Over night, UD inboxes were flooded with email like the one shown below:
Don’t follow the link. Don’t “sign up.” Do delete the message.
A quick Web search shows that other schools (UCLA, Michigan, and Penn, for example) have seen similar spam on their campuses. No one reports this as a “phishing scam.” We think it’s an attempt to harvest email addresses for a spammers’ database or, at worst, a pre-phish.
If this spam is tied to a phishing scam, the scammers may be counting on you signing up for this “UDel collaborative space” [sic] using the same password you use for your real UD account, another account, or your computer. In short, it may be an attempt to harvest an account and password for later attempts at identity theft, fraud, or bot attacks.
Our advice:
- Delete the message.
- Do not follow the link or sign up for the “service.”
- Practice safe password management. Specifically, don’t use your UDelNet password on other services.
What if we signed up already? Will changing my password even do anything or is it too late? I’m disappointed that we are not notified via email about these things. I’m glad I just happened to stumble upon this post but I still don’t know what to do about it.
We talk about what to do in our Phishing Blues webcast, mentioned in this post to the phishing blog: http://sites.udel.edu/phishing/2012/04/25/phishing-blues-webcast/