We’ve seen these scams before. Every so often, a non-UDel email account messages you to inform you that your mailbox is almost full. Unfortunately for them, these would-be scammers make so many mistakes that it’s hard to believe they’re still in business.
First, the message tells you that your mailbox is using 20GB out of 23GB. The numbers don’t match up; UDel accounts get more storage space than that. You can always check the fullness of your mailbox in the bottom left corner of your email page.
Second, the message is obviously a mass email. It uses a generic “Dear Web-mail User” salutation rather than your actual name. You’re all in UD’s system. We know
everything your names.
Third, the message later tells you that you need to log in (well, that you need to “Re-login”) with your credentials in order to update. You shouldn’t be updating anything if your mailbox is full. You should be deleting old messages.
The formatting of the email doesn’t match UD’s standards, either. The wording and conventions are different, and you can check this email against any official UD message to see the differences.
Oh, and for those who don’t know, 3GB is still a lot of space in an email system. To put that number into perspective, 1000 emails of typical lengths barely approach .5GB collectively. If your mailbox has 20GB of space used up, you’re probably way overdue on your spring cleaning.
No Comments »
Did you know you’ve exceeded your email storage limit? Well, you probably haven’t, but these scammers would like you to believe otherwise.
This phish comes to us from firstname.lastname@example.org. You’ll notice that this address isn’t a udel.edu one, yet it’s attempting to represent UD. That’s red flag #1.
The email also calls you “University of Delaware Webmail subscriber” instead of your actual name. UD systems know your name (I know, soon it’ll turn into Skynet, but we aren’t there yet). Red flag #2.
Our friend, cmorales, also encourages you to click a link to zednet.php5.sk, which obviously isn’t a udel.edu domain. Oh, and why are we asked to verify our accounts through shady external websites if we’re over our storage limit? Shouldn’t we just delete some emails? Red flag #3.
So after all of that, where are we? Hopefully still looking at this email. If you aren’t, and if you clicked the link, you’ll have seen a page like the one on the left. In the unfortunate event you gave cmorales your UDel email information, you should go to www.udel.edu/network/ (note the udel.edu domain name) and change your email password ASAP. If you can’t, call the IT Support Center at (302) 831-6000 or submit a help ticket at http://www.udel.edu/it/help/request/.
This morning, some standard phish were swimming into UDel inboxes. Here’s a screen shot of one that amazes me — not a particularly good one, but the scammers find that it still works:
Click the image to see a larger version.
We’ve highlighted some of the tell-tale signs, so that even if you didn’t know your email quota is higher than that mentioned in this scam, you can see what to look for. The non-UDel URL you see when you hover your mouse over the link is a dead giveaway. Ditto getting email about your email from someone at “snead.edu.” And why would UD be sending you email with the word “Warning” marked as a trademark? And marked as copyrighted by Microsoft?
Speaking of reminders, the SANS tip of the day at the website is a succinct summary of what to look for in phishing scams. It also includes links to two quizzes to help you see if you can recognize a phishing scam:
- Washington Post Phishing Quiz
- SonicWALL Phishing IQ Test
Two fun quizzes to improve your “Phishing IQ”!
Bottom line: When you get email with a link in it or asking for personal information or telling your to “click here” to fix a problem with your account, take a minute to examine the message. Think B4 U Click!
If you get email allegedly from Microsoft saying that your mailbox is full, it must be true, right?
The current version of this scam includes a link to a Google Docs form to make it easy for the scammer to harvest your account information. If you submit the information the form asks for, you will have enabled to scammer to log in to your account and either steal it or use it to spoof your account to send out further scam email messages.
See a message like this one?
Don’t click the link if you saw this message! (Click on the image to see a full size version of this email scam.)
Just delete it. Do not follow the link. Do not complete the Google Form.
Over the past week, we’ve seen multiple variations of phishing scams like this one:
Don’t fall for this scam! (Click image to see full message.)
At the beginning of a new school year, we tend to see a lot of scams like this one, or the ever popular scam:
“Your UDel email is over quota. Click here to verify your account information.”
These are scams designed to take advantage of the naivete of freshpersons and new employees. The scammers are trying to harvest your UD login credentials to steal your identity or to use your account to launch attacks on others. Do not click the links or reply to the email messages. Just delete them.
For more information, browse this blog or visit our formal Avoid phishing scams Web pages.