"Email Configuration Error" Phishing Attack
Phishing Attack Masquerading As Email Delivery Problem
A phishing attack urging users to download undelivered emails was reported to DoIT Security this week. Here is an example of the malicious message.
From: "umbc.edu System Administrator" <admin@secureserver.net>
Subject: You have 4 undelivered emails. Download them now
Date: 03 Sep 2020 14:40:40 +0800
Undelivered Mail Notification
Email account: (redacted)@umbc.edu
Time of error 9/3/2020 2:40:40 p.m.
Due to a recent configuration error, some of your emails have not been properly synchronized with your mailbox. Login below to clear this error and download your mails.
Download your emails
If you do not retrieve your undelivered emails now, they may be lost forever.
umbc.edu Email Server
The link to “download” undelivered emails leads to a website which prompts users to enter their UMBC credentials, potentially giving malicious actors access to victims’ UMBC accounts.
Notice the warning signs in this email. First, check the sender address, and notice that the supposed "umbc.edu System Administrator" is not using a umbc.edu address. Next, check the time and time zone of the message. The time zone UTC+0800 is used in China and parts of Australia and Russia, for example, but not anywhere that a legitimate email about your UMBC account would likely originate. Finally, be wary of unexpected emails requiring immediate action. Malicious actors try to induce panic to make victims act before thinking about the risks.
See a similar email reported at the University of North Carolina at Chapel Hill:
https://its.unc.edu/phish-alert/you-have-9-pending-emails-download-them-now/
If you do receive this or any other email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.
How do I forward full email headers?
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
To read more articles published by DOIT visit:
https://itsecurity.umbc.edu/critical/?tag=notice.
https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19
Posted: September 11, 2020, 11:22 AM