University of Southern California

New Phishing Warning (December 1)

Posted on by beltzer

Many users have reported receiving the following phish. If you have received the phish, do not click the link or reply to the message. If you have replied, followed the link, or supplied login information, change your USC password as soon as possible by going to the top of this website and clicking the link called change your password on the top menu bar.

From: USC Web Mail
Date: December 1, 2015 at 5:49:02 AM PST
To: Recipients
Subject: Unexpected sign-in attempt

This is an automated message to notify you that a valid password was used
to login your usc mail account from an unrecognized device, Today
Tuesday, December 1st, 2015 at 03:00(UTC+02), in Lagos, Nigeria
(IP=37.77.52.17) as a result of that your account has been temporarily
suspended.

If you did this, you can safely disregard this email. If you didn’t do
this, kindly follow our review link below to retrieve your account
http://alex0.ru/wp-content/wp00303/

Sincerely,
USC Web Services
Copyright © 2015 The University of Southern California
Please do not reply to this message. Mail sent to this address cannot be
answered.

Note several features that indicate this is a phish:

  1. The email asks you to follow a link to a non-USC website (http://alex0.ru/xx-xxxxxxx/xxxxxxx/). You should never enter your USC credentials on a non-USC webpage, especially when directed there by an unsolicited email.
  2. The email lacks personalization.
  3. The email includes improper capitalization.
  4. The email includes incorrect information about USC’s email storage. Up-to-date information is available at itservices.usc.edu/office365 (for faculty and staff) or itservices.usc.edu/google (for students).
  5. While this email appears to have been sent from a USC staff member, the several other phish features suggest that the From: field was spoofed in an attempt to appear legitimate.

Comments are closed.