USC E-Mail Accounts Hit With Phishing Spam
We've all seen phishing e-mails before (thank you eBay, PayPal) but it's a bit trickier when the e-mail deliberately asking you to pony up your e-mail username and password comes from a sender purporting to be USCTEAM.
The e-mail received today by several USC e-mail account holders suggests that the user's e-mail account will be terminated "permanently" within 7 days lest the recipient respond with account details including username, password, date of birth, and "country or territory."
Whenever an e-mail appears in our inbox asking for such specifics, the first thing we do is check the details at top. Who is the sender? In this case it is "firstname.lastname@example.org" with the even more suspicious reply-to address "email@example.com".
Thus the conclusion that this is a phishing e-mail -- spam that is directed especially to attain personal information necessary to hack into one's account.
USC's Information Technology Services confirmed the nature of this spoof e-mail earlier today and recommends:
If you have responded to the spam and submitted information about your USC password, you should immediately go to www.usc.edu/its/password to change your USC password.
Full-size screenshot of the e-mail after the jump.