Monday, November 25, 2013

Spam Report 11/25/13

Another day, another spam report, this time courtesy of one of our wonderful Help Desk Technician's, Kate!  Thanks Kate.

This morning the Help Desk received information regarding a group of spam emails that may end up in the inboxes of PLU Students, Faculty and Staff. The email fraudulently claims that the user’s mail server storage has been exceeded and that the account will be deleted if the user does not follow the link provided. Please ignore and delete this email should you receive it. A photo of this email as well as an explanation as to how it was determined to be spam are provided at the bottom of this post for your reference.

We encourage you, as always, to err on the side of caution if you receive emails that raise your suspicions in any way. The aforementioned information at the bottom of this post may help you identify key red flags that can give away a phishing email. If you are ever uncertain as to the legitimacy of an email you receive, please do not hesitate to call the Help Desk at 253-535-7525 and we will gladly assist you in determining whether or not the message comes from a source that you can trust.

If you have responded to the email pictured below and provided any information, please take the following steps to ensure the security of your account:

  • Update your epass password at
  • Update your password on any sites where you used that password (i.e., if your epass was the same as your bank password, update your bank password as well)
  • Log into your Gmail and sign out of all other sessions; to do this, scroll down to the bottom of the page and look for the section which says "Last Account Activity"; click on the "Details" link; a window will appear which will let you force sign out all other sessions.
If you need assistance with any of these steps or have questions about the phishing email, please contact the Help Desk at 253-535-7525 or email us at

This email tips us off in a number of ways. The text highlighted in the mint color is highly suspicious because it is clear that it does not come from a PLU source. The email address that it comes from is not a PLU address and the link it is advising you to follow is not at a PLU address. Furthermore, the language and format used is not that which PLU utilizes in its communication with students, faculty and staff (“Webmail Subscriber” is not how we refer to members of the PLU community, “your email account will be deleted from our server” is not action that would be taken by PLU in this case, and there is no PLU contact information given at the end).

Simple grammatical errors such as the ones highlighted here in purple are another red flag as this number of errors should not appear in communication from PLU. Finally, the general formatting of the email is unusual, see the large empty space at the top of the email, for example, highlighted here in green.