So do you remember the last time vishers paid us a visit? They’re at it again. I got a call from 800-970-2089 trying to direct me to www.yougoatt.com for a “free” $100.

Yeah. Free money. Also comes with free malware.

This call is another reminder that scammers will try to trick you into revealing your personal information through any medium. Most of UD knows about email phishing scams, the most common route; however, phone, social media, and text scams are multiplying. All with the aim of luring you to surrender enough information about yourself that the scammer can use your personal information for fraudulent purposes.

Comments Comments Off

2014-03-11_0912It’s amateur week in the cybercriminal world, apparently.

This phish comes to us courtesy of a ticket filed by a member of the UD community. Note the vague, unprofessional opening and the poorly-written text that follows it.

The email tries to suggest that your account will be disabled because it was logged in (or, as the phish says, “Login”) to multiple devices. For those of you who have two computers, or who have accessed your email via your smartphone, you already know that multi-device login is a fairly common practice.

Although the email was sent to a Gmail user, the provided link does not point to a Google domain, which is a huge red flag. Instead, it points to a .co site. The “administrativeupgrade” slug in the URL also doesn’t make any sense in this context.

Even the little phish can pose a threat, though. Whether it’s something like this or a more professional phish, don’t click any suspicious links, and report phishing attempts to us at http://sites.udel.edu/phishing/report-a-phishing-scam/.

Comments Comments Off

2014-03-04_1155Did you know you’ve exceeded your email storage limit? Well, you probably haven’t, but these scammers would like you to believe otherwise.

This phish comes to us from cmorales@esperanza.us. You’ll notice that this address isn’t a udel.edu one, yet it’s attempting to represent UD. That’s red flag #1.

The email also calls you “University of Delaware Webmail subscriber” instead of your actual name. UD systems know your name (I know, soon it’ll turn into Skynet, but we aren’t there yet). Red flag #2.

Our friend, cmorales, also encourages you to click a link to zednet.php5.sk, which obviously isn’t a udel.edu domain. Oh, and why are we asked to verify our accounts through shady external websites if we’re over our storage limit? Shouldn’t we just delete some emails? Red flag #3.

pharmingsiteSo after all of that, where are we? Hopefully still looking at this email. If you aren’t, and if you clicked the link, you’ll have seen a page like the one on the left. In the unfortunate event you gave cmorales your UDel email information, you should go to www.udel.edu/network/ (note the udel.edu domain name) and change your email password ASAP. If you can’t, call the IT Support Center at (302) 831-6000 or submit a help ticket at http://www.udel.edu/it/help/request/.

Comments Comments Off

As our favorite time of the year – tax season – approaches, everyone is looking to pay as little as possible. But if you aren’t careful, you’ll end up paying much, much more than you thought.

Cybercriminals see tax season as a time of opportunity. After all, there’s a whole nation of people who want to hear about returns and loopholes. Many cybercriminals send mass phishing emails containing fake information about tax returns or filing, then wait for people to bite. We’ve seen some of these scams before.

The IRS and CERT issue reminders about these scams. Be wary of links to outside websites, especially ones claiming to be filing services or informative sites, and remember that you should never disclose your personal information over email.

Comments Comments Off

I just got an interesting phone call. The caller ID showed me 800 number – (800) 344-3089 – telling me that I had just won $200. That’s pretty sweet. I could use some money.

Sadly, this seems like a vishing scam; we’ve previously discussed similar incidents. It was an automated caller, and it tried to direct me to attbonus200.com to claim my money. That doesn’t seem legit, and I’m not going to risk a laptop and my identity for a $200 “freebie.” The laptop and all my data are worth more.

Comments Comments Off