2017-12-15: Fraudulent "email account is nearly full" message

The message below was detected as spam - but it uses a number of common tactics by spammers so we wanted to use this as an example.  A screenshot of the original email is below (the email address of the person who reported it to me was listed in the message and is redacted):

Example screenshot of phishing email received.  The text of the message was "The <email address of recipient> email account is nearly full.  The email account currently uses 92% of its capacity.  Upgrade your e-mail mailbox as soon as possible in order to prevent the loss of any future email, follow the below link to upgrade your account to a larger quota (followed by a fraudulent link, and a copyright statement).

We've broken down the email to highlight a number of red flags that should raise your suspicion, if you receive an email of this nature:

Example screenshot of phishing email received.  The text of the message was "The <email address of recipient> email account is nearly full.  The email account currently uses 92% of its capacity.  Upgrade your e-mail mailbox as soon as possible in order to prevent the loss of any future email, follow the below link to upgrade your account to a larger quota (followed by a fraudulent link, and a copyright statement).

1.    They put ‘newpaltz.edu’ in the name portion of the from address, but the actual email is from emailalert@upgrade.com.  That is an address which has nothing to do with the college and should be a sign the message is not from the college.
2.    If you look at the text of the link without hovering over it – it says newpaltz.edu, but that isn’t the actual destination.  Hovering over it shows the actual destination (which I’ve redacted a portion of to prevent anyone from trying it).
3.    The message has “Copyright 2017 newpaltz.edu, Inc.”.  For some reason, cyber criminals LOVE putting copyright statements at the bottom of their messages.  They think it gives their message legitimacy.  Perhaps it would for some organizations, but you’ll note that no legitimate emails sent the college ever have a copyright statement at the end (much less once that refers to us as Incorporated).

Oh – and they also use a common fear tactic.  They state that your account is running out of space and if you don’t act now you’re going to start missing email.  As of now there isn’t a single person at the college who has more than 50% of their mail quota (50 Gigabytes) used.  If you legitimately want to see how much space your account is using on Office 365, see our article "Email Quota: Current and Maximum Values".

Not every scam email uses such obvious tactics – but the vast majority can be detected by simply hovering over links before clicking on them.

If you receive an email which you feel is suspicious (that isn’t already marked as Junk), please forward it to: InformationSecurity@newpaltz.edu and we will get back to you.

Thanks all for continuing to report suspicious emails!