Phishing Warning 2013-11-07
Many users have reported receiving the following phish email. If you have received the phish, do not reply, click the link, or supply any login information. If you have replied or followed the link, change your USC password as soon as possible by going to the ITS website at www.usc.edu/its and clicking the icon labeled Change USC Password.
From: USC Web Mail <firstname.lastname@example.org>
Date: Thursday, November 7, 2013 at 10:22 AM
Subject: Your USC NetID is on Restriction
Thursday, November 7, 2013
We detected irregular action on your e-mail system on October 7, 2013.
As the Primary owner, you must verify your account activity before you can continue using your account, and upon verification, we will remove any restrictions placed on your account.
click on the link below:
You can also forward your mail from any other e-mail accounts to your Webmail account so that your contacts won’t have to memorize a new e-mail address and you can access all of your mail in one place. You can find forwarding instructions for your other e-mail accounts in their online documentation.
Webmail service has reserved a system maintenance window of Saturdays from 4:00 a.m. to 8:00 a.m. that will be used only if Webmail service needs to perform any work that will take the system off-line. Otherwise, the e-mail system will be available around the clock.
University of Southern Carolina
As the actual destinations of links are easy to disguise, it is a good security practice to avoid clicking links in any unsolicited email referring to one of your online accounts. In the above phish, the actual destination of the link is not a page on the USC network, but a server in the Czech Republic. For more information about verifying the destination of links, see the post Before You Click That Link on this blog.
Other signs that this email is a phish include improper capitalization, lack of personalization, and the fact that it is improperly signed “University of Southern Carolina”.