Check Out This Email Scam

Posted June 6th, 2017 at 3:44 pm.

Over the last few days we’ve seen a fairly sophisticated scam message.  We wanted to share it with you because it’s a good example of the kind of message that often catches community members unaware. Take a look below — we’ve added some circles and arrows to indicate what’s wrong with the message (click the image for a large version).


The circles highlight items that might indicate a scam.  The subject tries to convince you that the message is “definitely not a scam!”  It states that the message is scanned and verified (how?) and that it is “for you.” The address it comes from is not “One Drive,” it’s someone from an outside company.  Note that even if it was a Bryn Mawr friend or colleague, you would want to think about if identifying themselves as “One Drive” is sensible.  And the biggest culprit:  hovering your cursor over the already suspicious looking link you would find that the web address (URL) is not for a PDF at all, but takes you to a site in Pakistan (signified by .pk).  The address shows the message as originating from One Drive (actually spelled OneDrive), but references Dropbox in the email.  These are not the same service.

If you were to click the link (note: don’t click suspicious links) you would see a suspicious site:

The way the pattern repeats is suspicious, the web address is substantially different than the one the link originally went to, and the many mixed logos are misshapen.  What service is this coming from? Also, when receiving a file from any cloud service, you would either not be asked to log in, or would be asked for your login to the particular service.  The presence of “other email” is also suspicious.  If you were to click the i in a circle to the left of the web address, the browser would inform you that this site is not secure — each browser has a way to let you know, but usually you are looking for a green or closed padlock indicator (  This is a trap to ask you to enter your credentials and steal your password.

Make sure that the address of a login page makes sense (for example, if you were getting a Dropbox file from Example University, the web address should either be at or at an Example University address like, not something nonsensical like  If you are unsure, type the service’s address (like into your browser directly and log in there.  The College uses Office 365 (Outlook, OneDrive, etc.) and does not use Gmail/Google Drive, Dropbox, Box, or other services.  Look for grammatical errors, generalities, and inconsistencies.  We won’t promise never to make a mistake, but a poorly written message is a reason for suspicion.

If you receive a message like this one, do not click links or respond in any way. Delete the message or report it as Phishing in the Outlook Web App.

If you believe you’ve given your information to a phisher, immediately change your password and contact the Help Desk (610-526-7440,

Email scams come in many forms. While we work to keep you informed, attacks are increasingly diverse and sophisticated. It’s not possible for us to warn you of every message before you see it. Be cautious and suspicious.  If you ever have a question or suspicion, the Help Desk is pleased to help verify messages.

Learn how to recognize scams by completing the Information Security Education Program:

For more information:

Amy Pearlman
Director of Client Services and IT Procurement
Library & Information Technology Services
Bryn Mawr College

How do you know this message is real?

    • Signed by a real LITS staff member with a title that is verifiable on the College online directory (and is indicated as being from the same person)
    • Encourages you to verify authenticity by directly contacting valid College services (such as the Help Desk) and manually typing in URLs
    • Does not ask you to give or verify any personal or account information, offer you anything, or threaten your access to anything
    • A copy is posted at


Filed under: Announcements by Amy Pearlman

Comments are closed.