University of Southern California

Phishing email and support call warning (February 11)

Posted on by mbordas

Many users have reported receiving phish emails and customer support calls over the past several days.

Phish support calls

Some staff members have reported receiving a phone call from a person claiming to be from ITS and asking them to reset their USC password. Be aware that these calls do not originate from ITS, and that no one from ITS will ever ask for your password.

If you receive a call from someone requesting your USC NetID password, do not provide that information. Instead, hang up and call the ITS Customer Support Center at 213-740-5555 to report the phish call and verify your account status.

Phish email

Many users have reported receiving the following phish. If you have received the phish, do not click the link or reply to the message. If you have replied, followed the link, or supplied login information, change your USC password as soon as possible by going to the top of this website and clicking the link called change your password on the top menu bar.

From: user@usc.edu
Date: February 11, 2016 at 8:40:02 AM PST
Subject: Helpdesk
Your e-mail account was LOGIN today by Unknown IP address: 103.240.180.228, click on the Administrator link below and LOGIN to validate and verify your e-mail account or your account will be temporary block for sending more messages.
Warm Regards,

Helpdesk Administrator.

Note several features that indicate this is a phish:

  1. The email asks you to follow a link to a non-USC website (uschelpdesk.weebly.com). You should never enter your USC credentials on a non-USC webpage, especially when directed there by an unsolicited email.
  2. The email lacks personalization.
  3. The email includes improper grammar.
  4. While this email appears to have been sent from a USC staff member, the several other phish features suggest that the From: field was spoofed in an attempt to appear legitimate.

Comments are closed.