New Phishing Warning (November 13)
Many users have reported receiving the following phish. If you have received the phish, do not click the link or reply to the message. If you have replied, followed the link, or supplied login information, change your USC password as soon as possible by going to the ITS website at itservices.usc.edu and clicking the link called change your password on the top menu bar.
Sent: Friday, November 13, 2015 1:14 PM
Subject: Upgrade Your Usc.Edu Account
You have exceeded your University E-mail account limit quota of 250MB and you are requested to expand it within 48 hours or else your University E- mail account will be disable from our database. Simply CLICK HERE with the complete information requested to expand your E-mail account quota to 2GB. Your account will remain active after you have successfully confirmed your account to the monitoring Center.
Web Service Team © 2015. All Rights Reserved.
Note several features that indicate this is a phish:
- The email asks you to follow a link to a non-USC website (www.123contactform.com/sitename). You should never enter your USC credentials on a non-USC webpage, especially when directed there by an unsolicited email.
- The email lacks personalization.
- The email includes improper capitalization.
- The email includes incorrect information about USC’s email storage. Up-to-date information is available at itservices.usc.edu/office365 (for faculty and staff) or itservices.usc.edu/google (for students).
- While this email appears to have been sent from a USC staff member, the several other phish features suggest that the From: field was spoofed in an attempt to appear legitimate.