This message fraudulently tells you your account is about to expire and tries to get you to click the link to read the message. The sender of the message is not from Lehigh and the link takes you to a non-Lehigh site which may have malicious software. Delete this message. NOTE: you can hover over links to see that it does not go to a real Lehigh domain. You can also verify if your account will soon expire by going to your Lehigh Account web page linked at the bottom of the main Lehigh and Inside Lehigh web pages.
Drob Box Phishing Scam Messages - 5/3/2017
Wednesday, May 3, 2017 - 16:53
Lehigh has been experiencing a number of phishing messages using emails with links to Drop Box documents. If you hover your mouse cursor over the link, it will show the address it is attempting to get you to go to. The messages may appear to be from people you know. If you are not expecting a file, you should immediately be suspicious and use extreme caution. If you have clicked on anything that requires a password you feel is not legitimate, it is always a good idea to reset your Lehigh password at https://www.lehigh.edu/change.
Google Phishing Scam Messages - 5/3/2017
Wednesday, May 3, 2017 - 16:37
USE EXTREME CAUTION! Lehigh and locations across the country (and possibly world-wide) have been experiencing a high volume of phishing messages using emails with links to Google Documents which use malicious code to affect your Google account. These are being caused a compromised Google App which has now been blocked by Google, but there will be continued issues with those who were compromised before the problem was blocked.
Urgent-Important Campus Alert!
Wednesday, December 7, 2016 - 14:59
This is a phishing email intended to get you to enter credentials on a non-Lehigh web page. You will notice:
1) Sender is from an alleged Canadian address (uoguelph.ca)
2) Hovering over the link displays it goes to a non-Lehigh address.
3) Signed by Richard Nixxon
4) Falsely lists our address in the signature line.
5) Uses urgency (you must act now) as a scare tactic to get you to respond.
Please be aware of these types of details when you see messages of a questionable nature,
LTS
BlackBoard Mail message
Tuesday, October 4, 2016 - 08:44
This is likely a message distributed to a number of universities -- Lehigh is not a BlackBoard institution (we use Moodle, or CourseSite). Note that the sender is not a Lehigh email address and the grammar is poor.
IT Service: Mail Exceeded Allocated Storage
Monday, July 25, 2016 - 10:15
Notice the two features identifying this as a phishing email: 1) The sender (highlighted) is not a Lehigh account; 2) the link in the email (highlighted) is to a non-Lehigh web address. Do not click on the link, and simply delete this email.
Phishing example from consumer Gmail account
Monday, July 25, 2016 - 08:13
Phishing example from July 25, 216. Note that sender is a generic Gmail account and the link is not Lehigh branded. The footer and greeting contains some Lehigh-specific information, but URL is not a Lehigh domain, the sender is not a Lehigh domain, and the message is sent impersonally to "undisclosed recipients."
Phishing invoice with attachment
Thursday, April 14, 2016 - 11:01
Another message received by a Lehigh staff member working in a financial area. The message was personalized to the staff member and had a .doc attachment which likely contains malicious content.
Sterling Bank
Thursday, April 14, 2016 - 10:59
Example of a spear phishing message that has been targeting financial departments at Lehigh.
Re: Expiration Notice
Thursday, January 28, 2016 - 14:49
This is a bogus message about Lehigh Library Accounts. Lehigh Library accounts don't expire. Looking at the send address reveals that it's from a commercial Gmail address (ends in @gmail.com) not from a Lehigh email address, which ends in @lehigh.edu. Another clue that this is phishing message is that the URL points to a domain ending in .ga, NOT lehigh.edu.
Fake request to restore service after inactiveness
Wednesday, January 27, 2016 - 15:47
Be alert to phishing messages like this example which try to fool you into clicking the link because it contains "ltshelpdesk". You will notice that the link actually goes to the domain 'moonfruit.com', and was sent from an email address reportedly from 'slu.edu', not 'lehigh.edu'. Another hint of possible phishing is the emphasis on urgency and poor grammar.
Do not click on links that you are unfamiliar with, or that don't come from lehigh.edu domains. Simply delete the message.
Exceeded Web Mail Quota
Wednesday, December 9, 2015 - 16:28
Message falsely claims you have reached your 500MB limit on Lehigh Web Mail. You may note the sender has a .pk (Pakistan) email address. The link for Lehigh Web Mail may work, but the link to "Click Here" takes you to a non-Lehigh Google web form in an attempt to collect your username and password.
Do not click either link. Simply delete this message.
Important Message
Monday, December 7, 2015 - 16:01
Clues that this is a phishing message and not a legitimate Lehigh email:
1. The sender's non-Lehigh email address
2. Incorrect spelling
3. The link takes you outside of the lehigh.edu domain
If you are a Lehigh Gmail user, you can report this as a phishing message:
1. At the top-right corner of the message, click the down arrow next to the Reply button.
2. Select Report Phishing from the drop-down list--the message will go directly into your Spam folder.
Lehigh University Terror Alert***
Saturday, November 14, 2015 - 15:17
The non-Lehigh email address this was sent from, the grammatical errors and vague contextual information, and the fact that the messages requests your username and password are all clues that this is phishing scam. Always remember, LTS will never ask you for your password.
As a Gmail user, you can report this as a phishing message:
1. At the top-right corner of the message, click the down arrow next to the Reply button.
2. Select Report Phishing from the drop-down list--the message will go directly into your Spam folder.
Important Blackboard Message Phishing Mail
Thursday, November 12, 2015 - 10:45
This phishing mail claims to be from Blackboard Learning regarding an important course work message. It is addressed to the user, and the link also includes the user's email address in the link text. Hovering over the link will reveal that the true destination of the link has nothing to do with Lehigh University at all, and typically points to another country.
Do not click the link. Simply discard this message.
Email Upgrade
Thursday, October 22, 2015 - 13:20
Like any other phishing message you'll receive, hovering over the link shows that the it does NOT take you to a Lehigh University webpage (all Lehigh pages will end in .EDU).
Simply report it as phishing if you're a Gmail user:
1. At the top-right corner of the message, click the down arrow next to the "Reply" button.
2. Select Report Phishing--the message will go directly into Spam
With Subject Line: DT, db, or bD
Wednesday, October 21, 2015 - 14:46
The non-Lehigh URL, http://webbmail-vcu.bravesites.com/ (note that it ends in bravesites.COM, not LEHIGH.EDU) is a clue that this is a phishing message.
If you are a Gmail user, you can mark it as Phishing by opening the message and:
1. At the top-right corner of the message, click the down arrow next to the "Reply" button.
2. Select Report Phishing.
Dear Lehigh.edu Account User
Tuesday, September 22, 2015 - 11:03
The non-Lehigh email address (ends in @udd.cl) and non-Lehigh URL, http://sso-cc-lehigh-edu.jimdo.com/ (note that it ends in JIMDO.COM, not LEHIGH.EDU) are clear warning signs this is a phishing message and not from the Help Desk. Grammar and punctuation errors are also always common red flags...
If you are a Gmail user, you can mark it as Phishing by opening the message and:
1. At the top-right corner of the message, click the down arrow next to the "Reply" button.
2. Select Report Phishing.
Wells Fargo Account Scam
Sunday, September 13, 2015 - 20:09
This is a classic phishing scam using scare tactics to get you to reveal personal information. Note that the apparent sender of the message (@cyberlink.ch) is in Switzerland.
Webmail Account Certificate?
Tuesday, September 1, 2015 - 08:23
This email, which purports to be from the "Help Desk®" with the subject "Your Mailbox" claims that you need to update and verify your Webmail certificate. It will ask you to click a link within the email to provide your credentials. This is NOT legitimate! You will never be asked by LTS to provide your credentials through a direct link within an email. Please delete this email or any similar email that hits your inbox.
Fake Blackboard website
Friday, August 14, 2015 - 15:11
This scam website, with the URL "www.ceyice.cc/board/webmail.blackboard.htm" (a domain associated with the Cocos Islands in Australia) purports to be a login for Blackboard (the campus learning tool Lehigh used before Coursesite). Do not submit any information to this site!
Dear lehigh.edu Account User
Monday, July 27, 2015 - 11:11
This is not an email from the Help Desk. Notice the link they want you to click on tries to fool you into thinking it's a Lehigh website but close inspection reveals it ends in jimdo.com, which is NOT a Lehigh site. Do not click it--mark it as SPAM immediately and delete.
Webmail account email upgrade -- bogus!
Thursday, July 23, 2015 - 08:45
This bogus message includes a link that is not a Lehigh domain and other signs that it is of doubtful origin.
Terror Threat Phishing Email
Monday, June 1, 2015 - 08:58
This is NOT an LTS or Lehigh communications email but a Phishing email. Lehigh departments nor LTS will NEVER ask you to send your log on credentials in ANY email we author. You can delete the email.
If you have sent your credentials in response, you will want to log into your account and reset your password immediately.
Fake Resume / Internship Request
Thursday, May 21, 2015 - 09:45
This email (and variants of it) claims to be a request for an internship, job, or simply an open sharing of a resume. It is NOT legitimate. Opening the attachment can trigger a password stealing trojan or malware infection on your computer. The name and sender (as well as the exact wording in the text) may vary. Under no circumstances should you attempt to open an attached file from an unsolicited email.
Fake Anti-Phishing Email
Tuesday, April 21, 2015 - 08:11
This email purports to be from "Lehigh Help Desk Services". It requests that you click a link to upgrade your email account as part of an "anti-phishing server upgrade". This email is not legitimate and was designed to steal your credentials. If you receive this message, please delete it.
Click here to renew your Webmail account
Monday, March 30, 2015 - 15:08
This message will ask for your credentials, but the link takes you to a non-Lehigh web address starting http://artwentyone.altervista. Delete it (don't click on the link in the body of the email!).
CONFIRM YOUR EMAIL IDENTITY NOW!!!
Thursday, March 12, 2015 - 09:01
This message is phishing, even though it references Lehigh Roundcube -- the message is tailored to Lehigh's systems, which is called spear phishing. It is specious, and should be deleted.
Fake Webmail Security Message
Tuesday, March 3, 2015 - 08:15
This email is NOT legitimate. It purports to be from the "Lehigh University Webmail Management Team" warning about an account break-in attempt. The link in the email is an attempt to steal usernames and passwords. Do NOT click the link. This message should be discarded with no further action. If you have clicked the link and supplied information, please change your password immediately.
Fake email from HELP DESK to update records
Monday, February 16, 2015 - 13:23
The following email has been seen in circulation at Lehigh. This is NOT a legitimate email, and asks users to click the link in an attempt to steal their username and password. Do NOT click the link. This message should be discarded with no further action. If you have clicked the link and supplied information, please change your password immediately.
Travel assistance spear phishing message
Thursday, February 12, 2015 - 10:36
This message attempts to seem trustworthy by appropriating the name of an actual person at Lehigh. Unfortunately, this is all too easy for an attacker to do. The message is a complete fraud and the person named was not involved in any way.
Fake IRS Tax Refund Email
Tuesday, February 10, 2015 - 12:28
This phishing email purports to be from the "IRS Tax Credit Office". It is designed to trick the recipient into submitting confidential financial information. Never submit personal information online when solicited via email. This type of phishing email message should be deleted immediately.
System Administrator
Monday, February 9, 2015 - 09:19
This phishing message is designed to trick you into believing you've exceeded your email quota/limit. While it's coming from a Lehigh email address (the user's account was compromised) the key sign that makes this email a fake is the non-Lehigh URL the "click here" text links to, outlookwebmails.weebly.com. Always hover your mouse cursor over the link to see the target destination BEFORE clicking. If you have any doubt, call the Help Desk before you click.
Fake Wells Fargo message
Thursday, December 4, 2014 - 16:44
This message is confirmed to be "fake." Wells Fargo was contacted and they offered this advice: Review the following tips to help safeguard your personal and account information:
Phishing attempt dated Dec. 4
Thursday, December 4, 2014 - 13:12
This message appears to be coming from a university in Missouri -- which may or may not be the case. The sender, the urgently worded subject line of "reply asap," and the request for credentials via mail are all indicators that this is phishing.
Fake University Portal Email Upgrade
Monday, November 17, 2014 - 15:10
This fake email "over limit" email purports to be from Lehigh and suggests that you must upgrade your email account because you are over your usage limit. It is NOT from Lehigh and should be deleted immediately. If you clicked the link and entered your Lehigh credentials, you should reset your Lehigh password immediately.
Alert - You have exceeded your webmail.lehigh.edu quota
Monday, November 17, 2014 - 14:28
This is yet another phishing attempt that tries to trick you into thinking you've exceeded your email quota. Notice the sender isn't even from Lehigh (mail.gvsu.edu) and that the CLICKHERE link goes to a non-Lehigh website. Always hover your mouse cursor over the link to see the target destination BEFORE clicking. If you have any doubt, call the Help Desk before you click.
You have exceeded your webmail.lehigh.edu quota
Tuesday, November 4, 2014 - 14:32
This phishing message is designed to trick you into believing you've exceeded your email quota. Note the signs that make this email suspicious:
This false email attempts to have you log into a non-Lehigh web in an effort to steal your credentials. Note that the sender is oddly formed: "lehigh.edu Help Desk" with a none lehigh email address at oswego308.org address. The ClickHere link links to a non-Lehigh web page containing a form. Always hover your mouse cursor over the link and check it's target destination BEFORE clicking. If you have any doubt, call the Help Desk before you click.
Upgrade your email account
Tuesday, October 28, 2014 - 08:54
This email is not legitimate and is a deceptive attempt to trick you into believing you need to upgrade your email. Note the signs that make this email suspicious:
The sender's email is not a Lehigh email address: jmalnick1109@oswego308.org
Incorrect grammar ("...yours need update")
The link you are supposed to click on is NOT a Lehigh website (hovering over the "ClickHere" link reveals that it goes to www.formforall.com)
Fake Virus Alert Warning
Thursday, September 18, 2014 - 13:14
This message, with a bogus link to "lehi.yolasite.com", is not legitimate. Do not click on links to non-Lehigh sites (something other than "lehigh.edu"), never give out personal information (SSN, credit card numbers) or provide credentials (such as username or password), and do not reply to unexpected spurious messages.
Verify your account
Tuesday, September 2, 2014 - 12:36
This is a specious attempt to get you to reveal your Lehigh credentials to a malicious third party. Signs that this message is suspicious:
The sender is not a is not the LTS Help Desk email. While it does end in lehigh.edu this is easy to spoof in the header of a message.
If you hover over the link in the message, note that it goes to lehighdotyolasitedotcom -- NOT a Lehigh domain (Lehigh domains end in lehigh.edu)
Lehigh will never ask you to provide your credentials via an email message or embed a link in an email for login purposes.
Lehigh Webmail Sign-in Alert!!!
Wednesday, August 27, 2014 - 15:39
This phishing email falsely attempts to alert you to a sign-in to your webmail account from a different location.
The message is crafted to look like it is from Lehigh, with a forged sender of webinfo@lehigh.edu, and is signed with a proper Lehigh mailing address and phone number.
You will, however, notice the verification address is NOT a Lehigh address, but rather hostoi.com, and runs a php script which may allow malicious code to run in your web browser.
Fake Trojan Horse Warning
Monday, August 25, 2014 - 09:47
This is a relatively straightforward phishing example. Note that the link address (which isn't hidden in any way) is not in the "lehigh.edu" domain, but in "webs.com". And Lehigh is misspelled.
Lehigh Webmail: E-Portal update
Monday, August 18, 2014 - 16:26
This message is an attempt to confuse you with poor grammar and technical terms so you click the "Click here" link. Notice that the sender address is 'cmb@telia.com', and is NOT from the lehigh.edu domain. Do NOT click on the link! You can always verify your own quota limit by going to your account page (www.lehigh.edu/account) and checking quotas under mail management.
Lehigh University Portal
Monday, August 18, 2014 - 09:12
This message is an attempt to obtain your credentials through claiming your email has exceeded its memory size and requests you to upgrade your mailbox by clicking on the listed link. Do NOT click on the link! You can always verify your own quota limit by going to your account page (www.lehigh.edu/account) and checking quotas under mail management.
Quota Limit - Phishing Example
Tuesday, August 5, 2014 - 11:48
This message is an attempt to obtain your credentials through claiming your email has exceeded it's quota and requests you to upgrade your mailbox by clicking on the listed link. Notice that the sender address for Lehigh University is 'drh@uc.pt', and is NOT from the lehigh.edu domain. Do NOT click on the link! You can always verify your own quota limit by going to your account page and checking quotas under mail management
"ITS Web Upgrade"
Saturday, July 26, 2014 - 13:47
This message is a repeat (look back in the archive to April 30, 2013). The "From:" address has been forged, but that fact doesn't mean much. Email addresses can't be counted on as an indication of a message's validity. The real key is that the link directs you to a web address that has nothing to do with Lehigh (http://myshoponline.net/wp-admin/includes/webmail/). Not only didn't Lehigh send this, it isn't a reasonable imitation of anything we actually would send. Delete it.
Fake Email Sign-In Alert
Thursday, July 24, 2014 - 14:56
This is an alarmingly well-crafted (but still completely fake) message that aims to steal your login credentials. Don't fall for it.
Irregular Activities Verification
Wednesday, July 23, 2014 - 10:27
This message contains an attached web form for you to provide personal information (including credit card accounts). The form also contains Javascript, which will capture additional information. As with all such messages, do not open the attachment and do not submit personal information into any forms sent to you by email. Note that although this claims to be from a bank, the sender is a Lehigh address. The listed recipient is the same Lehigh address, and you are only getting a blind courtesy copy (BCC:), so your name and address don't even appear.