We’re getting multiple reports of phishing attempts like the two below. I’m pleased that so many of our clients are recognizing them as phish. As one professor emailed me, “it is nice to know that our webmail is being maintained by restaurants in Portugal.”
Below are two versions of the phish.
Phish version 1:
From: UDEL.EDU <faragshakeekal@tnctr.com>
Subject: Helpdesk@Udel.edu
Date: April 5, 2013 12:37:28 PM EDT
To: undisclosed-recipients:;
Your Mailbox Quota disk exceed 500GB limits set by our Webmail Service Administrator. You may not be able to send or receive new messages until your Mailbox size is reset. To expand your Mailbox disk Quota click the below web link
http://restaurantes-em-portugal.com/phpform/use/Udel.edu/form1.html to correct your account informations.
Sorry for the Inconveniences.
Helpdesk@Udel.edu
©2013
Phish version 2:
From: Isabella Welch <isawelch@UDel.Edu>
Sent: Friday, April 05, 2013 12:12 PM
Subject: Helpdesk@Udel.edu
Your Mailbox Quota disk exceed 500MB limits set by our Webmail Service Administrator. You may not be able to send or receive new messages until your Mailbox size is reset. To expand your Mailbox disk Quota click the below web link
http://restaurantes-em-portugal.com/phpform/use/Udel.edu/form1.html to correct your account informations.
Sorry for the Inconveniences.
Helpdesk@Udel.edu
©2013
See messages like these? Delete them.
Fall for a phish and provide your UDelNet ID and password? Go to www.udel.edu/network and change your password immediately. If you are unable to do so, contact the IT Support Center.
Comments Off
It may look like an official UD notice–but it’s a scam.
Email claiming that there’s been an update to UD email update is a scam. Click the smaller image for a larger version.
How can you tell?
If you read carefully, you’ll see that the email talks about UD Webmail and apparently gives a URL for use by UD Exchange users. Further, if you are using a computer, you can hover your mouse over the links and see that they really would take you to a pharming site to harvest your UD Account information.
Oh, look! The email warns you, “Beginning on Wednesday, March 27th, 2012, the new webmail application becomes the default for all users.” But today is Wednesday, March 27, 2013.
And they got the URL wrong for the IT Support Center. And that fake URL would lead to the pharming site anyway.
See this message or one like it? Just delete it. Log in to the UD email service you use in the usual way to check on your account. Alternatively, contact the IT Support Center if you have a question.
Think B4 U click!
Comments Off
People are reporting dozens of different phishing scams in UDel.edu mailboxes. A lot of the phishing messages are coming in with a subject line of “Technical Support” or “Webmail Alert!” and appear to come from elbt@udel.edu, helpdesk@udel.edu, webmaster@udel.edu, all spoofed addresses. These messages are not from UD. Delete them.
Here’s a sample of one of the many we’re seeing:
From: University of Delaware <eblt@UDel.Edu>
Date: February 21, 2013 5:56:55 PM EST
To: yourid@UDel.Edu
Subject: Technical Support
You could be infected with spyware. Press this link to protect your account.
University of Delaware Email Team
If you are reading email on a computer and if you “hovered” your mouse over the link, you would see that it does not take you to a udel.edu Web site. It’s a fraud. You are supposed to fear spyware so much that you’ll click the fraudulent link without thinking.
If you’re using a mobile device, don’t follow the link in any unsolicited email.
Remember, the University of Delaware will not send you email that asks you to follow a link to fix your account, nor will we ever send email asking for your account password.
Look at some of the other sample messages at this site, read our most recent UDaily article about phishing, explore some of the resources linked from this site. Above all else…. Think B4 U click!
Comments Off
We can’t possibly post every phish we’ve seen this week–as phishers trawl for identities they can steal, bombarding UD inboxes at the beginning of a new semester. But this one has an interesting wrinkle: it claims that someone with a specific IP address tried to access your account! With that level of detail, it’s got to be correct, right?
No!
From: Welch, Crystal
Subject: FW: WEBMAIL TECHNICAL SUPPORT
To:
Date: Thursday, February 7, 2013, 3:27 AM
Dear User,
Attention! Your Webmail Account was violated! Someone with IP address 82.160.128.20 tried to access your personal account! Please click the link below and enter your webmail information to confirm that you are not currently away. You have 3 days to confirm webmail information or your account will be locked.
CLICK HERE to verify your account
We apologize for any inconveniences on this effect.
Thank you for your patience and understanding.
Technical Support
If you see a message like this one, delete it. If you fall for it and “CLICK HERE,” change your UDelNet password immediately. If unable to do so, contact the IT Support Center.
Comments Off
Even though this one has bad grammar in it (“your account have been flagged” [sic]), we’ve had reports that this phishing scam has trapped both UD faculty and UD students.
Here’s what this one looks like:
From: University of Delaware © [mailto:webmaster@UDel.Edu]
Sent: Sunday, February 03, 2013 1:54 PM
Subject: UDemail Service – Your UDemail Account has been Flagged.
Due to miss-match of your account details,
your account have been flagged.
Click here to Unflag
Copyright © 2005-2013, University of Delaware.
When you “Click here,” you get taken to a UD-branded website:
Click small version of image to see full image.
The scammers have done a good job of making a believable fake UD page–but notice that the URL is NOT a udel.edu address.
If you fell for this scam, change your UD password ASAP at the Network page. If you are unable to do so, contact the IT Support Center (Use the web form or call [302] 831-6000.)
Comments Off
Entries (RSS)