User menu

Menu

Main menu

Recent Phishing Examples (upgrade-update)

Fake University Portal Email Upgrade

This fake email "over limit" email purports to be from Lehigh and suggests that you must upgrade your email account because you are over your usage limit. It is NOT from Lehigh and should be deleted immediately. If you clicked the link and entered your Lehigh credentials, you should reset your Lehigh password immediately.

Fake Portal Mail upgrade

Fake Security Update

This message falsely indicates a security update requires your action to complete, and that if not responded to within 24 hours, you may lose your email. This message is a fraud, by examining the destinations of the link in the message you will notice they go to some other domain, 'webs.com'. Delete this message; do not click on any of the links or attempt to reply.

Fake Security Update

IT Services and Operations (Fraud)

This message fraudulently tells the you, the recipient, that the webmail server has been upgraded and that you should click and follow the links to take advantage of new security features. While the text appears to be a legitimate link if you hover over the link you see that it takes you to a non-Lehigh server and likely one that will do harm to your identity or your computer.

IT Services and Operations (Fraud)

Webmail Upgrade Fraud

This message indicates that you are using more space for web mail than you have been allocated. It threatens that unless a link is clicked to upgrade the account, the account holder will be unable to receive email. Notice that the message is signed "Admin Help Desk" (no such thing), refers to "email labs" (again, no such thing), and that the link points to someplace that is not lehigh.edu. Clicking the link can result in having your account credentials compromised. This email should be regarded as SPAM and deleted.

Webmail Upgrade Fraud

Fake Upgrade Alert (again)

This message is a version of the same scam we have seen before. The screenshot shows that, depending upon your mail client, and whether it blocks images, the message can look slightly different. Note that the link, which purports to go to http:/www.lehigh.edu/ltsNews (this URL does not exist and is not even correctly-formed, as the slash following the colon should be two slashes) actually goes to http://www.123contactform.com/form-580146/Lehigh.

Fake Upgrade Alert (again)

Fake "Account Update" Alert

This email implies that as a result of an upgrade, you need to log in to your account to check out the "effect". It provides a link to the supposed login page (LTS would not do this--users should know where the login page is, and should know not to click on links in email messages). Notice that this link goes to a page in a non-Lehigh domain (the page looks very much like our portal login page--but if you pay attention to the web address, it can't possibly be a Lehigh page). This email should be regarded as SPAM and deleted.

Fake "Account Update" Alert

Fake Portal Login Page

This is the fake portal login page that the fake "Account Update" alert message links to. It looks almost perfect. But notice the address, "chriscomport.com". This page is not real and you should not enter any information whatsoever into this page.

Fake Portal Login Page

Fake Upgrade Alert

This email purports to be a notification from LTS about upgrades to the Lehigh web-mail servers. As a security precaution, Library and Technology Services no longer sends emails with links in them. If you get an email claiming to be from us, and directing you to follow a link, you may safely assume it is fraudulent, and should delete it immediately.

Fake Upgrade Alert