← Back to News List

"Email Configuration Error" Phishing Attack

Phishing Attack Masquerading As Email Delivery Problem

A phishing attack urging users to download undelivered emails was reported to DoIT Security this week. Here is an example of the malicious message.

 

From: "umbc.edu System Administrator" <admin@secureserver.net>

Subject: You have 4 undelivered emails. Download them now

Date: 03 Sep 2020 14:40:40 +0800

 

Undelivered Mail Notification

Email account: (redacted)@umbc.edu

Time of error 9/3/2020 2:40:40 p.m.

Due to a recent configuration error, some of your emails have not been properly synchronized with your mailbox. Login below to clear this error and download your mails.

Download your emails

If you do not retrieve your undelivered emails now, they may be lost forever.

umbc.edu Email Server

 

The link to “download” undelivered emails leads to a website which prompts users to enter their UMBC credentials, potentially giving malicious actors access to victims’ UMBC accounts.

Notice the warning signs in this email. First, check the sender address, and notice that the supposed "umbc.edu System Administrator" is not using a umbc.edu address. Next, check the time and time zone of the message. The time zone UTC+0800 is used in China and parts of Australia and Russia, for example, but not anywhere that a legitimate email about your UMBC account would likely originate. Finally, be wary of unexpected emails requiring immediate action. Malicious actors try to induce panic to make victims act before thinking about the risks.

See a similar email reported at the University of North Carolina at Chapel Hill:

https://its.unc.edu/phish-alert/you-have-9-pending-emails-download-them-now/

 

If you do receive this or any other email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.

 

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

 

To read more articles published by DOIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19



Tags:

Posted: September 11, 2020, 11:22 AM