Login   |   Secure Purdue > News

Fake Exchange E-Mail Notice Circulating, Link Leads To Malware Site

A convincingly crafted e-mail has been seen circulating campus that warns that your e-mail account has been compromised and you should click a link to verify that you are the owner. Remember, Don't Just Click It! You will be led to a site that will attempt to deploy malware to your system.

Despite what the e-mail says in text, the link listed does not go to owa.purdue.edu, but rather an offsite location. Before you click any links, always check to make sure the text of the link and the address you are being sent to match. Most e-mail clients and web browsers have a link preview function that will show where a link is really going to send you. In IE and Firefox, simply hover over a link and the full URL should be displayed in the status bar at the bottom left hand side of the application. In Outlook, hover over a link and a detail box should pop up showing the link's destination.

URL shortened links from sites like bit.ly should always be treated as suspect as they will forward you to potentially dangerous or harmful sites with no warning. Most URL shortner services offer ways to verify the end destination. For example, with bit.ly take the shortened link and add a + to the end of it to get information about the link's destination. If you cannot determine the end location for a shortened URL, do not click it.

If you receive an e-mail like the one below, do not click the link. It is not a legitimate e-mail from the University.

~~~~~

From: Microsoft Exchange <owa@purdue.edu>
Date: Mon, 22 Aug 2011 16:52:52 -0400
To: <username>@purdue.edu
Subject: OWA: Your [<username>@purdue.edu] is on Restriction.

Purdue University

==================

We detected irregular action on your e-mail system on August 22, 2011.

As the Primary owner, you must verify your account activity before you
can continue using your account, and upon verification, we will remove any
restrictions placed on your account.

click on the link below:
https://owa.purdue.edu/owa/auth/login.aspx

====================================================================

You can also forward your mail from any other e-mail accounts such as
Yahoo, Hotmail, etc. to your Webmail account so that your contacts won't
have to memorize a new e-mail address and you can access all of your mail
in one place. You can find forwarding instructions for your other e-mail
accounts in their online documentation.

Webmail service has reserved a system maintenance window of Saturdays from 4:00 a.m.
to 8:00 a.m. that will be used only if Webmail service needs to perform any work that
will take the system off-line. Otherwise, the e-mail system will
be available around the clock.


Thank You,
Microsoft Exchange

~~~~~

Posted by Anthony Paladino on August 23, 2011, in Secure Purdue News.