2017-06-01: Fraudulent message with subject "Scheduled System Downtime"

This message is fraudulent email that was received by some faculty and staff on May 25th.  The goal is to get people to open the attachment, click the link there, and go to a site and provide their username & password.  It is a common, though not extremely sophisticated, type of scam.

Red Flags: (These are things that not only appear in this message, but are commonly used in fraudulent messages.  You should be on the lookout for these kinds of tricks in other emails as well)

  • No company/organization information: The criminals are being lazy.  Rather than customizing a message per organization or company they are impersonating, they are just sending a generic message, not even stating what company they are.
  • Required upgrade: It is extremely common for criminals to tell you there is some sort of required upgrade that you must do.  Be suspicious of these sorts of messages.
  • Fraudulent link: If you were to hover over that "ADMIN ACCESS PORTAL" link (in the real message, it won't work in the image below), it would bring you to the following: http://<REDACTED>.com/outlookonlineaccess.com/Microsoft Outlook Web App/
    They throw a bunch of terms like "Microsoft Outlook" and "outlookonline" in the address, but the real site is the redacted portion, which just looked like five random characters.com.
  • Poor grammar: The grammar is extremely poor and definitely was written by someone without a solid grasp of English.  Though not all fraudulent emails contain poor grammar and spelling, it is extremely common.

 

Message begins below:


From: <Redacted>
Subject: SCHEDULED SYSTEM DOWNTIME - 1st June 2017