Many people received multiple copies of the following phish. They came from multiple source email addresses.
There are many signs that the message was illegitimate.
- The senders are non-USC addresses and were most probably compromised accounts since it does not look like they were forged.
- The message is not addressed directly to you. Instead they BCC’d each recipient and left the To line empty.
- Typographical and grammatical mistakes. “lick”?
- Non-USC link which was disguised as a supposedly more legitimate looking URL.
- What does “logout the account from your mailbox” mean?
- The odd Copyright 2013.
Here is the target web phish form.
There are many signs the form is illegitimate.
- Not a usc.edu URL. Though they did try to fool people with the usc.3owl.com.
- No USC branding.
- None of the links (Change Password? Manage Autoresponder, etc, actually work).
Update: looks like this phish has been around since late last year: Email Account Phishing: Your Account Is Open in One Other Location