Information Technology Services - Computing, Networking and Storage
print this page   email this page

ITS Announcements

Phishing Email Warning

Please be advised that many illegitimate email messages are sent to USC account holders with variations of the Subject line: Re-Activate Your Account. These phishing schemes are attempts to steal your personal information through legitimate-looking email messages. The messages urge recipients to reply by email and include their USC password and other personal information.

Neither USC nor ITS will ever request that you submit personal information, including any passwords, over email.

When you receive questionable email, be sure to examine the email header and the Reply-to address. Most of the phishing email that USC account holders receive is sent from commercial email addresses, such as live.com. ITS will never send you email from a non-USC email address.

In addition, ITS suggests that you keep in mind the following guidelines:

  • Do not provide a user ID or password in email.
  • Do not respond to emails that require you to enter personal or financial information directly into the email.
  • Do not reply to emails asking you to send personal information.
  • Do not use your email address as a login ID or password.
  • Do not respond to emails threatening to close your account if you do not provide personal information.


If you have responded to a phishing scheme by submitting information about your USC password, you should immediately go to https://www.usc.edu/its/password to change your USC password. If you are unable to change your USC password, contact the ITS Customer Support Center at 213-740-5555 as soon as possible.

You should also beware of clicking links in suspicious email messages, since links may direct you to illegitimate websites. In the past, USC account holders have received email requesting that they use an embedded link to verify their password. The embedded link led to a fraudulent USC login page. USC account holders have also received emails that state that they have (1) Unread Secured Message. These emails include an embedded link that leads to a fraudulent web page.

To report a possible phishing attempt, forward the email to security@usc.edu. To report spam (or unwanted advertising), send the email to missedspam@usc.edu.

To learn more about phishing, see the About Phishing documentation on the ITS website.

Below you will find a summary of some recent phishing attempts.

On January 18, 2012, some USC account holders received an email with the subject line "Upgrade to Secure Your Email Account" requesting that users follow an external link to upgrade their account. Do not click this link. The From field is dx1115@nhsh.tp.edu.tw.

On October 29, 2011, some USC account holders received an email with the subject line "Dear USC.EDU Email Account Holder" requesting that users follow an external link to confirm that their email account is active. Do not click this link. The From field is akaraogl@usc.edu.

On October 1, 2011, some USC account holders received an email with the subject line "Attn. Mail User!" requesting that users follow an external link to verify their account in order receive a larger email quota. Do not click this link. The From field is itsupport@host.net.

On April 19, 2011, some USC account holders received an email with the subject line "Announcements" requesting that users send their first name, last name, email address, username, and password to ITS due to an error with their USC Webmail account. The From field is USC@zajil.net.

On March 19, 2011, some USC account holders received an email with the subject line "USC - ITS Notice/News" requesting that users send their username, password, and telephone number to ITS due to an error with their USC Webmail account. The From field is its-help@admin.in.th.

On October 18, 2010, some USC account holders received and email with the subject line "Dear USC Webmail Subscriber" requesting that users send their webmail details due to the account being compromised. The From field is weboline@cyberservices.com.

On October 8, 2010, some USC account holders received email with the Subject line "Dear University of Southern California Webmail User" requesting that users send their email account details. The From field is serviceupdate98@gmail.com.

In October 2009, some USC account holders received email from various non-USC .edu addresses with the Subject line: "System Administrator." These messages notified recipients that their email quota had been exceeded and urged recipients to click a link to request additional storage space.

On January 28, 2009, some USC account holders received email with the Subject line "Request" requesting that users send their email account details. The Reply-to field is actually verify@emailsupports.com and the From field is Systems Administrator [mailto:admin@imingo.net].

On January 26, 2009, some USC account holders received email with the Subject line "Account Verification Update" requesting that users send their email account details. The Reply-to field is actually it_service10@yahoo.com and the From field is WEBMAIL Help Desk Info@upgrade.com.

On January 26, 2009, some USC account holders received email with the Subject line "Read our latest news." requesting that users click a link to read important news. The From field is University of Southern California info@usc.edu. The phishing link is
http://www.usc-portal.com/news/.

On August 29, 2008, some USC account holders received email with the Subject line "Dear Webmail account Owner" requesting that users send their email account details. The Reply-to field is actually customer212@live.com and the From field is customer212@live.com.

On August 27, 2008, some USC account holders received email with the Subject line "Verify Your usc.edu Email Account Now!" requesting that users send their email account details. The Reply-to field is actually customerunit@administrativos.com and the From field is "usc.edu Billing Department" info@usc.edu.

On August 25, 2008, some USC account holders received email with the Subject line "University Of Southern California Email Service" requesting that users send their email account details. The Reply-to field is actually webmaster.service.edu@googlemail.com and the From field is helpdesk@usc.edu.

On June 26, 2008, some USC email account holders received an email with the Subject line "Confirm Your Account" requesting that users send their email account details. The Reply-to field is support.team1@live.com and the From field is USC SUPPORT TEAM.

On June 21, 2008, some USC email account holders received an email with the Subject line "Dear usc Webmail Subscriber" requesting that users click a link or reply to the email to confirm the status of their email account. The Reply-to field is usersubsriberguide@gmail.com and the From field is ACCOUNTMANAGER greer1tr@cmich.edu.

On June 19, 2008, some USC account holders received email from CUSTOMERCARE@USC.EDU with the Subject line: ACCOUNT UPDATE. The Reply-to field is actually customer@accountcentre.ourprofile.info.

On January 21 and 24, 2008, phishing messages were received with the Subject line "VERIFY YOUR USC EMAIL ACCOUNT NOW." These messages were mailed from non-USC email addresses, such as accountupgrades2008@live.com.

Updated on April 6, 2012 11:12 AM |