With thousands of employee, retiree, faculty, and other email accounts moving to Google Apps at UD from the failing Mirapoint servers (the mail.udel.edu service), we’ve not had a chance to update this blog in a while.
Actually, some people have reported seeing less spam and phishing traffic in their inboxes since they moved from mail.udel.edu to Google Apps at UD. In fact, the phishing scam shown below is the first one some have seen in weeks:
Click the image to see a larger version.
It’s not a very convincing scam. Non standard punctuation and capitalization–our favorite obvious typo: “information’s.” Oh, and we have not outsourced our email support to jimdo.com or anyone else.
See this message? Just delete it.
No Comments »
We’re getting multiple reports of phishing attempts like the two below. I’m pleased that so many of our clients are recognizing them as phish. As one professor emailed me, “it is nice to know that our webmail is being maintained by restaurants in Portugal.”
Below are two versions of the phish.
Phish version 1:
From: UDEL.EDU <faragshakeekal@tnctr.com>
Subject: Helpdesk@Udel.edu
Date: April 5, 2013 12:37:28 PM EDT
To: undisclosed-recipients:;
Your Mailbox Quota disk exceed 500GB limits set by our Webmail Service Administrator. You may not be able to send or receive new messages until your Mailbox size is reset. To expand your Mailbox disk Quota click the below web link
http://restaurantes-em-portugal.com/phpform/use/Udel.edu/form1.html to correct your account informations.
Sorry for the Inconveniences.
Helpdesk@Udel.edu
©2013
Phish version 2:
From: Isabella Welch <isawelch@UDel.Edu>
Sent: Friday, April 05, 2013 12:12 PM
Subject: Helpdesk@Udel.edu
Your Mailbox Quota disk exceed 500MB limits set by our Webmail Service Administrator. You may not be able to send or receive new messages until your Mailbox size is reset. To expand your Mailbox disk Quota click the below web link
http://restaurantes-em-portugal.com/phpform/use/Udel.edu/form1.html to correct your account informations.
Sorry for the Inconveniences.
Helpdesk@Udel.edu
©2013
See messages like these? Delete them.
Fall for a phish and provide your UDelNet ID and password? Go to www.udel.edu/network and change your password immediately. If you are unable to do so, contact the IT Support Center.
Comments Off
It may look like an official UD notice–but it’s a scam.
Email claiming that there’s been an update to UD email update is a scam. Click the smaller image for a larger version.
How can you tell?
If you read carefully, you’ll see that the email talks about UD Webmail and apparently gives a URL for use by UD Exchange users. Further, if you are using a computer, you can hover your mouse over the links and see that they really would take you to a pharming site to harvest your UD Account information.
Oh, look! The email warns you, “Beginning on Wednesday, March 27th, 2012, the new webmail application becomes the default for all users.” But today is Wednesday, March 27, 2013.
And they got the URL wrong for the IT Support Center. And that fake URL would lead to the pharming site anyway.
See this message or one like it? Just delete it. Log in to the UD email service you use in the usual way to check on your account. Alternatively, contact the IT Support Center if you have a question.
Think B4 U click!
Comments Off
People are reporting dozens of different phishing scams in UDel.edu mailboxes. A lot of the phishing messages are coming in with a subject line of “Technical Support” or “Webmail Alert!” and appear to come from elbt@udel.edu, helpdesk@udel.edu, webmaster@udel.edu, all spoofed addresses. These messages are not from UD. Delete them.
Here’s a sample of one of the many we’re seeing:
From: University of Delaware <eblt@UDel.Edu>
Date: February 21, 2013 5:56:55 PM EST
To: yourid@UDel.Edu
Subject: Technical Support
You could be infected with spyware. Press this link to protect your account.
University of Delaware Email Team
If you are reading email on a computer and if you “hovered” your mouse over the link, you would see that it does not take you to a udel.edu Web site. It’s a fraud. You are supposed to fear spyware so much that you’ll click the fraudulent link without thinking.
If you’re using a mobile device, don’t follow the link in any unsolicited email.
Remember, the University of Delaware will not send you email that asks you to follow a link to fix your account, nor will we ever send email asking for your account password.
Look at some of the other sample messages at this site, read our most recent UDaily article about phishing, explore some of the resources linked from this site. Above all else…. Think B4 U click!
Comments Off
You have to be careful with all of your email accounts. For example, look at this classic that arrived in one UD employee’s Yahoo! email account:
We added a red arrow so you can see that the link in this message would NOT take you to a valid Yahoo! page. Click the image to see a larger version.
Most companies, banks, organizations, and universities do not send out email that asks you to click a link to validate your account. The safe thing to do is to log in at the Web address (URL) you usually use for your account and check your account status there.
This phish uses a stolen Yahoo! image and a forged Yahoo! copyright notice to try to trick you: It’s designed to scare you into reacting without thinking–to react to an alleged problem with your account by clicking the bogus link.
Just delete it.
Comments Off
Entries (RSS)