University of Southern California

Phishing Warning 2013-10-17

Posted on by mbordas

Many users have reported receiving the following phish email. If you have received the phish, do not reply, click the link, or supply any login information. If you have replied or followed the link, change your USC password as soon as possible by going to the ITS website at www.usc.edu/its and clicking the icon labeled Change USC Password.

From: University of Southern California <[user]@mtu.edu>
To: undisclosed-recipients: ;
Bcc: [user]@usc.edu

Attention University of Southern California,user,

Due to the various emails received by our webmail users of receiving phishing spams, University of Southern California Helpdesk will be upgrading webmail system to 500MB of space, Click or copy the link below to login into your account for confirmation and upgrade.

https://docs.google.com/forms/[…]

Your account shall remain active after you have successfully upgraded to the new 500MB.

Thanks for bearing with us.

Copyright 2013
University of Southern California,HELP DESK.

Note several signs that this is a phish:

1. Though the From: line states “University of Southern California”, the actual email address of the sender is [user]@mtu.edu. Neither ITS nor USC will send account-related emails from any domain other than @usc.edu.

2. The email uses poor grammar and punctuation throughout.

3. The email lacks personalization.

4. The email asks you to enter your account details on a page on Google Docs. ITS urges you to remember that Google Docs is a file-sharing service available to anyone with a Gmail account. Neither ITS nor USC will ever ask you to supply your account details on a Google Docs form or on any page other than a secure login page on the usc.edu domain.

Comments are closed.