2014-04-17_0933We’ve seen these scams before. Every so often, a non-UDel email account messages you to inform you that your mailbox is almost full. Unfortunately for them, these would-be scammers make so many mistakes that it’s hard to believe they’re still in business.

First, the message tells you that your mailbox is using 20GB out of 23GB. The numbers don’t match up; UDel accounts get more storage space than that. You can always check the fullness of your mailbox in the bottom left corner of your email page.

Second, the message is obviously a mass email. It uses a generic “Dear Web-mail User” salutation rather than your actual name. You’re all in UD’s system. We know everything your names.

Third, the message later tells you that you need to log in (well, that you need to “Re-login”) with your credentials in order to update. You shouldn’t be updating anything if your mailbox is full. You should be deleting old messages.

The formatting of the email doesn’t match UD’s standards, either. The wording and conventions are different, and you can check this email against any official UD message to see the differences.

Oh, and for those who don’t know, 3GB is still a lot of space in an email system. To put that number into perspective, 1000 emails of typical lengths barely approach .5GB collectively. If your mailbox has 20GB of space used up, you’re probably way overdue on your spring cleaning.

Comments No Comments »

Bk8f1MQCUAA6dzYEveryone who’s been online in the past couple days knows the net has basically been on fire. News about the Heartbleed Open SSL exploit is all over the place, and people are scrambling to change their passwords. But maybe we shouldn’t be so hasty – not everything has been compromised, and not every email is legit.

For example, we had lots of people calling in about the email sent out on the 9th instructing UD members to change their passwords. Many of you astutely noticed that the provided link was wrong, and we’re glad to see the UD community is alert for the signs of phishing scams. This brings up two important points.

First, be wary of emails containing links. Although it sometimes happens, legitimate organizations generally shouldn’t put links in their security emails. Instead, they should instruct you to visit their websites and take actions there. If you get an email containing a link, verify the actual link destination by hovering your mouse cursor over the link and reading the destination in the bottom left of your screen. Don’t assume that the link text points to a legitimate site.

Second, make sure you can verify the information in the email. While UD’s own email did contain a misspelled link, the information it provided could be verified by a UDaily article and by the UD IT Heartbleed info page. The CAS page (through which you sign in to UDSIS) also displays a reminder about password changes. If an email instructs you to change your password or take an action related to your account, make sure you check that the information is correct and legitimate.

Some people have even been getting emails about sites with which they don’t even have accounts. This post on SANS’s forums is a perfect example.

So remember to be careful when changing your passwords this week. It’s always better to go directly to the affected website than to click a link in an email. Otherwise, you could be giving scammers your new login info and getting some malware in return.

Comments No Comments »

The AT&T vishing scams are still going around. AT&T subscribers are reminded to visit only the official AT&T website, www.att.com, for matters concerning their phones or billing statements.

Below is a list of caller numbers confirmed to be vishers:

  • (800) 750-1231
  • (800) 296-1986
  • (800) 277-5319
  • (800) 157-2868
  • (800) 324-1933
  • (800) 194-1207
  • (800) 144-2591
  • (800) 970-2089

If anyone calls to inform you that you’ve been awarded credit or a discount on your next month’s billing statement, just hang up. Do not visit the link they provide.

Comments No Comments »

Screen Shot 2014-04-08 at 4.48.06 PMThe phishing scams are back. This one is better than most, but it’s definitely fake.

This phish was reported to us with the HTML written in plain text, so I’ve recreated the email minus the gibberish and plus the formatting.

First, the email opens with a generic greeting that uses some odd formatting. The words are all capitalized, and the “Dear All” is uncharacteristic of University correspondences.

The message has some grammatical errors, and it also uses British English (see “recognise” and “Centre” in the last paragraph). Last I checked, we’re on the western end of the pond, so we’re using American English.

The provided link directs you to http://nss.udel.edu.passfans.ir/, which is a carefully replicated version of a legitimate UD domain. When you read URLs, the domain will always be followed by a “/” and the rest of the URL. UD’s legitimate domain is “nss.udel.edu,” but the domain in message’s link ends in “passfans.ir.” Always read the domain until the backslash; phishers will use periods and misspellings to mimic legitimate URLs and trick unsuspecting users.

This phish is dangerous precisely because it seems so real. It uses UD information and attempts to recreate a UD website, but careful reading exposes this as an elaborate scam.

Comments No Comments »

spamSome of us are gamers, and some of us gamers have been waiting for Grand Theft Auto V’s PC release.

Unfortunately, phishers have taken this opportunity to scam unsuspecting PC gamers by providing what appears to be a PC beta key for GTA V. IGN, Trend Micro, and plenty of other gaming and computer security groups have already spotted and jumped on the hoax. The image on the left comes from Trend Micro and shows what one of the beta scam emails might look like.

The email, which is poorly written, attempts to get you to download a .zip file to get your beta key. Anyone who’s received a legitimate beta key via email knows that it’s common practice to provide that key in plain text in the body of the email. Downloadable beta attachments are never provided by legitimate game producers.

Keep an eye out for this one. GTA may include gunpoint robbery, but backdoor theft is just as real a threat.

For more information, check out IGN’s article (bonus points if you already knew about this article from the @ITatUD Twitter feed).

Comments Comments Off