This message is a version of the same scam we have seen before. The screenshot shows that, depending upon your mail client, and whether it blocks images, the message can look slightly different. Note that the link, which purports to go to http:/www.lehigh.edu/ltsNews (this URL does not exist and is not even correctly-formed, as the slash following the colon should be two slashes) actually goes to http://www.123contactform.com/form-580146/Lehigh.
"Violation Security Breach"
Tuesday, April 30, 2013 - 00:00
This email tells you that your webmail has been infected with a dangerous virus. It is a fake.
Fake "Verify Mailbox and Increase Quota" Alert
Sunday, April 28, 2013 - 00:00
This email tricks you into thinking there is a problem with your mailbox and quota and encourages you to click the link to fix it. Do not click on the link. Note also the improperly sized Lehigh graphic. This email should be regarded as SPAM and deleted.
Fake "Account Update" Alert
Friday, April 26, 2013 - 08:01
This email implies that as a result of an upgrade, you need to log in to your account to check out the "effect". It provides a link to the supposed login page (LTS would not do this--users should know where the login page is, and should know not to click on links in email messages). Notice that this link goes to a page in a non-Lehigh domain (the page looks very much like our portal login page--but if you pay attention to the web address, it can't possibly be a Lehigh page). This email should be regarded as SPAM and deleted.
Fake Portal Login Page
Friday, April 26, 2013 - 08:00
This is the fake portal login page that the fake "Account Update" alert message links to. It looks almost perfect. But notice the address, "chriscomport.com". This page is not real and you should not enter any information whatsoever into this page.
Fake "Security Breach" Alert
Friday, April 19, 2013 - 00:00
This email is quite similar to yesterday's fake Upgrade Alert message, even using the same Subject line. However this message attempts to create a sense of urgency by claiming that your account will be closed if you take no action. That should be a red flag, as LTS will never threaten you with account closure. Also notice that the link at the bottom of the email is pointing to a non-Lehigh domain. This email should be regarded as SPAM and deleted.
Fake Upgrade Alert
Thursday, April 18, 2013 - 00:00
This email purports to be a notification from LTS about upgrades to the Lehigh web-mail servers. As a security precaution, Library and Technology Services no longer sends emails with links in them. If you get an email claiming to be from us, and directing you to follow a link, you may safely assume it is fraudulent, and should delete it immediately.
Fake "Irregular Action" / Verify Address Alert
Thursday, April 4, 2013 - 08:01
This clever phishing example looks like it is from Lehigh. If you hover over the link, notice that the server address - the part between the double-slash and the next slash - is not the lehigh.edu domain (it starts out like a Lehigh web address, but it actually ends with "beverlyblackburn.com"!). Very tricky. If you were to follow this link (DON'T), you'd see a fake webmail login page (shown elsewhere in this list). NOTE: LTS will not send links in email, and we will not ask for your password!
Fake Lehigh Webmail Login
Thursday, April 4, 2013 - 08:00
This web form is attempting to look like a Lehigh secure web page. Note that the web address (URL) is not in the lehigh.edu domain.
Fake Lehigh LTS Account Compromise Alert
Monday, March 25, 2013 - 00:00
This clever phishing example looks like it is from Lehigh LTS - note that if you hover over the link, it is not the lehigh.edu domain. NOTE: LTS will not send links in email, and we will not ask for your password!
Fake Lehigh Account Information Form
Monday, March 25, 2013 - 00:00
This web form is attempting to look like a Lehigh secure web page. Note that the web address (URL) is not the lehigh.edu domain. There are also a number of misspelled words, including Lehigh.
