Phishing Scams Seen at UD

It may look like an official UD notice–but it’s a scam.

Email claiming that there’s been an update to UD email update is a scam. Click the smaller image for a larger version.

How can you tell?

If you read carefully, you’ll see that the email talks about UD Webmail and apparently gives a URL for use by UD Exchange users. Further, if you are using a computer, you can hover your mouse over the links and see that they really would take you to a pharming site to harvest your UD Account information.

Oh, look! The email warns you, “Beginning on Wednesday, March 27th, 2012, the new webmail application becomes the default for all users.” But today is Wednesday, March 27, 2013.

And they got the URL wrong for the IT Support Center. And that fake URL would lead to the pharming site anyway.

See this message or one like it? Just delete it. Log in to the UD email service you use in the usual way to check on your account. Alternatively, contact the IT Support Center if you have a question.

Think B4 U click!

We can’t possibly post every phish we’ve seen this week–as phishers trawl for identities they can steal, bombarding UD inboxes at the beginning of a new semester. But this one has an interesting wrinkle: it claims that someone with a specific IP address tried to access your account! With that level of detail, it’s got to be correct, right?

No!

From: Welch, Crystal
Subject: FW: WEBMAIL TECHNICAL SUPPORT
To:
Date: Thursday, February 7, 2013, 3:27 AM

Dear User,

Attention! Your Webmail Account was violated! Someone with IP address 82.160.128.20 tried to access your personal account! Please click the link below and enter your webmail information to confirm that you are not currently away. You have 3 days to confirm webmail information or your account will be locked.

CLICK HERE to verify your account

We apologize for any inconveniences on this effect.

Thank you for your patience and understanding.
Technical Support

If you see a message like this one, delete it. If you fall for it and “CLICK HERE,” change your UDelNet password immediately. If unable to do so, contact the IT Support Center.

Last week, the LearnIT Express webcast was called “Phishing Blues.” It ran about 12-13 minutes, included annotated examples (and discussion) of some of the scams seen at UD, and some suggestions for what to do if you fall for a phishing scam or submit personal information at a pharming site.

It is available for viewing on demand.

This phish seen this morning at UD may catch you if you’re unaware. It’s a variation of a phish seen in our mailboxes earlier this month.

• Similar “official sounding” boilerplate language about forwarding and maintenance.
• Similar use of a udel.edu URL in the text as a link to a bad non-UD site. (Hover your computer mouse over the link to see where it really will take you.)
  

  

  Phishing Scam: Note where the link REALLY goes.

  
  If you click the link and enter your UDelNet ID and password, change your UDelNet password immediately by going to the UD Network page.

• Similar spoofing of an official-looking UD email address. Remember, UD will never ask you to verify your personal information by clicking a link in an email message. Nor will UD ever ask you to send personal information via email.
• Same bogus paragraph about what the “Primary owner” must do. At UD, we instruct you not to share your email account. “Primary owner” implies “secondary” use of an email account.

See this scam in your inbox? Delete it.

An eagle-eyed colleague sent us this phishing scam today. Looks pretty convincing until you hover your mouse over the alleged link to UD’s mail service and see a non-UD link! Other tell-tale signs:

• Since UD tells you not to share your accounts or passwords with anyone, why would we refer to you as the “Primary owner”?
• Why would we tell you to forward your other email accounts to your UD Webmail account AND tell you when we do system maintenance in the same message in which we tell you about a problem with your account?

Just delete it.

Webmail phishing scam--look where that link really goes.

If you do click the link and enter your UDelNet ID and password? Change your UDelNet password immediately by going to the UD Network page.