Phish 2013-05-08 #1
Many people received the following phish this morning:
There are many signs that the message was illegitimate.
- The basic premise, used by many phish, is flawed. Users never need to “upgrade their email account”. email/webmail ugprades occur on the server. We would notify customers of the change ahead of time but it is highly unlikely that you would need to do anything.
- The sender is a non-USC address and is most probably a compromised account at the other institution (probably fell for a phish).
- The message is not addressed directly to you. Instead they spoofed the recipient as firstname.lastname@example.org.
- The “HERE” link goes to a non-USC site but they tried to make it look legitimate with the www.uscedu.byethost24.com.
- We store a hash of the password not an encrypted password.
- Typographical and grammatical mistakes.
- CENTER not CENTRE. But we do not have a mail support center.
- Another oddity present by many phish is the copyright. Why would this be copyrighted USC Webmail Maintenance Team?