We’ve seen these scams before. Every so often, a non-UDel email account messages you to inform you that your mailbox is almost full. Unfortunately for them, these would-be scammers make so many mistakes that it’s hard to believe they’re still in business.
First, the message tells you that your mailbox is using 20GB out of 23GB. The numbers don’t match up; UDel accounts get more storage space than that. You can always check the fullness of your mailbox in the bottom left corner of your email page.
Second, the message is obviously a mass email. It uses a generic “Dear Web-mail User” salutation rather than your actual name.
Third, the message later tells you that you need to log in (well, that you need to “Re-login”) with your credentials in order to update. You shouldn’t be updating anything if your mailbox is full. You should be deleting old messages.
The formatting of the email doesn’t match UD’s standards, either. The wording and conventions are different, and you can check this email against any official UD message to see the differences.
Oh, and for those who don’t know, 3GB is still a lot of space in an email system. To put that number into perspective, 1000 email messages typically approach 0.5GB collectively. If your mailbox has 20GB of space used up, you’re probably way overdue on your spring cleaning.
No Comments »
It’s amateur week in the cybercriminal world, apparently.
This phish comes to us courtesy of a ticket filed by a member of the UD community. Note the vague, unprofessional opening and the poorly-written text that follows it.
The email tries to suggest that your account will be disabled because it was logged in (or, as the phish says, “Login”) to multiple devices. For those of you who have two computers, or who have accessed your email via your smartphone, you already know that multi-device login is a fairly common practice.
Although the email was sent to a Gmail user, the provided link does not point to a Google domain, which is a huge red flag. Instead, it points to a .co site. The “administrativeupgrade” slug in the URL also doesn’t make any sense in this context.
Even the little phish can pose a threat, though. Whether it’s something like this or a more professional phish, don’t click any suspicious links, and report phishing attempts to us at http://sites.udel.edu/phishing/report-a-phishing-scam/.
Did you know you’ve exceeded your email storage limit? Well, you probably haven’t, but these scammers would like you to believe otherwise.
This phish comes to us from firstname.lastname@example.org. You’ll notice that this address isn’t a udel.edu one, yet it’s attempting to represent UD. That’s red flag #1.
The email also calls you “University of Delaware Webmail subscriber” instead of your actual name. UD systems know your name (I know, soon it’ll turn into Skynet, but we aren’t there yet). Red flag #2.
Our friend, cmorales, also encourages you to click a link to zednet.php5.sk, which obviously isn’t a udel.edu domain. Oh, and why are we asked to verify our accounts through shady external websites if we’re over our storage limit? Shouldn’t we just delete some emails? Red flag #3.
So after all of that, where are we? Hopefully still looking at this email. If you aren’t, and if you clicked the link, you’ll have seen a page like the one on the left. In the unfortunate event you gave cmorales your UDel email information, you should go to www.udel.edu/network/ (note the udel.edu domain name) and change your email password ASAP. If you can’t, call the IT Support Center at (302) 831-6000 or submit a help ticket at http://www.udel.edu/it/help/request/.
As the snow and ice at UD begin to melt, more phish are making their way here.
Pretty standard stuff. First, if this actually came from whoever manages your email, it’d have your name on it.
The link goes to tripod.com, which is a pay-to-use web hosting service. UD systems are hosted on udel.edu. No system emails will ever come from pay-to-use domains, so beware of links to outside sites.
Now, after you’ve read the email, you’ll realize the subject and content don’t match. If your mailbox was almost full, why would the email content warn you about suspicious account activity?
To top it all off, there are plenty of spelling and grammatical errors throughout. For example, “with 24hour” (oh, time limits are another common phishing trick; they create a false sense of urgency).
It’s best to let phish like this swim past you. For more posts about scams like this one, check out the Email Accounts category on this blog.
This morning, some standard phish were swimming into UDel inboxes. Here’s a screen shot of one that amazes me — not a particularly good one, but the scammers find that it still works:
Click the image to see a larger version.
We’ve highlighted some of the tell-tale signs, so that even if you didn’t know your email quota is higher than that mentioned in this scam, you can see what to look for. The non-UDel URL you see when you hover your mouse over the link is a dead giveaway. Ditto getting email about your email from someone at “snead.edu.” And why would UD be sending you email with the word “Warning” marked as a trademark? And marked as copyrighted by Microsoft?
Speaking of reminders, the SANS tip of the day at the website is a succinct summary of what to look for in phishing scams. It also includes links to two quizzes to help you see if you can recognize a phishing scam:
- Washington Post Phishing Quiz
- SonicWALL Phishing IQ Test
Two fun quizzes to improve your “Phishing IQ”!
Bottom line: When you get email with a link in it or asking for personal information or telling your to “click here” to fix a problem with your account, take a minute to examine the message. Think B4 U Click!