Monthly Archives: June 2016

Malicious email alert: UW acct phishing email

Another phishing email targeting UW email acct.

It initially appears to contain a link called “Click on show images to read secured message” (see image 1 below). In some email applications, clicking the link will take you directly to a malicious website. In other applications, it will turn into an image (see image 2 below), which is itself a link. If you then click anywhere on the image, it will go to a malicious website.



Another thing that is notable about this email is that the link includes and However, it does not go to a or website.

Let’s break this web address down into its components: domain, directory, and webpage.


Of the 3 components, the one you need to check is the domain. In this example, we can see it is NOT a or domain and is therefore not a legitimate UW website.

The directory and webpage components do contain and, but this does not matter. These components can be named anything.


Malicious email alert: more UW email phishing attempts

Another pair of phishing emails targeted at UW email:

From: Linscott, Brian
Sent: Wednesday, June 8, 2016 8:21 AM
Subject: Helpdesk Update

Your e-mail account was LOGIN today by Unknown IP address Unknown IP 232.22.88 233,click on the Administrator link below to validate your e-mail account or your account will be temporary block for sending more messages.

Click Link To Validate Your Account


IT Department



From: University of Washington <>
Subject: Problem with your email account
Date: June 6, 2016 12:25:53 PM PDT

Dear User,

Member Services identified a problem with your email account. To correct this issue, please click here to resolve.


© 2016 University of Washington | Seattle, WA

Malicious email alert: University of Washington

Another malicious email targeting our UW email system. Hover over the CLICKHERE link, and you will see that it goes to a malicious website.

From: Shuaoran Zhang []
Sent: Thursday, June 02, 2016 4:00 PM
Subject: University of Washington

Several of your incoming mails were placed on pending status due to a recent upgrade to our data, In order to receive the messages CLICKHERE to login and wait for response from Administrator, we apologize for any inconvenience and appreciate your understanding.

As always, your privacy and security are of utmost importance to us. We apologize if you have experienced any difficulties due to this situation, and please know that our technical staffs are working to solve the problem.


Technical Support team

University of Washington