Phish 2013-05-08 #1

Many people received the following phish this morning:

Screen Shot 2013-05-08 at 9.54.50 AM

There are many signs that the message was illegitimate.

  1. The basic premise, used by many phish, is flawed.  Users never need to “upgrade their email account”.  email/webmail ugprades occur on the server.  We would notify customers of the change ahead of time but it is highly unlikely that you would need to do anything.
  2. The sender is a non-USC address and is most probably a compromised account at the other institution (probably fell for a phish).
  3. The message is not addressed directly to you.  Instead they spoofed the recipient as
  4. The “HERE” link goes to a non-USC site but they tried to make it look legitimate with the
  5. We store a hash of the password not an encrypted password.
  6. Typographical and grammatical mistakes.
  7. CENTER not CENTRE.  But we do not have a mail support center.
  8. Another oddity present by many phish is the copyright.  Why would this be copyrighted USC Webmail Maintenance Team?