University of Southern California

Phishing Warning (July 10)

Posted on by mbordas

Many users have reported receiving the following phish. If you have received the phish, do not reply or follow the link. If you have responded, clicked the link in the message, or entered any information on the linked Google Forms page, change your USC NetID password immediately by going to the Popular Topics menu bar on the ITS website and clicking the link labeled change your password.

If you are uncertain of the validity of an email, you may forward it (along with the message headers, if possible) to security@usc.edu.

From: Usc edu customer service <[username]@usc.edu>
To: info@co.uk
Sent: Monday, July 10, 2017 6:17 AM
Subject: UPDATE

This mailbox is currently being updated to our latest version. Kindly Click Here to backup data!

The link in this phish led to a Google Forms page designed to capture a user’s USC username and password (see below).

Note several features that indicate this is a phish:

  1. The message was sent to a non-USC email address (info@co.uk), with the actual recipients hidden.
  2. “USC” is incorrectly capitalized in the From: field.
  3. The message lacks any personalization.
  4. The link leads to a Google Forms page, rather than to a USC website. The Google Forms page includes irregular name and spelling conventions (e.g., USC™).

 

 

Comments are closed.