Phishing Email Warning

Neither USC nor ITS will ever request that you submit personal information, including any passwords, over email.

When you receive questionable email, be sure to examine the email header and the Reply-to address. Most of the phishing email that USC account holders receive is sent from commercial email addresses, such as live.com. ITS will never send you email from a non-USC email address.

In addition, ITS suggests that you keep in mind the following guidelines:

  • Do not provide a user ID or password in email.
  • Do not respond to emails that require you to enter personal or financial information directly into the email.
  • Do not reply to emails asking you to send personal information.
  • Do not use your email address as a login ID or password.
  • Do not respond to emails threatening to close your account if you do not provide personal information.

If you have responded to a phishing scheme by submitting information about your USC password, you should immediately go to https://www.usc.edu/its/password to change your USC password. If you are unable to change your USC password, contact the ITS Customer Support Center at 213-740-5555 as soon as possible.

You should also beware of clicking links in suspicious email messages, since links may direct you to illegitimate websites. In the past, USC account holders have received email requesting that they use an embedded link to verify their password. The embedded link led to a fraudulent USC login page. USC account holders have also received emails that state that they have (1) Unread Secured Message. These emails include an embedded link that leads to a fraudulent web page.

To report a possible phishing attempt, forward the email to security@usc.edu. To report spam (or unwanted advertising), send the email to missedspam@usc.edu.

To learn more about phishing, see the About Phishing documentation on the ITS website.

For information on recent phishing attempts, as well as information on a variety of other security topics, please visit the ITS Security Blog at http://it-security.usc.edu.