“Email over Quota” messages? Don’t just take their word for it.

Have you gotten an email message with dire warnings that your account is (nearly) over quota, and by the way, “click here” to reactivate, clean up, or upgrade your account? I’ve gotten a few of these over the past 6 months, two of which had disguised themselves as being from someone else here at IU. One was in the athletics department (!). Who knew they cared about my email quota in athletics?

Hopefully you know enough not to panic and actually “click here,” but if you’re at IU, there are some things you can do. The first, if you have any doubts at all about whether you are actually approaching your quota, is to actually check.

If you’re using Outlook 2010 or 2013 for an Exchange account, this is ridiculously easy. Just click on the File tab, and the first view you’ll see is your account information. Next to the “Cleanup Tools” you’ll see a very straight-forward visual indicator of how much space you have left.

Screensnap of the Outlook Cleanup Tools, with a bar graph representing how much of email quota is being used.

I’m a notorious email hoarder, but since the Exchange server quota just increased to 50GB, even I have had trouble filling up my account. If you use Imail or Gmail, your quota is sadly not as generous – see http://kb.iu.edu/d/beoi for more information.

Using the Outlook Web App? Or on a Mac, using Outlook 2011 or Mac OS X Mail? There’s a lovely kb (that is, Knowledge Base) page with instructions for you as well: http://kb.iu.edu/d/aglh.

Ok, so you can check for yourself if there’s any reason to worry, but once you figure out this email message is nothing more than a phishing scam intended to get you to panic, click, and reveal personal data, what can you do? Well, it’s always fine to just delete the message, but particularly if the attack seems to be targeting IU in any way – like, for example, the message is pretending to come from someone at IU – the University Information Security Office (UISO) would like to know. The hitch is that just forwarding them the email message isn’t enough – they need the FULL HEADERS in order to track down the evil doers. So before you forward the message to it-incident@iu.edu, follow these instructions to get those full headers and paste them into the message: http://kb.iu.edu/d/adix. You may not hear back from UISO, but they’ll appreciate getting the information from you.

Finally, remember one thing: IU and UITS will never ask for your passphrase – in person, by phone, chat, or email – and that includes links in email to “verify” your account.

Leave a Reply

Your email address will not be published. Required fields are marked *