With thousands of employee, retiree, faculty, and other email accounts moving to Google Apps at UD from the failing Mirapoint servers (the mail.udel.edu service), we’ve not had a chance to update this blog in a while.
Actually, some people have reported seeing less spam and phishing traffic in their inboxes since they moved from mail.udel.edu to Google Apps at UD. In fact, the phishing scam shown below is the first one some have seen in weeks:
Click the image to see a larger version.
It’s not a very convincing scam. Non standard punctuation and capitalization–our favorite obvious typo: “information’s.” Oh, and we have not outsourced our email support to jimdo.com or anyone else.
See this message? Just delete it.
No Comments »
We’re getting multiple reports of phishing attempts like the two below. I’m pleased that so many of our clients are recognizing them as phish. As one professor emailed me, “it is nice to know that our webmail is being maintained by restaurants in Portugal.”
Below are two versions of the phish.
Phish version 1:
From: UDEL.EDU <faragshakeekal@tnctr.com>
Subject: Helpdesk@Udel.edu
Date: April 5, 2013 12:37:28 PM EDT
To: undisclosed-recipients:;
Your Mailbox Quota disk exceed 500GB limits set by our Webmail Service Administrator. You may not be able to send or receive new messages until your Mailbox size is reset. To expand your Mailbox disk Quota click the below web link
http://restaurantes-em-portugal.com/phpform/use/Udel.edu/form1.html to correct your account informations.
Sorry for the Inconveniences.
Helpdesk@Udel.edu
©2013
Phish version 2:
From: Isabella Welch <isawelch@UDel.Edu>
Sent: Friday, April 05, 2013 12:12 PM
Subject: Helpdesk@Udel.edu
Your Mailbox Quota disk exceed 500MB limits set by our Webmail Service Administrator. You may not be able to send or receive new messages until your Mailbox size is reset. To expand your Mailbox disk Quota click the below web link
http://restaurantes-em-portugal.com/phpform/use/Udel.edu/form1.html to correct your account informations.
Sorry for the Inconveniences.
Helpdesk@Udel.edu
©2013
See messages like these? Delete them.
Fall for a phish and provide your UDelNet ID and password? Go to www.udel.edu/network and change your password immediately. If you are unable to do so, contact the IT Support Center.
Comments Off
It may look like an official UD notice–but it’s a scam.
Email claiming that there’s been an update to UD email update is a scam. Click the smaller image for a larger version.
How can you tell?
If you read carefully, you’ll see that the email talks about UD Webmail and apparently gives a URL for use by UD Exchange users. Further, if you are using a computer, you can hover your mouse over the links and see that they really would take you to a pharming site to harvest your UD Account information.
Oh, look! The email warns you, “Beginning on Wednesday, March 27th, 2012, the new webmail application becomes the default for all users.” But today is Wednesday, March 27, 2013.
And they got the URL wrong for the IT Support Center. And that fake URL would lead to the pharming site anyway.
See this message or one like it? Just delete it. Log in to the UD email service you use in the usual way to check on your account. Alternatively, contact the IT Support Center if you have a question.
Think B4 U click!
Comments Off
PayPal says I paid WHAT!?!
Click to view larger image.
Don’t fall for it. The immediate reaction may be to click one of the links in the email, but avoid this temptation. Clicking could lead to a page, where you unknowingly type in your PayPal password because you think you are logging into PayPal.
Instead, open a new browser window and manually type the PayPal URL [paypal.com] to ensure you access the real site. After logging into your account, check your transaction history. If something is off, contact PayPal using the methods available on the legitimate PayPal web site. DO NOT use the methods in the phishing email, unless the charge was legitimate.
Though this email looks legitimate, let’s look at some of the obvious indicators that it is a phishing scam:
- All of the links in the email are the same. Therefore, no matter where you click you’ll end up right where the scammers want you to be.
- PayPal’s email address in the “From” section is NOT a PayPal email. Typically, email from PayPal use service@paypal.com or member@paypal.com [see image #1]
- A PayPal receipt always includes the recipient’s shipping address. However, in this example, the scammers only included the seller’s shipping address. [see image #2]
- A big warning sign should be the product listed as purchased. If you know you didn’t buy it–or spend that much money on anything using PayPal–or don’t even have a PayPal account, be weary of anything inside of that email.
- PayPal will use your name in the email when addressing you (i.e. “Hello Jane Smith”–not your email address).
- The information in the footer of the email is different from the information PayPal uses in the footer of their transaction receipt emails. [see image #3 for the CORRECT footer info.]
#1: Not a typical email address used by PayPal
#2: That is definitely not my address!
#3: This is what a REAL PayPal email footer looks like.
Comments Off
In my email this morning, I just learned that someone tweeted a picture of me!
Not so fast. It’s email from a scammer impersonating a legitimate twitter account to get me to surrender my account information.
Click the image to see a larger version.
Even though the email appears to have come from twitter (the fake domain “postmaster.twitter.com”), it’s a phish. It’s not legit. Someone has spoofed a legit twitter account and standard twitter traffic, trying to social engineer your response: “Oh goody! A picture! [Click bit.ly link.]” If you follow the link in the email, you’d see a forged twitter page. The design and images make the page look just like twitter’s login screen, but look carefully at the URL:
Click the image to see a larger version of this forged twitter login page. Look carefully at the URL….
This scam points to the need for caution in following “shortened” links and to the need to Think B4 U Click! This scam is designed to make you so happy that one of your twitter contacts has posted a picture of you that you’ll just react by clicking the link, thinking you need to log in to twitter using the fake screen and–boom!–the scammer has captured your twitter username and password.
This scam probably originated with a legitimate account being compromised. Therefore, if you receive a phishing scam like this one, notify the real holder of the twitter account about the phishing attempt.
If you fall for this scam, log in to twitter.com and change your password immediately. If you cannot change your password because the scammer has already changed it, contact twitter to report that your account has been compromised.
Comments Off
Entries (RSS)