Phishing Attack: "Database Helpdesk Admin" (May 15, 2013)

A new phishing attack was seen early this morning, once again trying to use scare tactics and insisting on immediate action. This go round the scammers attempt to fool one into believing their email account cannot receive new messages and that the account will soon be disabled.  A link is provided that will supposedly assist with provisioning adequate space. The URL redirect is a tiny.cc link which in this case, redirects to a Google Docs form. Fortunately for this run, Google has already been made aware of the form and they have taken the form down so that it's no longer possible to provide account info. 

 

Here is a copy of the email:

A few items to note, if one's account was in fact over quota and no longer receiving mail, it would not be possible to send new messages. Still this is a common scare tactic phishers use to fool one into immediately taking action in hopes that they prevent unwanted action from being taken against thier account. Also, while it is no uncommon to use online tools to shorten a URL, it is generally uncommon that OIT will do this for a legitimate notification. Even if the URL were to be shortened, it would not redirect to a non-Duke site such as Google Docs[1]. As we've stated in the past, the best course of action when receiving any type of account notification is to contact the party who controls the account (i.e. in the case of email at Duke, OIT or Duke Medicine depending on what type of email you have). The Service Desks will know about any type of changes that are currently in place as well as having the ability to contact support for verification on any account status. Rather than clicking links in the emails, contact the Service Desk to verify if the email is legitimate if you are unsure.

If you have any questions concerning this phishing scam or others, please contact the OIT Service Desk or the ITSO.

OIT Service Desk
919.684.2200
help@oit.duke.edu

 

IT Security Office
security@duke.edu

 

[1] When a Google Docs form is believed to be a phishing form, anyone has the option to "Report Abuse" and notify Google so that the form can be reviewed and taken down as needed.