December 19, 2014

New phishing scam aims to access, divert email

The Information Technology Services security team has issued a new email phishing scam alert.

The scam uses a fraudulent email that appears to be sent from a account and warns that the user’s Office 365 mailbox has exceeded storage limits set by system administrators. The message asks that users click a link to re-validate the account and upgrade to “Office 365 plus” — a program that does not exist.

Users who click the link are prompted to enter their Office 365 email username and password combinations. Scammers then use the credentials to log in to user’s UNL email account and automatically divert all new incoming mail to an off-campus account. All email is intercepted and is not delivered to the account. Scammers use information found in email receipts and statements to gain access to university, personal and financial accounts.

Faculty, staff and students should never click on or respond to any message that asks for credentials or personal information. UNL will never ask for individual login, password or other personal information via email.

Individuals who have may have clicked the link and entered information, or who suspect their account has been compromised, should contact the Computer Help Center at, 402-472-3970 or 866-472-3970.