An email arrives in your inbox with the subject of “Helpdesk Upgrade Alert”, tells you that your mailbox is almost full, and it includes a handy indicator saying that of your 244 MB quota, you have used 241MB.
The text reads, “The Helpdesk is upgrading and maintaining database Server from the old Microsoft Server (No420134x) to the new Microsoft Server (No520193x) CLICK HERE” (With a link) and a nice “Thank You” from the “Helpdesk Upgrade Team”.
That’s just fantastic! *FINALLY* they are getting around to upgrading your database server. Trouble is, that’s not the case at all. Instead, this is an ongoing scam, and apparently it works well or we likely would not be seeing as many of them as we do.
This phishing attempt is not all that sophisticated, just a very basic social engineering email offering that link, with text prompts you for anything in the email itself, so this type of message slips past many anti-spam / anti-malware packages, including the Barracuda email appliance.
How do you know this type of message is a scam? For one thing, you probably don’t have a “Helpdesk Upgrade Team” working on the upgrade of your old Microsoft server, however, even if you do, the name of the sender is likely not familiar to you. The “To:” field may be blank.
Another giveaway is that it doesn’t make sense. IE: 244MB of storage? Come on. The average mailbox is over a gig now. Gmail gives you what, 8 to start out?
Hover your mouse over the “CLICK HERE” and you will see the goes outside your company to a Google docs site. If you visit the site (if your anti-malware / anti-phishing software will let you browse there), you will see a form that asks for your username, password and email address. Here’s what it looks like:
If you are not exhausted from a 7 day work week of 12 hour days, you probably will catch on the very moment that you see this site and understand that no IT department in the world would ask for this information in plain text, on a Google docs site.
Then again. You might just be a trusting soul and enter your username, password and email address, allowing whoever monitors that data to freely access your account.
Should you that be you, and you just realized you have been had at some point, then it is time to change your information. If your username is JoeBlow and your email address is JoeBlow@somecompany.com, then you might even consider changing to something else. jblow or JoeCBlow, and change your password while you are at it. How long ago did this happen? Has your email been monitored and harvested for a long period of time? If banking information, a credit card or social security numbers were sent in email, ever, then you might have bigger things to worry about.
Alerting your IT department or computer service provider is a great idea at this stage in the game. You want them to know, no matter how embarrassed you might be about it, as they have seen this before, and they will be more than happy to help secure your account and assess the potential damage.
Are you in the financial, legal, government or medical field or work with sensitive or proprietary data of any nature? You may have compliance issues, and those will need to be addressed, quickly. Your IT provider can assist with contacting the proper authorities.
Homeland Secure IT helps Greenville / Upstate SC businesses and individuals with these and other computer and network security issues. We can help you recover, assess the impact and protect you from it in the future. If this has never happened to you, but you are concerned it could occur at your company, to a desk worker, your CEO or yourself, please call us at 864-990-4748 and we will be happy to discuss the matter. Don’t risk identity theft!