s an attempt to harvest email addresses for a spammers’ database or, at worst, a pre-phish.

If this spam is tied to a phishing scam, the scammers may be counting on you signing up for this “UDel collaborative space” [sic] using the same password you use for your real UD account, another account, or your computer. In short, it may be an attempt to harvest an account and password for later attempts at identity theft, fraud, or bot attacks.

Our advice:

1. Delete the message.
2. Do not follow the link or sign up for the “service.”
3. Practice safe password management. Specifically, don’t use your UDelNet password on other services.