account compromise

This message is a repeat (look back in the archive to April 30, 2013). The "From:" address has been forged, but that fact doesn't mean much. Email addresses can't be counted on as an indication of a message's validity. The real key is that the link directs you to a web address that has nothing to do with Lehigh (http://myshoponline.net/wp-admin/includes/webmail/). Not only didn't Lehigh send this, it isn't a reasonable imitation of anything we actually would send. Delete it.

This message purports to be a "Lehigh Web Notice" about a security breach to your account. It threatens that unless a link is clicked to verify the account, the account holder will be unable to send email. Clicking the link can result in having your account credentials compromised. This email should be regarded as SPAM and deleted.

This email is quite similar to yesterday's fake Upgrade Alert message, even using the same Subject line. However this message attempts to create a sense of urgency by claiming that your account will be closed if you take no action. That should be a red flag, as LTS will never threaten you with account closure. Also notice that the link at the bottom of the email is pointing to a non-Lehigh domain. This email should be regarded as SPAM and deleted.

This clever phishing example looks like it is from Lehigh. If you hover over the link, notice that the server address - the part between the double-slash and the next slash - is not the lehigh.edu domain (it starts out like a Lehigh web address, but it actually ends with "beverlyblackburn.com"!). Very tricky. If you were to follow this link (DON'T), you'd see a fake webmail login page (shown elsewhere in this list). NOTE: LTS will not send links in email, and we will not ask for your password!

This clever phishing example looks like it is from Lehigh LTS - note that if you hover over the link, it is not the lehigh.edu domain. NOTE: LTS will not send links in email, and we will not ask for your password!