The wording on this one doesn’t really make sense, if you read it carefully. But I’m sure someone will fall for it.
See this message? Delete it! Don’t click the link! (Click this image to see a larger copy of the image.)
If you follow the link, you are taken to an attractive looking site with a form to fill out to “upgrade your email account.” If you do, and if you submit the form, you will have just surrendered your email account to the phishers. If you fell for it, change your password immediately. If it’s your UDelNet account you just shared with the phishers, then go to the UD Network Page to change your password. If you are unable to do so, contact the IT Support Center immediately (Help Request Form, 302-831-6000).
No Comments »
With thousands of employee, retiree, faculty, and other email accounts moving to Google Apps at UD from the failing Mirapoint servers (the mail.udel.edu service), we’ve not had a chance to update this blog in a while.
Actually, some people have reported seeing less spam and phishing traffic in their inboxes since they moved from mail.udel.edu to Google Apps at UD. In fact, the phishing scam shown below is the first one some have seen in weeks:
Click the image to see a larger version.
It’s not a very convincing scam. Non standard punctuation and capitalization–our favorite obvious typo: “information’s.” Oh, and we have not outsourced our email support to jimdo.com or anyone else.
See this message? Just delete it.
No Comments »
We’re getting multiple reports of phishing attempts like the two below. I’m pleased that so many of our clients are recognizing them as phish. As one professor emailed me, “it is nice to know that our webmail is being maintained by restaurants in Portugal.”
Below are two versions of the phish.
Phish version 1:
From: UDEL.EDU <faragshakeekal@tnctr.com>
Subject: Helpdesk@Udel.edu
Date: April 5, 2013 12:37:28 PM EDT
To: undisclosed-recipients:;
Your Mailbox Quota disk exceed 500GB limits set by our Webmail Service Administrator. You may not be able to send or receive new messages until your Mailbox size is reset. To expand your Mailbox disk Quota click the below web link
http://restaurantes-em-portugal.com/phpform/use/Udel.edu/form1.html to correct your account informations.
Sorry for the Inconveniences.
Helpdesk@Udel.edu
©2013
Phish version 2:
From: Isabella Welch <isawelch@UDel.Edu>
Sent: Friday, April 05, 2013 12:12 PM
Subject: Helpdesk@Udel.edu
Your Mailbox Quota disk exceed 500MB limits set by our Webmail Service Administrator. You may not be able to send or receive new messages until your Mailbox size is reset. To expand your Mailbox disk Quota click the below web link
http://restaurantes-em-portugal.com/phpform/use/Udel.edu/form1.html to correct your account informations.
Sorry for the Inconveniences.
Helpdesk@Udel.edu
©2013
See messages like these? Delete them.
Fall for a phish and provide your UDelNet ID and password? Go to www.udel.edu/network and change your password immediately. If you are unable to do so, contact the IT Support Center.
Comments Off
In my email this morning, I just learned that someone tweeted a picture of me!
Not so fast. It’s email from a scammer impersonating a legitimate twitter account to get me to surrender my account information.
Click the image to see a larger version.
Even though the email appears to have come from twitter (the fake domain “postmaster.twitter.com”), it’s a phish. It’s not legit. Someone has spoofed a legit twitter account and standard twitter traffic, trying to social engineer your response: “Oh goody! A picture! [Click bit.ly link.]” If you follow the link in the email, you’d see a forged twitter page. The design and images make the page look just like twitter’s login screen, but look carefully at the URL:
Click the image to see a larger version of this forged twitter login page. Look carefully at the URL….
This scam points to the need for caution in following “shortened” links and to the need to Think B4 U Click! This scam is designed to make you so happy that one of your twitter contacts has posted a picture of you that you’ll just react by clicking the link, thinking you need to log in to twitter using the fake screen and–boom!–the scammer has captured your twitter username and password.
This scam probably originated with a legitimate account being compromised. Therefore, if you receive a phishing scam like this one, notify the real holder of the twitter account about the phishing attempt.
If you fall for this scam, log in to twitter.com and change your password immediately. If you cannot change your password because the scammer has already changed it, contact twitter to report that your account has been compromised.
Comments Off
People are reporting dozens of different phishing scams in UDel.edu mailboxes. A lot of the phishing messages are coming in with a subject line of “Technical Support” or “Webmail Alert!” and appear to come from elbt@udel.edu, helpdesk@udel.edu, webmaster@udel.edu, all spoofed addresses. These messages are not from UD. Delete them.
Here’s a sample of one of the many we’re seeing:
From: University of Delaware <eblt@UDel.Edu>
Date: February 21, 2013 5:56:55 PM EST
To: yourid@UDel.Edu
Subject: Technical Support
You could be infected with spyware. Press this link to protect your account.
University of Delaware Email Team
If you are reading email on a computer and if you “hovered” your mouse over the link, you would see that it does not take you to a udel.edu Web site. It’s a fraud. You are supposed to fear spyware so much that you’ll click the fraudulent link without thinking.
If you’re using a mobile device, don’t follow the link in any unsolicited email.
Remember, the University of Delaware will not send you email that asks you to follow a link to fix your account, nor will we ever send email asking for your account password.
Look at some of the other sample messages at this site, read our most recent UDaily article about phishing, explore some of the resources linked from this site. Above all else…. Think B4 U click!
Comments Off
Entries (RSS)