Archive for the “UD Webmail” Category

2014-04-17_0933We’ve seen these scams before. Every so often, a non-UDel email account messages you to inform you that your mailbox is almost full. Unfortunately for them, these would-be scammers make so many mistakes that it’s hard to believe they’re still in business.

First, the message tells you that your mailbox is using 20GB out of 23GB. The numbers don’t match up; UDel accounts get more storage space than that. You can always check the fullness of your mailbox in the bottom left corner of your email page.

Second, the message is obviously a mass email. It uses a generic “Dear Web-mail User” salutation rather than your actual name. You’re all in UD’s system. We know everything your names.

Third, the message later tells you that you need to log in (well, that you need to “Re-login”) with your credentials in order to update. You shouldn’t be updating anything if your mailbox is full. You should be deleting old messages.

The formatting of the email doesn’t match UD’s standards, either. The wording and conventions are different, and you can check this email against any official UD message to see the differences.

Oh, and for those who don’t know, 3GB is still a lot of space in an email system. To put that number into perspective, 1000 emails of typical lengths barely approach .5GB collectively. If your mailbox has 20GB of space used up, you’re probably way overdue on your spring cleaning.

Comments No Comments »

2014-03-04_1155Did you know you’ve exceeded your email storage limit? Well, you probably haven’t, but these scammers would like you to believe otherwise.

This phish comes to us from You’ll notice that this address isn’t a one, yet it’s attempting to represent UD. That’s red flag #1.

The email also calls you “University of Delaware Webmail subscriber” instead of your actual name. UD systems know your name (I know, soon it’ll turn into Skynet, but we aren’t there yet). Red flag #2.

Our friend, cmorales, also encourages you to click a link to, which obviously isn’t a domain. Oh, and why are we asked to verify our accounts through shady external websites if we’re over our storage limit? Shouldn’t we just delete some emails? Red flag #3.

pharmingsiteSo after all of that, where are we? Hopefully still looking at this email. If you aren’t, and if you clicked the link, you’ll have seen a page like the one on the left. In the unfortunate event you gave cmorales your UDel email information, you should go to (note the domain name) and change your email password ASAP. If you can’t, call the IT Support Center at (302) 831-6000 or submit a help ticket at

Comments Comments Off

A recent string of “send me a loan” phishing scams are appearing in UDel inboxes. The email looks like it is from a distressed friend or family member.  The scammer will engage in a conversation leading up to them asking you to wire  money through a bank or Western Union.

Click smaller image for a larger version.

After the distressing and grammatically incorrect message, scammers sometimes provide the information you need in the original email and wait for you to wire them money:

You can have the $2,250 dollars. wired to me via Western Union. Have it wired to my name and present location, here are the details you need to have it wired to me..

Receiver’s Name: Karen Morgan
Location: 58,Mary cris crecent,quezon city,
Country: manila,Philippines

Once you are done Kindly e-mail me the Confirmation details (MTCN) for the pick up of the funds.

Let me know when you head out to Western Union??

A scammer can hijack someone’s email account and steal their address book. Using that address book, the scammer will send “send me a loan” messages to people in the victim’s address book using a similar email address that is usually only a character off the original. An Example of a stolen email account is if someone uses, then the scammer will make the fake account or

When you see these messages  make sure you verify it is the person before sending money. Asking a personal question or contacting the person and people they know are good ways to catch the scammer.  And, as always, never send any personal information over an email.


Comments Comments Off

A phishing attack with the subject line “Important Message About Your University of Delaware Account” has been seen in UD email boxes.

The message looks similar to the following:

From: University of Delaware
Date: Tue, Sep 17, 2013 at 7:34 AM
Subject: Important Message About Your University of Delaware Account


We regret to inform you that recently we are unable to verify your webmail account with us

We therefore implore you to confirm your webmail details by clicking our secure site link below

To avoid permanent webmail account suspension

Thank you.

University of Delaware

This message is clearly a scam because the email is not addressing a specific person and there are no punctuation marks. Most importantly, it is asking you to change your email information by clicking a link in the message.

The University of Delaware will never ask you to change your email or account information through a link in an email.

Comments Comments Off

A phishing attack with the subject line “FACULTY/STAFF/EMPLOYEE MAIL SUSPENSION” has been seen in UD email boxes.

The message looks similar to the following:

From: Regina Austin
Date: Tue, Sep 10, 2013 at 6:02 PM

Dear Webmail Subscriber

Your Email Account have been Suspended from sending and receiving email,to
re-validate your account,please click here

Thank you!
ITS Web Team

Email correspondence to and from this address may be subject to the North Carolina Public Records law and may be disclosed to third parties by an authorized state official (NCGS. ch. 132). Student educational records are subject to FERPA.

Email messages like this are a scam and should be deleted. How do you know it is a scam?

  • It is not sent from a UDel account.
  • It is allegedly from a school in North Carolina and not Delaware.
  • It is referring to “Webmail Subscriber” instead of a specific person.
  • The “s” in suspend is capitalized.
  • There is no space between the comma and “please”.
  • The link sends you to a United Kingdom Web site.
  • It is from ITS Web Team and not IT Support center.

The University of Delaware would never ask you to re-validate your account, especially not through a poorly written email allegedly from North Carolina with a link to a United Kingdom Web site.

Comments Comments Off