Cybercriminals have been exploiting compromised USC email accounts to send phishing, or fraudulent emails with the Subject line “Help Desk” or “Helpdesk" or “Service Alert.”
Please Note: The compromised emails may have a firstname.lastname@example.org email address.
WHAT IS THE OBJECTIVE OF THE EMAIL?
The messages indicate that your email account has been accessed by an unknown IP address and instruct you to click a link to validate and verify your email account. The embedded URL in the message leads to an external website that is hosted on weebly.com and designed to capture your USC NetID login credentials.
WHAT DO I DO IF I HAVE ONE OF THESE EMAIL IN MY INBOX?
Just delete it. Do not click on the login link.
WHAT IF I CLICKED ON THE LINK AND RESPONDED TO ONE OF THE EMAILS?
- Go to https://netid.usc.edu/account_services/change_password ASAP and change your passwords. (if you want to type in your own address go to usc.edu/its and click on accounts and passwords and then click on change your USC NETID password).
- If you are using that same password for other sites please change them ASAP as well.
ANY THING I COULD DO IN THE FUTURE WHEN I RECEIVE THESE TYPES OF EMAILS?
- You could check with us if the email is real or a phishing email. These phishing emails are getting better each day and harder to distinguish a real email from a fake.
- Never click on the link since the link could redirect you to fake site. You should type in the web address yourself to be sure your going to the correct site.
- Remember that USC Information Technology Services (ITS) will never ask you for your password in an email or over the phone. If you receive a call from someone you do not know and who claims to be from ITS, hang up and then call us for verification.
WHAT IS USC ITS DOING TO HELP REDUCE THESE EMAILS?
To protect the USC community from these phishing messages ITS has taken the following steps:
- They are blocking all email containing the contents of the phish. Unfortunately, this may cause some legitimate messages to be quarantined.
- They are scanning all email inboxes for copies of the phishing message and moving these messages to a quarantine.
- They are temporarily blocking access to weebly.com, which is the hosting site for the link in the messages, from the USC network.
WHO CAN I CONTACT IF I HAVE ADDITIONAL QUESTIONS?
For more information place a request, call (213) 740-5297, or visit ANN L103 or ASC 124.