University of Southern California

Phishing Warning 2014-09-15

Posted on by mbordas

Many users have reported receiving the following phish. If you have received the phish, do not click the link or reply to the message. If you have replied, followed the link, or supplied login information, change your USC password as soon as possible by going to the ITS website at http://itservices.usc.edu and clicking the link called Change Your USC Password.

Subject: Net ID
Date: Tue, 16 Sep 2014 03:27:48 +0800
From: USC Admin <user@umn.edu>
To: undisclosed-recipients:;

Dear USC User

validate usc.edu <http://suservidor.net/mail.usc.edu/>;

Note several features that indicate this is a phish:

1. The email asks you to follow a link to a non-USC website. The author of this phish attempted to confuse users by adding “mail.usc.edu” to the end of the link; however, the actual domain is “suservidor.net”, which comes immediately after “http://”. You should never enter your USC credentials on a non-USC webpage, especially when directed there by an unsolicited email. ITS never includes a full link to the password change page in any email it sends.

2. The From: field shows the sender as “USC Admin”; however, it is followed by what appears to be a non-USC email address (user@umn.edu) that actually resolves to a compromised USC email account.

3. The message includes almost no information to indicate why you should follow the link.

4. The email lacks personalization.

Comments are closed.