We’ve seen these scams before. Every so often, a non-UDel email account messages you to inform you that your mailbox is almost full. Unfortunately for them, these would-be scammers make so many mistakes that it’s hard to believe they’re still in business.
First, the message tells you that your mailbox is using 20GB out of 23GB. The numbers don’t match up; UDel accounts get more storage space than that. You can always check the fullness of your mailbox in the bottom left corner of your email page.
Second, the message is obviously a mass email. It uses a generic “Dear Web-mail User” salutation rather than your actual name. You’re all in UD’s system. We know
everything your names.
Third, the message later tells you that you need to log in (well, that you need to “Re-login”) with your credentials in order to update. You shouldn’t be updating anything if your mailbox is full. You should be deleting old messages.
The formatting of the email doesn’t match UD’s standards, either. The wording and conventions are different, and you can check this email against any official UD message to see the differences.
Oh, and for those who don’t know, 3GB is still a lot of space in an email system. To put that number into perspective, 1000 emails of typical lengths barely approach .5GB collectively. If your mailbox has 20GB of space used up, you’re probably way overdue on your spring cleaning.
No Comments »
The phishing scams are back. This one is better than most, but it’s definitely fake.
This phish was reported to us with the HTML written in plain text, so I’ve recreated the email minus the gibberish and plus the formatting.
First, the email opens with a generic greeting that uses some odd formatting. The words are all capitalized, and the “Dear All” is uncharacteristic of University correspondences.
The message has some grammatical errors, and it also uses British English (see “recognise” and “Centre” in the last paragraph). Last I checked, we’re on the western end of the pond, so we’re using American English.
The provided link directs you to http://nss.udel.edu.passfans.ir/, which is a carefully replicated version of a legitimate UD domain. When you read URLs, the domain will always be followed by a “/” and the rest of the URL. UD’s legitimate domain is “nss.udel.edu,” but the domain in message’s link ends in “passfans.ir.” Always read the domain until the backslash; phishers will use periods and misspellings to mimic legitimate URLs and trick unsuspecting users.
This phish is dangerous precisely because it seems so real. It uses UD information and attempts to recreate a UD website, but careful reading exposes this as an elaborate scam.
No Comments »
Did you know you’ve exceeded your email storage limit? Well, you probably haven’t, but these scammers would like you to believe otherwise.
This phish comes to us from firstname.lastname@example.org. You’ll notice that this address isn’t a udel.edu one, yet it’s attempting to represent UD. That’s red flag #1.
The email also calls you “University of Delaware Webmail subscriber” instead of your actual name. UD systems know your name (I know, soon it’ll turn into Skynet, but we aren’t there yet). Red flag #2.
Our friend, cmorales, also encourages you to click a link to zednet.php5.sk, which obviously isn’t a udel.edu domain. Oh, and why are we asked to verify our accounts through shady external websites if we’re over our storage limit? Shouldn’t we just delete some emails? Red flag #3.
So after all of that, where are we? Hopefully still looking at this email. If you aren’t, and if you clicked the link, you’ll have seen a page like the one on the left. In the unfortunate event you gave cmorales your UDel email information, you should go to www.udel.edu/network/ (note the udel.edu domain name) and change your email password ASAP. If you can’t, call the IT Support Center at (302) 831-6000 or submit a help ticket at http://www.udel.edu/it/help/request/.
The UD VoIP system has a feature that allows its users to forward voicemails to email. However, before it can be functional, UD staff must personally request this feature be set up by Telephone Services–it is not automatic. If you have not requested this feature be set up, and you receive a voicemail in your inbox, it is a scam.
Scammers are trying to take advantage of this feature and are starting to send malware, disguised as voicemail, to infect your computer.
The same method can get you to reveal personal information. Even if you do not download any files, simply responding to the message with a call or email can reveal enough information to scam you.
Here are some things to look out for when you have a voicemail in your inbox:
- You need to sign up for this feature. If you did not ask for this feature and received voicemails in your inbox, it is a scam.
- Messages are sent from UNITY@udel.edu.
- Unity does not send group messages.
- Attachments from Unity are .wav files, not .zip files.
- Be aware of “Unknown Caller.” Usually there will be a name or “wireless caller.”
Have you been using your email a lot recently? Should you re-validate it so you can keep receiving email messages? The answer should be NO!
This message has been be seen in several Google Apps @UDel.edu mailboxes:
Click smaller image for a larger version.
It is clearly a phishing scam for several reasons:
- The subject is ambiguous.
- The message does not refer to you by name.
- The sender is not using a Google Apps @UDel.edu email address.
- There are several grammar errors such as incorrect capitalization and missing periods.
- The message is signed by “ITS help desk” instead of “IT Support Center”.
- The “ADMIN TEAM” link is very suspicious.
It is easy to check how full your Google Apps @UDel.edu inbox is, and it doesn’t require you to click on suspicious links. If you scroll to the bottom of your inbox, you will see something similar to this:
Click smaller image for a larger version.
As you can see, you have 15GBs of space instead of the 500MBs that the phishing scam suggests. You are also probably not even close to having a full inbox. Never believe email messages that suggest your inbox is almost full.