Watch out for new phishing e-mail – “Webmail account Certificate”!

Dear Campus Community:

We have received a number of inquiries regarding the message below (the link has been changed to protect those who might be curious and click on it).


Your Webmail account Certificate expired on the 17-1-2015, This may
interrupt your email delivery configuration, and account POP settings, page error when sending message.
To re-new your webmail Certificate, Please take a second to update your
records by link below or copy and paste link’ Do remember that your
account will work as normal after the verification process,
and your webmail Certificate will be re-newed.
Bucknell Univeristy Mail Service Team

This message is a phishing scam.  They are becoming very common because many people fall for them and disclose their credentials, essentially giving a stranger the key to his or her online identity.

With a little detective work, you can smell a “phish” a mile away.  Here are some tips using the above example.

1.  In general, it is very odd for any institution, business, etc. to send an email asking you to “click on a link” to confirm your username and password.  That has “sketchy” written all over it.

2.  Even though this message came from a Bucknell account, it was not from someone in Library and IT.  (It actually came from a Bucknell account that was compromised).  We will ALWAYS send emails signed by a Library and IT staff person.

3.  Look for terms and grammar that appear to be a bit “off.”  For example, we use terms like “Bmail,” not “Webmail.”  Who is the Bucknell Univeristy Mail Service Team, and why is “University” spelled wrong?  There are all kinds of mixed case words used (“Webmail account Certificate”) and awkward sentences (“Please take a second to update your records by link below or copy and paste link’ Do remember that your EMAIL PIN mean your EMAIL PASSWORD.”).

4.  Do you even understand what the email is talking about?  What does interrupting your email delivery configuration mean?  What is a Webmail account Certificate, and what does it do?  Why have you never received a notice like this before, and why does the first notice require immediate action?

5.  Why would Bucknell University send you to a website with a URL like this?——————-

That doesn’t seem like a legitimate, Bucknell website–especially not one where I should disclose my username and password.

Finally, since many of us receive a large volume of email, we tend to “skim” messages for highlights.  “Phishermen” count on our carelessness.  You can easily overlook suspicious messages when skimming.

This won’t be the last phishing email you receive, but hopefully this one serves as a good learning opportunity when trying to discern a message’s credibility in the future.  Of course, as many of you have done already, if you have any doubt about the legitimacy of an email message please feel free to contact Tech Support at or by calling 570.577.7777.

Thank you!

Comments are closed.


Places I've Been

The following links are virtual breadcrumbs marking the 12 most recent pages you have visited in If you want to remember a specific page forever click the pin in the top right corner and we will be sure not to replace it. Close this message.