Phishing Warning 2014-07-09
Many users have reported receiving the following phish. If you have received the phish, do not click the link or reply to the message. If you have replied, followed the link, or supplied login information, change your USC password as soon as possible by going to the ITS website at http://itservices.usc.edu and clicking the link called Change Your USC Password.
From: University of Southern California <firstname.lastname@example.org>
Date: July 9, 2014, 8:38:05 AM PDT
Subject: **/Suspension of Your Email AccountFollow the below link to perform maintenance work needed to improve the protection of your email account. Login and fill the required information to upgrade your email and to protect the University web resources.
Admin IT Support – Copyright © University of Southern California. All rights reserved.
Note several features that indicate this is a phish:
- The email asks you to follow a link to a non-USC website (uscedu.yolasite.com). Note that the author of this phish included “uscedu” in the URL in an attempt to make the link seem legitimate. You should never enter your USC credentials on a non-USC webpage, especially when directed there by an unsolicited email.
- The email was sent from a non-USC email account.
- The email lacks personalization.