tag:blogger.com,1999:blog-72225015269245482822024-03-13T04:47:02.275-07:00Phishing Scams Targeting the UMNUnknownnoreply@blogger.comBlogger303125tag:blogger.com,1999:blog-7222501526924548282.post-36419224334446867102019-01-16T11:42:00.003-08:002019-01-16T11:42:48.663-08:00New Year! New Blog Home!!!We've moved the University of Minnesota Phishing blog to a new home - come visit us at <a href="http://it.umn.edu/phishing">it.umn.edu/phishing</a>! Don't worry - the content here won't go away, but new posts will be at our new home, <a href="http://it.umn.edu/phishing">it.umn.edu/phishing</a>! (<i>AND</i>, the handy z-link <a href="http://z.umn.edu/phishing">z.umn.edu/phishing</a> points to the new home).Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-85793713629831247252018-12-10T12:28:00.002-08:002018-12-12T13:15:05.396-08:00Example 225: Doc701234.docxGoogle doc containing phishing link sent to steal login information.<br />
<br />
<b>Message Text:</b><br />
<br />
<blockquote class="tr_bq">
From: Some Name (via Google Drive) <SomeName@gmail.com><br />
Date: Mon, Dec 10, 2018 at 12:08 PM<br />
Subject: Doc701234.docx<br />
To:<br />
Cc:<br />
SomeName@gmail.com has shared the following document:<br />
Doc701234.docx<br />
<https://drive.google.com/file/d/xxxxx><br />
[image: Unknown profile photo]John Coleman as shared a file with you<br />
Open<br />
<https://drive.google.com/file/d/XXXXX><br />
SomeName@gmail.com is outside your organization.<br />
Google Drive: Have all your files within reach from any device.<br />
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA [image:<br />
Logo for Google Drive] <https://drive.google.com></blockquote>
<div>
<b>Linked Doc/ Login Page:</b></div>
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://4.bp.blogspot.com/-18yfL7omu3s/XA7Legc3zqI/AAAAAAAACHw/Teqw3dm9b-wOQdirScfdYd76XZ5vq8RMwCLcBGAs/s1600/121018-fake-MS.jpeg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="Image of Google Doc and linked Fake Login Form" border="0" data-original-height="884" data-original-width="1325" height="213" src="https://4.bp.blogspot.com/-18yfL7omu3s/XA7Legc3zqI/AAAAAAAACHw/Teqw3dm9b-wOQdirScfdYd76XZ5vq8RMwCLcBGAs/s320/121018-fake-MS.jpeg" title="Image of Google Doc and linked Fake Login Form" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><b><i>Image of Google Doc and linked Fake Login Form</i></b></td></tr>
</tbody></table>
<div>
<b>Things to Note:</b></div>
<div>
<b><br /></b></div>
<div>
<ul>
<li>Email really comes from a Gmail account (anonymized here as "SomeName")</li>
<li>Link in email takes user to a real Google Doc </li>
<li>Google Doc goes to a Forged Office 365 web login</li>
</ul>
<div>
<b>Recommended Action:</b></div>
</div>
<div>
<ul>
<li>Forward to <a href="mailto:phishing@umn.edu">phishing@umn.edu</a></li>
<li>Mark as spam, delete</li>
</ul>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-9005066030052342512018-12-04T07:57:00.000-08:002018-12-04T07:57:08.286-08:00Example 224: WEBMAIL UPGRADE<div class="tr_bq">
Simple phishing attempt offering "email upgrade"</div>
<br />
<b>Message Text:</b><br />
<br />
<blockquote>
<i>Subject:<span style="white-space: pre;"> </span> WEBMAIL UPGRADE<br />To:<span style="white-space: pre;"> </span>"Recipients"<br />From:<span style="white-space: pre;"> </span>"IT HELP DESK" <webmaster@xxxx-info><br />Date:<span style="white-space: pre;"> </span>Mon, 03 Dec 2018 22:54:22 -0800<br />Your webmail quota has exceeded the set quota which is 2GB. you are currently running on 2.3GB to re-activate and increase your webmail quota please verify and update your webmail Account by clicking the link <u><span style="color: blue;">hxxp://www.some-domain-here.<b>cf</b>/ </span></u>fill the form for upgrade.</i></blockquote>
<br />
<b>Webform:</b><br />
<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://3.bp.blogspot.com/-Rbx1z0jqzCI/XAaiyyC16LI/AAAAAAAACHU/CLclUpknSqg0ocSWNUdS775llfV0eyUdgCLcBGAs/s1600/12042018-cf.jpeg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="fake login webform from CF domain" border="0" data-original-height="769" data-original-width="1110" height="221" src="https://3.bp.blogspot.com/-Rbx1z0jqzCI/XAaiyyC16LI/AAAAAAAACHU/CLclUpknSqg0ocSWNUdS775llfV0eyUdgCLcBGAs/s320/12042018-cf.jpeg" title="fake login webform from CF domain" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><b><i>fake login webform from CF domain</i></b></td></tr>
</tbody></table>
<br /><div>
<b>Things to Note:</b></div>
<div>
<br /></div>
<div>
<ul>
<li>No "UMN" branding</li>
<li>Email not from a @umn.edu sender</li>
<li>Message really comes from a gmail.com address, but reads "From" a .info address</li>
<li>Webform not encrypted - not https, but http - most browsers warn against putting passwords in such forms</li>
<li>Form hosted at a .cf (Central African Republic) address, <i>not</i> UMN.EDU</li>
</ul>
</div>
<div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-67927971868001691302018-12-03T12:15:00.001-08:002018-12-03T12:15:33.143-08:00Advisory: Protecting Against Identity Theft<div style="background-color: white; border: 0px; color: #333333; font-family: Arial, Helvetica, Tahoma, sans-serif; font-size: 13px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 5px 0px; vertical-align: baseline;">
<i>Timely reminder from US-CERT regarding identity theft risks from online shopping.</i></div>
<div style="background-color: white; border: 0px; color: #333333; font-family: Arial, Helvetica, Tahoma, sans-serif; font-size: 13px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 5px 0px; vertical-align: baseline;">
<br /></div>
<div style="background-color: white; border: 0px; color: #333333; font-family: Arial, Helvetica, Tahoma, sans-serif; font-size: 13px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 5px 0px; vertical-align: baseline;">
As the holidays draw near, many consumers turn to the internet to shop for goods and services. Although online shopping can offer convenience and save time, shoppers should be cautious online and protect personal information against identity theft. Identity thieves steal personal information, such as a credit card, and run up bills in the victim’s name.</div>
<div style="background-color: white; border: 0px; color: #333333; font-family: Arial, Helvetica, Tahoma, sans-serif; font-size: 13px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 5px 0px; vertical-align: baseline;">
The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers to review the following tips to help reduce the risk of falling prey to identity theft:</div>
<ul style="background-color: white; border: 0px; color: #333333; font-family: Arial, Helvetica, Tahoma, sans-serif; font-size: 13px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; list-style-image: initial; list-style-position: initial; margin: 5px 0px 5px 35px; outline: 0px; padding: 0px; vertical-align: baseline;">
<li style="border: 0px; font: inherit; margin: 0px; outline: 0px; padding: 3px 0px; vertical-align: baseline;"><a href="https://www.us-cert.gov/ncas/tips/ST05-019" style="border: 0px; color: #005ebd; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Preventing and Responding to Identity Theft</a></li>
<li style="border: 0px; font: inherit; margin: 0px; outline: 0px; padding: 3px 0px; vertical-align: baseline;"><a href="https://www.us-cert.gov/ncas/tips/ST07-001" style="border: 0px; color: #005ebd; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Shopping Safely Online</a></li>
<li style="border: 0px; font: inherit; margin: 0px; outline: 0px; padding: 3px 0px; vertical-align: baseline;"><a href="https://www.us-cert.gov/ncas/tips/ST04-014" style="border: 0px; color: #005ebd; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Avoiding Social Engineering and Phishing Attacks</a></li>
</ul>
<div style="background-color: white; border: 0px; color: #333333; font-family: Arial, Helvetica, Tahoma, sans-serif; font-size: 13px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 5px 0px; vertical-align: baseline;">
If you believe you are a victim of identity theft, visit the FTC’s <a href="http://www.identitytheft.gov/" style="border: 0px; color: #005ebd; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">identity theft website</a> to file a report and create a personal recovery plan.</div>
<div style="background-color: white; border: 0px; color: #333333; font-family: Arial, Helvetica, Tahoma, sans-serif; font-size: 13px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 5px 0px; vertical-align: baseline;">
<br /></div>
<div style="background-color: white; border: 0px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 5px 0px; text-align: right; vertical-align: baseline;">
<span style="color: #333333; font-family: Arial, Helvetica, Tahoma, sans-serif;"><span style="font-size: 13px;"><a href="https://www.us-cert.gov/ncas/current-activity/2018/11/29/Protecting-Against-Identity-Theft">https://www.us-cert.gov/ncas/current-activity/2018/11/29/Protecting-Against-Identity-Theft</a></span></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-22583177534290817272018-11-28T08:34:00.001-08:002018-11-28T08:34:36.459-08:00Advisory: Risks of Falling for a Phishing Scam<div class="field field-name-field-body field-type-text-long field-label-hidden">
<div class="field-items">
<div class="field-item even">
<i>Advice on what happens if you get phished. </i><i>From it.umn.edu:</i><br />
<i><br /></i>
<blockquote class="tr_bq">
You are popular. REALLY popular. Right now, there are people all over the world writing email, building websites <em>for you</em>! </blockquote>
<blockquote class="tr_bq">
Unfortunately a lot of this work is aimed at one thing - collecting passwords tied to your email address. </blockquote>
<blockquote class="tr_bq">
Now, getting into your email alone is kind of a big deal. Just think about all the business we conduct - personal or work-related - and how it flows through email. But that’s only the start of what can happen when you lose control of that password. </blockquote>
<blockquote class="tr_bq">
At the University our email address and password are the keys that unlock paychecks, student loans, library resources, and network access. That’s a nice treasure chest of loot for the would be cyber pirate - but wait, there’s more! </blockquote>
<blockquote class="tr_bq">
It’s not unusual to use the same password on multiple sites - we’ve all got so many to remember, right? And, oh! What do most sites use for login ID - yes, your email address! So, when some crook nabs your email address and password, they’re free to try it at Amazon, Apple, Netflix, Spotify or you name it. If you use the same password across multiple sites you’ve just created a skeleton key that opens way too many accounts.</blockquote>
<h2>
There’s hope!</h2>
<blockquote class="tr_bq">
With the roll out of <a href="https://www.blogger.com/duo-security-sign-in">Duo Security</a> at the University of Minnesota, we’ve put a significant roadblock in front of the phishers. Once you enable <a href="https://www.blogger.com/duo-security-sign-in">Duo Security</a> on your account, your password alone will not grant access to your UMN resources (though some, for example, VPN and WiFi are not protected by Duo Security). </blockquote>
<blockquote class="tr_bq">
Many, if not most, non-UMN resources can use two factor authentication. Take some time to protect your other accounts. Check out <a href="https://twofactorauth.org/">https://twofactorauth.org/</a> for information on what you can do to add this important tool to your other accounts. </blockquote>
<blockquote class="tr_bq">
Next - stop using the same password on multiple accounts. Get a system to manage your passwords - even a paper notebook is a solution. But tools like <a href="https://www.lastpass.com/">Lastpass</a>, <a href="https://pwsafe.org/">Password Safe</a>, or <a href="http://keepass.info/">Keepass</a> will give you a lot of power in managing your many accounts. Also, be sure to set up a strong <a href="https://www.blogger.com/good-practice/choose-strong-passwords-keep-them-safe">password</a> or <a href="https://www.blogger.com/good-practice/create-secure-memorable-passphrase">passphrase</a>, here are some <a href="https://www.blogger.com/good-practice/create-secure-memorable-passphrase">tips</a>. </blockquote>
<blockquote class="tr_bq">
And remember - a very strong way to assert control over your accounts is to change your password. If ever you are concerned that your password has been stolen - change it! It’s as simple as going to <a href="http://my-account.umn.edu/">my-account.umn.edu</a>. </blockquote>
<blockquote class="tr_bq">
One last tip from Brad Paisley: “The Internet Is Forever.” In other words, do not reuse old passwords. There is a worldwide active market in stolen passwords - once stolen, the passwords on those lists never go out of circulation. So don’t go back to that favorite password from long ago!</blockquote>
<br />
<div style="text-align: right;">
<a href="https://it.umn.edu/news/expert-phishing">https://it.umn.edu/news/expert-phishing</a></div>
</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-4114260098504784502018-11-12T09:42:00.000-08:002018-11-12T15:30:14.913-08:00Advisory: "The Boss Needs iTunes Gift Cards For Customers... NOW"Good summary of scam emails "from" the boss requesting purchase of iTune (or other) gift cards.<br />
<div>
<br /></div>
<div>
<i>NOTE: This is <b>not hypothetical</b> - we've seen multiple attempts to use this fraud against the University of Minnesota community.</i><br />
<i><br /></i>
<b>From blog.knowbe4.com:</b></div>
<blockquote class="tr_bq" style="color: #666666; line-height: 24px; margin-bottom: 20px;">
<i><b><br /></b>If you ever wondered if those iTunes gift card phishes really work, see the below email exchange.<br />Yep, that overzealous employee actually drove around town from store to store picking up iTunes gift cards for the bad guys because there was a limit on the number of cards that could be bought at any one store at one time.<br />All told poor Emily bought TWENTY $100.00 iTunes gift cards for these criminals. Still worse, she put them ON HER OWN PERSONAL CREDIT CARD!<br />Wonder if her company will reimburse her? Kinda feel sorry for her. Sometimes it helps to get security awareness training from your organization. Emily was not trained. Don't be Emily.<br />Here is the email exchange in chronological order. Note the time stamps are the originals and from different time zones. Names are changed to protect the innocent. John Carpenter is the C-level executive of "distracted.com" and was <a href="https://www.knowbe4.com/domain-spoof-test/" rel=" noopener" style="color: #f26721; outline: none !important; text-decoration-line: none;" target="_blank">spoofed</a> by the bad guys. </i></blockquote>
<br />
<br />
<blockquote class="tr_bq">
<br />
From: John Carpenter <officeexec.mails@inbox.lv><br />
Sent: Thursday, September 6, 2018 11:20 AM<br />
To: Emily Walker <ewalker@distracted.com><br />
Subject: Respond<br />
Let me know when you are available. There is something I need you to do.<br />
I am going into a meeting now with limited phone calls, so just reply my email.<br />
John Carpenter<br />
Sent from my iPad<br />
-----------------------------<br />
Subject: RE: Respond<br />
Date: 6 September 2018 at 21:24:35<br />
From: Emily Walker <ewalker@distracted.com><br />
To: John Carpenter <officeexec.mails@inbox.lv><br />
Did you intend to send this to me?<br />
Emily Walker<br />
Project Manager<br />
Sent from my iPhone<br />
-----------------------------<br />
From: John Carpenter <officeexec.mails@inbox.lv><br />
Sent: Thursday, September 6, 2018 11:28 AM<br />
To: Emily Walker <ewalker@distracted.com><br />
Subject: RE: Respond<br />
Yes Emily, can you get this done ASAP? I need some couple of gift cards.<br />
There are some listed clients we are presenting the gift cards. How<br />
quickly can you arrange these gift cards because i need to send them<br />
out in less than an hour. I would provide you with the type of gift<br />
cards and amount of each.<br />
<br />
Sent from my iPad<br />
---------------------<br />
Subject: RE: Respond<br />
Date: 6 September 2018 at 21:48:03<br />
From: Emily Walker <ewalker@distracted.com><br />
To: John Carpenter <officeexec.mails@inbox.lv><br />
Can do now. I’ll put on my credit card. Send me the following:<br />
Type<br />
Number<br />
Amount<br />
Emily Walker<br />
Project Manager<br />
<br />
Sent from my iPhone<br />
-------------<br />
From: John Carpenter <officeexec.mails@inbox.lv><br />
Sent: Thursday, September 6, 2018 11:52 AM<br />
To: Emily Walker <ewalker@distracted.com><br />
Subject: RE: Respond<br />
<br />
The type of card I need is Apple iTunes gift cards. $100 denomination,<br />
I need $100 X 20 cards. You might not be able to get all in one store,<br />
you can get them from different stores. When you get the cards, Scratch<br />
out the back to reveal the card codes, and email me the codes. How soon<br />
can you get that done? Its Urgent.<br />
Sent from my iPad<br />
--------------------------<br />
<br />
Subject: RE: Respond<br />
Date: 6 September 2018 at 21:55:17<br />
From: Emily Walker <ewalker@distracted.com><br />
To: John Carpenter <officeexec.mails@inbox.lv><br />
I can do now. Do you want me to do online instead?<br />
Emily Walker<br />
Project Manager<br />
<br />
Sent from my iPhone<br />
-------------------------<br />
<br />
On Sep 6, 2018, at 11:57 AM, John Carpenter <officeexec.mails@inbox.lv> wrote:<br />
I need you get physical card from the store<br />
Sent from my iPad<br />
---------------------------<br />
Subject: Re: Respond<br />
Date: 6 September 2018 at 22:01:32<br />
From: Emily Walker <ewalker@distracted.com><br />
To: John Carpenter <officeexec.mails@inbox.lv><br />
On my way to store now. What time need by?<br />
Sent from my iPhone<br />
---------------------<br />
<br />
On Sep 6, 2018, at 12:05 PM, John Carpenter <officeexec.mails@inbox.lv> wrote:<br />
As soon as you can. I will await codes<br />
Sent from my iPad<br />
<br />
--------------------------<br />
Subject: Re: Respond<br />
Date: 6 September 2018 at 22:13:37<br />
From: Emily Walker <ewalker@distracted.com><br />
To: John Carpenter <officeexec.mails@inbox.lv><br />
If choice between the two do you want $15 or $25?<br />
Sent from my iPhone<br />
---------------------<br />
<br />
On Sep 6, 2018, at 12:16 PM, John Carpenter <officeexec.mails@inbox.lv> wrote:<br />
$100<br />
Sent from my iPad<br />
----------------<br />
<br />
Subject: Re: Respond<br />
Date: 6 September 2018 at 22:51:58<br />
From: Emily Walker <ewalker@distracted.com><br />
To: John Carpenter <officeexec.mails@inbox.lv><br />
<br />
Just texted you the first 11 codes. Heading to another store now. 5 and 6 limit per store.<br />
Sent from my iPhone<br />
------------------------<br />
On Sep 6, 2018, at 12:54 PM, John Carpenter <officeexec.mails@inbox.lv> wrote:<br />
Email the codes to me<br />
Sent from my iPad<br />
---------- </blockquote>
<blockquote class="tr_bq">
<i>End of email thread. One hour and twenty five minutes later, the bad guys had 2 thousand dollars in iTunes gift cards in their hands and Emily had charged all of them on her personal credit card. OUCH!<br />I suggest you send the following to your employees in accounting specifically. You're welcome to copy, paste, and/or edit:<br />The bad guys are getting creative with hybrid giftcard / CEO Fraud scams, There is a massive campaign underway where they are impersonating an executive and urgently ask for gift cards to be bought for customers. The numbers need to be emailed or texted to the boss, after they are physically bought at stores. N ever comply with request like that and always confirm using a live phone call to make sure this is not a scam. Sometimes it's OK to say "no" to the boss!</i></blockquote>
<blockquote class="tr_bq">
<i>Can Your Domain Be Spoofed?<br /><br />Did you know that one of the first things hackers try is to see if they can spoof the email address of someone in your own domain? Now they can launch a "CEO fraud" spear phishing attack on your organization.<br /> </i></blockquote>
<a href="https://blog.knowbe4.com/scam-of-the-week-the-boss-needs-itunes-gift-cards-for-customers...-now">https://blog.knowbe4.com/scam-of-the-week-the-boss-needs-itunes-gift-cards-for-customers...-now</a>Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-7222501526924548282.post-38873112307081461222018-10-03T12:43:00.002-07:002018-10-03T12:43:30.450-07:00Advisory: Facebook breach: what to do nextFTC advice regarding the recent Facebook breach.<br />
<br />
<h2>
Facebook breach: what to do next</h2>
<div class="block block-sharetext clearfix" id="block-sharetext-Custom Share Block" style="background-color: white; box-sizing: border-box; color: #595959; font-family: "Source Sans Pro", sans-serif; font-size: 17px; margin: 1em 0px; padding: 0px; position: relative; width: 300px;">
<div class="share-box" style="box-sizing: border-box; display: inline-block; margin: 0px; padding: 0px;">
<div class="holder" style="box-sizing: border-box; margin: 0px; padding: 0px;">
<div class="block" style="box-sizing: border-box; margin: 0px; padding: 0px; position: relative;">
<div class="item-list" style="box-sizing: border-box; margin: 0px; padding: 0px;">
</div>
</div>
</div>
</div>
</div>
<div class="block block-system clearfix" id="block-system-main" style="background-color: white; box-sizing: border-box; margin: 0px; padding: 0px; position: relative;">
<div class="node node-blog-post" id="node-9796" style="border-bottom: 1px solid rgb(186, 186, 186); box-sizing: border-box; clear: both; margin: 0px; padding: 0px 0px 8rem;">
<div class="node-inner" style="box-sizing: border-box; margin: 0px; padding: 0px;">
<div class="submitted" style="box-sizing: border-box; color: #747474; font-family: "Source Sans Pro", sans-serif; font-size: 17px; margin: 0px; padding: 0px 0px 2.5rem;">
October 3, 2018<div class="author" style="box-sizing: border-box; margin: 0px; padding: 0px;">
by <div class="field field-name-field-author field-type-text field-label-hidden" style="box-sizing: border-box; display: inline; margin: 0px; padding: 0px;">
Lisa Weintraub Schifferle</div>
</div>
<div class="field field-name-field-author-title field-type-text field-label-hidden" style="box-sizing: border-box; margin: 0px; padding: 0px;">
Attorney, FTC, Division of Consumer and Business Education</div>
</div>
<div class="content" style="box-sizing: border-box; margin: 0px; padding: 0px;">
<div class="field field-name-body field-type-text-with-summary field-label-hidden" style="box-sizing: border-box; margin: 0px; padding: 0px;">
<div style="box-sizing: border-box; color: #595959; font-family: "Source Sans Pro", sans-serif; font-size: 17px; margin-bottom: 1em; overflow-wrap: break-word; padding: 0px; white-space: pre-line;">
Facebook recently announced the <a class="extlink" href="https://newsroom.fb.com/news/2018/09/security-update/" style="box-sizing: border-box; color: #2389c3; margin: 0px; padding: 0px; text-decoration-line: none; transition: all 0.15s linear 0s;">largest breach in the company’s history</a>. The breach affected about 50 million users, allowing hackers to take over their accounts. If you use Facebook, you may be wondering what to do next. Here are a few steps you can take.</div>
<div style="box-sizing: border-box; color: #595959; font-family: "Source Sans Pro", sans-serif; font-size: 17px; margin-bottom: 1em; overflow-wrap: break-word; padding: 0px; white-space: pre-line;">
First, you probably want to know more about the breach. According to Facebook, the attackers took advantage of a weakness in the “<a class="extlink" href="https://www.facebook.com/help/288066747875915?helpref=faq_content" style="box-sizing: border-box; color: #2389c3; margin: 0px; padding: 0px; text-decoration-line: none; transition: all 0.15s linear 0s;">View As</a>” feature, which lets people see what their profile looks like to others. <span style="box-sizing: border-box; margin: 0px; padding: 0px;">The hackers stole digital keys that keep you logged in to Facebook so you don’t need to re-enter your password every time. </span>Facebook says they’ve fixed the vulnerabilities and reset digital keys on 50 million affected accounts, plus an additional 40 million accounts that used the “View As” function.</div>
<div style="box-sizing: border-box; color: #595959; font-family: "Source Sans Pro", sans-serif; font-size: 17px; margin-bottom: 1em; overflow-wrap: break-word; padding: 0px; white-space: pre-line;">
To better protect yourself after this breach:</div>
<ul style="box-sizing: border-box; color: #595959; font-family: "Source Sans Pro", sans-serif; font-size: 17px; margin: 0px 0px 2rem 3rem; padding: 0px 0px 0px 3rem;">
<li style="box-sizing: border-box; margin: 5px 0px; padding: 0px;">Watch out for <a href="https://www.consumer.ftc.gov/features/feature-0037-imposter-scams" style="box-sizing: border-box; color: #2389c3; margin: 0px; padding: 0px; text-decoration-line: none; transition: all 0.15s linear 0s;">imposter scams</a>.<span style="box-sizing: border-box; margin: 0px; padding: 0px;"> With access to your Facebook account, hackers can get a lot of information about you. That information could be used to impersonate people you know or companies you do business with. If someone calls you out of the blue, asking for money or personal information, hang up. Then, if you want to know for sure if the person calling you was really your family member or was really from a company you know and trust, call them back at a number you know to be correct before you give any information or money. And remember: anyone who demands that you pay by gift card or by wiring money is scamming you. Always.</span><br style="box-sizing: border-box; margin: 0px; padding: 0px;" /> </li>
<li style="box-sizing: border-box; margin: 5px 0px; padding: 0px;">Consider changing your password. Facebook says that it fixed the vulnerability, so there’s no need to change your password. But, to be safe, log in and change your password anyway. If you use the same password other places, change it there, too. Don’t forget to change your security questions, as well – especially if the answers include information that could be found in your Facebook account.</li>
</ul>
<div style="box-sizing: border-box; color: #595959; font-family: "Source Sans Pro", sans-serif; font-size: 17px; margin-bottom: 1em; overflow-wrap: break-word; padding: 0px; white-space: pre-line;">
For more information about what to do after a data breach, visit <a href="http://www.identitytheft.gov/databreach" style="box-sizing: border-box; color: #2389c3; margin: 0px; padding: 0px; text-decoration-line: none; transition: all 0.15s linear 0s;">IdentityTheft.gov/databreach</a> and watch the FTC’s video on <a href="https://www.consumer.ftc.gov/media/video-0127-what-do-after-data-breach" style="box-sizing: border-box; color: #2389c3; margin: 0px; padding: 0px; text-decoration-line: none; transition: all 0.15s linear 0s;">What to Do After a Data Breach</a>.</div>
<div style="box-sizing: border-box; color: #595959; font-family: "Source Sans Pro", sans-serif; font-size: 17px; margin-bottom: 1em; overflow-wrap: break-word; padding: 0px; white-space: pre-line;">
If you learn that someone has misused your personal information, go to <a href="http://www.identitytheft.gov/" style="box-sizing: border-box; color: #2389c3; margin: 0px; padding: 0px; text-decoration-line: none; transition: all 0.15s linear 0s;">IdentityTheft.gov</a> to report identity theft and get a personal recovery plan. Because recovering from identity theft – and data breaches – is easier with a plan.</div>
<div style="box-sizing: border-box; margin-bottom: 1em; overflow-wrap: break-word; padding: 0px; text-align: right;">
<span style="color: #595959; font-family: Source Sans Pro, sans-serif;"><span style="font-size: 17px; white-space: pre-line;"><a href="https://www.consumer.ftc.gov/blog/2018/10/facebook-breach-what-do-next">https://www.consumer.ftc.gov/blog/2018/10/facebook-breach-what-do-next</a></span></span></div>
</div>
</div>
</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-39335497576421944972018-10-02T11:20:00.000-07:002018-10-02T11:20:03.880-07:00Advisory: 5 Easy Ways to Protect Yourself Online<b><i>Tips from staysafeonline.org:</i></b><h3 style="background-color: white; background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; color: #222222; font-family: sofia-pro; line-height: 43.2px; margin: 0px 0px 0.5em; padding: 0px;">
<span style="font-size: large;">Every day, it seems we hear about a new internet scam, from <u style="background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; line-height: inherit; margin: 0px; padding: 0px;"><a href="https://www.bbb.org/new-york-city/get-consumer-help/articles/the-nigerian-prince-old-scam-new-twist/" style="background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; color: #4f91cd; line-height: inherit; margin: 0px; padding: 0px; text-decoration-line: none; touch-action: manipulation; transition: all 0.3s ease 0s;">Nigerian princes</a></u>requesting a wire transfer of $10,000 to <u style="background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; line-height: inherit; margin: 0px; padding: 0px;"><a href="https://www.eharmony.com.au/dating-advice/trust-and-safety/10-ways-to-catch-out-a-catfish#.W2m3HNhKjIF" style="background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; color: #4f91cd; line-height: inherit; margin: 0px; padding: 0px; text-decoration-line: none; touch-action: manipulation; transition: all 0.3s ease 0s;">online dating catfishing</a></u>. As helpful as the internet can be, such stories are worrisome.</span></h3>
<div style="background-color: white; background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; color: #5b5e6c; font-family: lexia; font-size: 18px; line-height: 28.8px; margin-bottom: 25px; padding: 0px;">
While the internet can sometimes seem like a jungle of a million different threats, you can take steps to protect yourself. Here are five easy, free and quick ways to safeguard yourself.</div>
<ol style="background-color: white; background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; color: #5b5e6c; font-family: lexia; font-size: 18px; line-height: 30px; margin: 0px 0px 30px 25px; padding: 0px 0px 0px 25px;">
<li style="background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; font-size: inherit; line-height: inherit; margin: 0px; padding: 0px;"><span style="background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; font-size: inherit; font-weight: bolder; line-height: inherit; margin: 0px; padding: 0px;">Enable Two-Step Authentication</span></li>
</ol>
<div style="background-color: white; background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; color: #5b5e6c; font-family: lexia; font-size: 18px; line-height: 28.8px; margin-bottom: 25px; padding: 0px;">
Also known as multi- or two-factor authentication or login approval – two-step verification provides an extra layer of security beyond your username and password to protect against account hijacking. When using this security mechanism, you will log in using your password and then be prompted verify your identity again. This second verification is usually done via a biometric (fingerprint or face scan), security keys or a unique one-time code through an app on your mobile device.</div>
<div style="background-color: white; background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; color: #5b5e6c; font-family: lexia; font-size: 18px; line-height: 28.8px; margin-bottom: 25px; padding: 0px;">
Many websites and companies <u style="background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; font-size: inherit; line-height: inherit; margin: 0px; padding: 0px;"><a href="https://www.cnet.com/how-to/how-and-why-to-use-two-factor-authentication/" style="background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; color: #4f91cd; font-size: inherit; line-height: inherit; margin: 0px; padding: 0px; text-decoration-line: none; touch-action: manipulation; transition: all 0.3s ease 0s;">offer two-step verification</a></u>, and they make it easy to set up this second layer – usually found in the settings section of your account. Using two-step authentication can help you feel more secure, especially for sites containing your financial information.</div>
<div>
....</div>
<div>
<ol start="2" style="background-color: white; background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; line-height: 30px; margin: 0px 0px 30px 25px; padding: 0px 0px 0px 25px;">
<li style="background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; font-family: lexia; font-size: inherit; line-height: inherit; margin: 0px; padding: 0px;"><span style="background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; font-size: inherit; line-height: inherit; margin: 0px; padding: 0px;"><b>Check a Site’s SSL Certificate ....</b></span></li>
<li style="background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; line-height: inherit; margin: 0px; padding: 0px;"><b>Don’t Save Financial Information on Shopping Sites ...</b></li>
<b>
<li style="background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; display: inline !important; line-height: inherit; margin: 0px; padding: 0px;"></li>
</b>
<li style="background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; line-height: inherit; margin: 0px; padding: 0px;"><b style="font-family: lexia; font-size: 18px;">Be Careful Who You Trust ...</b></li>
<b>
<li style="background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; display: inline !important; font-size: 18px; line-height: inherit; margin: 0px; padding: 0px;"></li>
</b>
<li style="background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; font-size: inherit; line-height: inherit; margin: 0px; padding: 0px;"><span style="background-repeat: no-repeat; border-style: solid; border-width: 0px; box-sizing: inherit; font-size: inherit; line-height: inherit; margin: 0px; padding: 0px;"><b>Create Strong, Unique Passwords ...</b></span></li>
</ol>
</div>
<div style="text-align: right;">
<a href="https://staysafeonline.org/blog/5-easy-online-safety-tips/">https://staysafeonline.org/blog/5-easy-online-safety-tips/</a></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-67493180672316073432018-09-21T11:35:00.002-07:002018-09-21T11:37:56.344-07:00Advisory: Credit Freezes are Free: Let the Ice Age BeginGood news - credit freezes are now free in every US State - this is a valuable tool to prevent identity thieves from accessing your credit history, from krebsonsecurity.com:<br />
<br />
<small style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #cccccc; float: left; font-family: Helvetica, Arial; font-size: 10px; font-weight: bold; margin: -10px 0px 0px; outline: 0px; padding: 10px 8px 5px 0px; text-align: justify; text-transform: uppercase; vertical-align: baseline;"><br />SEP 18</small><br />
<h2 class="post-title" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; font-family: Helvetica, Arial; font-size: 26px !important; letter-spacing: -1px; line-height: 34px !important; margin: 0px 0px 20px; outline: 0px; padding: 0px; vertical-align: baseline;">
Credit Freezes are Free: Let the Ice Age Begin</h2>
<div class="entry" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin: 0px; outline: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #555555; font-family: Georgia; font-size: 14.4px; margin-bottom: 20px; outline: 0px; padding: 0px; vertical-align: baseline;">
It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If you’ve been holding out because you’re not particularly worried about ID theft, here’s another reason to reconsider: The credit bureaus profit from selling copies of your file to others, so freezing your file also lets you deny these dinosaurs a valuable revenue stream.</div>
<div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #555555; font-family: Georgia; font-size: 14.4px; margin-bottom: 20px; outline: 0px; padding: 0px; vertical-align: baseline;">
<img alt="" class="aligncenter wp-image-45129" height="65" src="https://krebsonsecurity.com/wp-content/uploads/2018/09/freezeme-ed.png" style="background-attachment: initial; background-clip: initial; background-image: none; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; display: block !important; font-size: 14.4px; margin: 5px 10px 10px 0px; outline: 0px; padding: 5px; text-align: center; vertical-align: baseline;" width="320" /></div>
<div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #555555; font-family: Georgia; font-size: 14.4px; margin-bottom: 20px; outline: 0px; padding: 0px; vertical-align: baseline;">
Enacted in May 2018, the <a href="https://www.congress.gov/bill/115th-congress/senate-bill/2155" rel="noopener" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #cc6600; font-size: 14.4px; margin: 0px; outline: 0px; padding: 0px; text-decoration-line: none; vertical-align: baseline;" target="_blank">Economic Growth, Regulatory Relief and Consumer Protection Act</a> rolls back some of the restrictions placed on banks in the wake of the Great Recession of the last decade. But it also includes a silver lining. Previously, states allowed the bureaus to charge a confusing range of fees for placing, temporarily thawing or lifting a credit freeze. Today, those fees no longer exist.</div>
<div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #555555; font-family: Georgia; font-size: 14.4px; margin-bottom: 20px; outline: 0px; padding: 0px; vertical-align: baseline;">
A security freeze essentially blocks any potential creditors from being able to view or “pull” your credit file, unless you affirmatively unfreeze or thaw your file beforehand. With a freeze in place on your credit file, ID thieves can apply for credit in your name all they want, but they will not succeed in getting new lines of credit in your name because few if any creditors will extend that credit without first being able to gauge how risky it is to loan to you (i.e., view your credit file). ....</div>
<div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; color: #555555; font-family: Georgia; font-size: 14.4px; margin-bottom: 20px; outline: 0px; padding: 0px; vertical-align: baseline;">
<br /></div>
<div style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 0px; margin-bottom: 20px; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="color: #555555; font-family: "georgia";"><span style="font-size: 14.4px;"><a href="https://krebsonsecurity.com/2018/09/credit-freezes-are-free-let-the-ice-age-begin/">https://krebsonsecurity.com/2018/09/credit-freezes-are-free-let-the-ice-age-begin/</a></span></span></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-37766982094180458392018-09-20T13:19:00.000-07:002018-09-20T13:19:01.017-07:00Advisory: Business E-Mail Compromise<div class="tr_bq">
<i>FBI warning of scam email threat called business e-mail compromise (BEC).</i></div>
<br />
<blockquote style="box-sizing: border-box; margin-bottom: 20px;">
<br />Since 2013, when the FBI began tracking an emerging financial cyber threat called business e-mail compromise (BEC), organized crime groups have targeted large and small companies and organizations in every U.S. state and more than 100 countries around the world—from non-profits and well-known corporations to churches and school systems. Losses are in the billions of dollars and climbing.</blockquote>
<br />
<blockquote style="box-sizing: border-box; margin-bottom: 20px;">
At its heart, BEC relies on the oldest trick in the con artist’s handbook: deception. But the level of sophistication in this multifaceted global fraud is unprecedented, according to law enforcement officials, and professional businesspeople continue to fall victim to the scheme.</blockquote>
<br />
<blockquote style="box-sizing: border-box; margin-bottom: 20px;">
Carried out by transnational criminal organizations that employ lawyers, linguists, hackers, and social engineers, BEC can take a variety of forms. But in just about every case, the scammers target employees with access to company finances and trick them into making wire transfers to bank accounts thought to belong to trusted partners—except the money ends up in accounts controlled by the criminals.</blockquote>
<br />
<blockquote style="box-sizing: border-box; margin-bottom: 20px;">
“BEC is a serious threat on a global scale,” said Special Agent Martin Licciardo, a veteran organized crime investigator at the FBI’s Washington Field Office. “And the criminal organizations that perpetrate these frauds are continually honing their techniques to exploit unsuspecting victims.” ...</blockquote>
<div style="text-align: right;">
<a href="https://www.fbi.gov/news/stories/business-e-mail-compromise-on-the-rise">https://www.fbi.gov/news/stories/business-e-mail-compromise-on-the-rise</a></div>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://2.bp.blogspot.com/-XmZEZ1nKBfM/W6P_zORwkGI/AAAAAAAACFw/RB4myrbQZSEx-nvSeDd9Uai8y9DnS9YTgCLcBGAs/s1600/fbi.jpeg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="Timeline of business e-mail compromise attack" border="0" data-original-height="490" data-original-width="768" height="204" src="https://2.bp.blogspot.com/-XmZEZ1nKBfM/W6P_zORwkGI/AAAAAAAACFw/RB4myrbQZSEx-nvSeDd9Uai8y9DnS9YTgCLcBGAs/s320/fbi.jpeg" title="Timeline of business e-mail compromise attack" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><i><span style="font-weight: bold;">Timeline of business e-mail compromise attack</span></i></td></tr>
</tbody></table>
See also:<div>
<ul>
<li><a href="https://www.trendmicro.com/vinfo/us/security/definition/business-email-compromise-(bec)">https://www.trendmicro.com/vinfo/us/security/definition/business-email-compromise-(bec)</a></li>
<li><a href="https://resources.infosecinstitute.com/5-real-world-examples-business-email-compromise/">https://resources.infosecinstitute.com/5-real-world-examples-business-email-compromise/</a></li>
</ul>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-87779970093430010332018-09-15T09:15:00.000-07:002018-09-15T09:17:41.232-07:00Advisory: Potential Hurricane Florence Phishing Scams<div class="grid-9 region region-content" id="region-content" style="border: 0px; display: inline; float: left; font-stretch: inherit; line-height: inherit; margin: 0px 10px; outline: 0px; padding: 0px; position: relative; vertical-align: baseline;">
<div class="region-inner region-content-inner" style="border: 0px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
Alert from US-CERT warning of scams trading off of current weather emergency.<br />
<h1 class="title" id="page-title" style="background-color: white; border: 0px; color: #b01d11; font-family: inherit; font-size: 18px; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 5px 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
</h1>
<h1 class="title" id="page-title" style="background-color: white; border: 0px; color: #b01d11; font-family: inherit; font-size: 18px; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 5px 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
Potential Hurricane Florence Phishing Scams</h1>
<div class="block block-system block-main block-system-main odd block-without-title" id="block-system-main" style="background-color: white; border: 0px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<div class="block-inner clearfix" style="border: 0px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<div class="content clearfix" style="border: 0px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<div style="color: #333333; font-family: inherit; font-size: inherit; font-style: inherit; font-variant-caps: inherit; font-variant-ligatures: inherit; font-weight: inherit;">
<br /></div>
<div style="color: #333333; font-family: inherit; font-size: inherit; font-style: inherit; font-variant-caps: inherit; font-variant-ligatures: inherit; font-weight: inherit;">
</div>
<article class="node node-current-activity node-published node-not-promoted node-not-sticky author-mferguson odd clearfix" id="node-current-activity-11513" style="border: 0px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><footer class="submitted meta-text" style="border: 0px; color: #999999; font-family: inherit; font-size: 12px; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 5px 0px; outline: 0px; padding: 5px 0px; vertical-align: baseline;">Original release date: September 14, 2018</footer><div id="social-options" style="border: 0px; color: #333333; font: inherit; margin: 10px 0px; outline: 0px; padding: 0px 0px 25px; vertical-align: baseline;">
<div id="print-button" style="border: 0px; float: left; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<span id="custom-print-button" style="border: 0px; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><a href="https://www.blogger.com/null" rel="nofollow" style="background: url("/profiles/uscert_gov/themes/uscert_gov_theme/images/common/print-button.png") left top no-repeat; border: 0px; color: #00578d; display: block; font: inherit; height: 16px; margin: 0px; outline: 0px; padding: 2px 5px 2px 10px; text-indent: -9999px; vertical-align: baseline; width: 55px;">Print Document</a></span></div>
<div id="tweet-button" style="border: 0px; float: left; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<span id="custom-tweet-button" style="border: 0px; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><a class="popup-twitter" href="https://twitter.com/share?url=https%3A%2F%2Fwww.us-cert.gov%2Fncas%2Fcurrent-activity%2F2018%2F09%2F14%2FPotential-Hurricane-Florence-Phishing-Scams" rel="nofollow" style="background: url("/profiles/uscert_gov/themes/uscert_gov_theme/images/common/tweet-button.png") left top no-repeat; border: 0px; color: #00578d; display: block; font: inherit; height: 16px; margin: 0px; outline: 0px; padding: 2px 5px 2px 10px; text-decoration-line: none; text-indent: -9999px; vertical-align: baseline; width: 55px;" target="_blank">Tweet</a></span></div>
<div id="facebook-button" style="border: 0px; float: left; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<span id="custom-facebook-button" style="border: 0px; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><a class="popup-facebook" href="https://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.us-cert.gov%2Fncas%2Fcurrent-activity%2F2018%2F09%2F14%2FPotential-Hurricane-Florence-Phishing-Scams" rel="nofollow" style="background: url("/profiles/uscert_gov/themes/uscert_gov_theme/images/common/facebook-send-button.png") left top no-repeat; border: 0px; color: #00578d; display: block; font: inherit; height: 16px; margin: 0px; outline: 0px; padding: 2px 5px 2px 10px; text-decoration-line: none; text-indent: -9999px; vertical-align: baseline; width: 55px;" target="_blank">Like Me</a></span></div>
<div id="share-button" style="border: 0px; float: left; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<span id="custom-share-button" style="border: 0px; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><a class="popup-share" href="http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fwww.us-cert.gov%2Fncas%2Fcurrent-activity%2F2018%2F09%2F14%2FPotential-Hurricane-Florence-Phishing-Scams" rel="nofollow" style="background: url("/profiles/uscert_gov/themes/uscert_gov_theme/images/common/share-button.png") left top no-repeat; border: 0px; color: #00578d; display: block; font: inherit; height: 16px; margin: 0px; outline: 0px; padding: 2px 5px 2px 10px; text-decoration-line: none; text-indent: -9999px; vertical-align: baseline; width: 55px;" target="_blank">Share</a></span></div>
</div>
<div class="content clearfix" style="border-bottom-width: 0px; border-left-width: 0px; border-right-width: 0px; border-top: 1px solid rgb(213, 215, 218); color: #333333; font: inherit; margin: 0px; outline: 0px; padding: 10px 0px 0px; vertical-align: baseline;">
<div class="field field-name-body field-type-text-with-summary field-label-hidden" style="border: 0px; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<div class="field-items" style="border: 0px; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<div class="field-item even" style="border: 0px; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<div style="border: 0px; font: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 5px 0px; vertical-align: baseline;">
NCCIC warns users to remain vigilant for malicious cyber activity seeking to exploit interest in Hurricane Florence. Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to malicious websites. Users should exercise caution in handling any email with a subject line, attachments, or hyperlinks related to the hurricane, even if it appears to originate from a trusted source. NCCIC advises users to verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number. Contact information for many charities is available on the <a href="http://www.give.org/charity-reviews/national" style="border: 0px; color: #005ebd; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">BBB National Charity Report Index</a>. User should also be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to the hurricane.</div>
<div style="border: 0px; font: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 5px 0px; vertical-align: baseline;">
NCCIC encourages users and administrators to review the following resources for more information on phishing scams and malware campaigns:</div>
<ul style="border: 0px; font: inherit; list-style-image: initial; list-style-position: initial; margin: 5px 0px 5px 35px; outline: 0px; padding: 0px; vertical-align: baseline;">
<li style="border: 0px; font: inherit; margin: 0px; outline: 0px; padding: 3px 0px; vertical-align: baseline;">The Federal Trade Commission articles on <a href="https://www.consumer.ftc.gov/blog/2018/09/wise-giving-after-hurricane" style="border: 0px; color: #005ebd; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Wise Giving After a Hurricane</a> and <a href="http://www.consumer.ftc.gov/features/how-donate-wisely-and-avoid-charity-scams" style="border: 0px; color: #005ebd; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">How to Donate Wisely and Avoid Charity Scams</a>,</li>
<li style="border: 0px; font: inherit; margin: 0px; outline: 0px; padding: 3px 0px; vertical-align: baseline;"><a href="https://www.us-cert.gov/ncas/tips/ST04-010" style="border: 0px; color: #005ebd; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Using Caution with Email Attachments</a>, and</li>
<li style="border: 0px; font: inherit; margin: 0px; outline: 0px; padding: 3px 0px; vertical-align: baseline;"><a href="https://www.us-cert.gov/ncas/tips/ST04-014" style="border: 0px; color: #005ebd; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Avoiding Social Engineering and Phishing Attacks</a>.</li>
</ul>
</div>
</div>
</div>
</div>
<div class="privacy-and-terms" style="border-bottom: none; border-left: 0px; border-right: 0px; border-top: 1px solid rgb(213, 215, 218); font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 5px 0px; text-align: center; vertical-align: baseline;">
<span style="color: #333333; font-family: Courier New, Courier, monospace; font-size: x-small;"><b><a href="https://www.us-cert.gov/ncas/current-activity/2018/09/14/Potential-Hurricane-Florence-Phishing-Scams">https://www.us-cert.gov/ncas/current-activity/2018/09/14/Potential-Hurricane-Florence-Phishing-Scams</a></b></span></div>
</article><div style="color: #333333; font-family: inherit; font-size: inherit; font-style: inherit; font-variant-caps: inherit; font-variant-ligatures: inherit; font-weight: inherit;">
</div>
</div>
</div>
</div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-29259672819536772292018-09-05T06:37:00.002-07:002018-09-05T06:38:43.906-07:00Advisory: Active Phishing Campaign Targeting Student Email Accounts<span style="background-color: white; font-family: "arial" , "helvetica" , "trebuchet ms" , sans-serif; font-size: 18.6667px;">Federal Student Aid (FSA) has identified a malicious phishing campaign that may lead to potential fraud associated with student refunds and aid distributions.</span><br />
<div style="background-color: white; font-family: arial, helvetica, "trebuchet ms", sans-serif; font-size: 18.6667px;">
<b><br /></b></div>
<div style="background-color: white;">
<b style="font-family: arial, helvetica, "trebuchet ms", sans-serif; font-size: 18.6667px;">If you have any concerns about any suspicious financial aid messages you receive, contact One Stop for assistance: </b><br />
<div style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , "trebuchet ms" , sans-serif;"><span style="font-size: 18.6667px;"><b><a href="https://onestop.umn.edu/contact-us">https://onestop.umn.edu/contact-us</a></b></span></span></div>
</div>
<div>
<span style="font-size: 18.6667px;"><br /></span></div>
<div style="background-color: white; font-family: arial, helvetica, "trebuchet ms", sans-serif; font-size: 18.6667px;">
<b><br /></b></div>
<div style="background-color: white; font-family: arial, helvetica, "trebuchet ms", sans-serif; font-size: 18.6667px;">
<b>What is happening:</b> Multiple institutions of higher education (IHEs) have reported that attackers are using a phishing email to obtain access to student accounts via the IHE student portal (see example phishing email below). The nature of the requests indicates the attackers have done some level of research and understand the schools’ use of student portals and methods. These attacks are successful due to student compliance in providing requested information and the use of just one factor for authentication.</div>
<div style="background-color: white; font-family: arial, helvetica, "trebuchet ms", sans-serif; font-size: 18.6667px;">
Upon gaining access to the portal, the attacker changes the student’s direct deposit destination to a bank account controlled by the attacker. As a result, FSA refunds intended for the student are sent to the attacker. FSA believes that attackers are practicing and refining the scheme on a smaller scale now and that this will emerge as a prominent threat against IHEs during periods when FSA funds are disseminated in large volumes.</div>
<div style="background-color: white; font-family: arial, helvetica, "trebuchet ms", sans-serif; font-size: 18.6667px;">
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://3.bp.blogspot.com/-1252ABsw6G4/W47u1ch78YI/AAAAAAAACE8/7FqAKeWa3rcgd15-2NrjW3LS2lVXE-g2wCLcBGAs/s1600/083118PhishingTargetStudentEmail.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt=" Example of phishing message" border="0" data-original-height="519" data-original-width="946" height="218" src="https://3.bp.blogspot.com/-1252ABsw6G4/W47u1ch78YI/AAAAAAAACE8/7FqAKeWa3rcgd15-2NrjW3LS2lVXE-g2wCLcBGAs/s400/083118PhishingTargetStudentEmail.jpg" title=" Example of phishing message" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><b><i>Example of phishing message</i></b></td></tr>
</tbody></table>
<div style="background-color: white; font-family: arial, helvetica, "trebuchet ms", sans-serif; font-size: 18.6667px;">
<br /></div>
<div style="background-color: white;">
<span style="font-family: "arial" , "helvetica" , "trebuchet ms" , sans-serif; font-size: x-small;"><a href="https://ifap.ed.gov//eannouncements/083118ActivePhishingCampaignTargetStudentEmailAccount.html">https://ifap.ed.gov//eannouncements/083118ActivePhishingCampaignTargetStudentEmailAccount.html</a></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-14916896228363456072018-08-28T11:35:00.002-07:002018-08-28T11:35:34.989-07:00Example 223: Action Required: University of Minnesota Portal Validation Request <div class="tr_bq">
Fake University Login sent from compromised UMN account.</div>
<br />
<b>Message Text</b><br />
<br />
<blockquote>
From: UMN.EDU Portal < compromised UMN ACCOUNT><br />Date: Tue, Aug 28, 2018 at 12:25 PM<br />Subject: Action Required: University of Minnesota Portal Validation Request<br />To:<br /><br />------------------------------<br />* UNIVERSITY OF MINNESOTA*<br /><br /><br /><br />Dear xxxxx@umn.edu,<br />You are required to verify use of your *UMN.EDU <http://UMN.EDU>* portal<br />login. This is a routine to delete in-active email from our database.<br />Verification link expires in *72 hours*.<br />CLICK HERE TO VERIFY<br /><http://xxx xxxxxxx .com/umn-eduWebLoginService/validate.htm><br /><br />Failure to complete verification may lead to restriction of your portal<br />access. In this case, kindly contact your school IT Administrator.<br />Thank you<br />*UMN.EDU <https://www.umn.edu/> Team*</blockquote>
<div>
<b>Login Form</b></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://1.bp.blogspot.com/-TgIljxqVIOY/W4WVbQt_WiI/AAAAAAAACEU/11YxKa_kVHwLNueDeGg4NaQDtyc7MR4ywCLcBGAs/s1600/08282018-fakeumn.jpeg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt=" Fake UMN Login webform" border="0" data-original-height="689" data-original-width="991" height="222" src="https://1.bp.blogspot.com/-TgIljxqVIOY/W4WVbQt_WiI/AAAAAAAACEU/11YxKa_kVHwLNueDeGg4NaQDtyc7MR4ywCLcBGAs/s320/08282018-fakeumn.jpeg" title=" Fake UMN Login webform" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Fake UMN Login webform</td></tr>
</tbody></table>
<div>
<b>Things to Note</b></div>
<div>
<br /></div>
<div>
<ul>
<li>Email DOES come from a UMN.EDU address - a user who had their account stolen</li>
<li>Web form copies UMN login page</li>
<li>Web form hosted at a ".COM" address, NOT UMN.EDU</li>
<li>Login is NOT secure - browser in image above shows the warning.</li>
</ul>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-51119670452153945422018-08-15T06:58:00.002-07:002018-08-16T09:17:56.976-07:00News: Cyberattackers infiltrate Hennepin County workers' e-mailsCyberattackers have infiltrated e-mail accounts for about 20 Hennepin County employees since late June.<br />
<br />
Here's a reminder to be wary of unexpected emails that seem "too good to be true" - often they are neither good <i>nor </i>true:<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://3.bp.blogspot.com/-8CRyJ_Zwk38/W3QxSX9Pz9I/AAAAAAAACDc/95xOqC_f88cje-SqVkXINyf2WWzgWOQDwCLcBGAs/s1600/HennepinCO.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="Star Tribune article about cyber attack " border="0" data-original-height="774" data-original-width="560" height="320" src="https://3.bp.blogspot.com/-8CRyJ_Zwk38/W3QxSX9Pz9I/AAAAAAAACDc/95xOqC_f88cje-SqVkXINyf2WWzgWOQDwCLcBGAs/s320/HennepinCO.jpg" title="Star Tribune article about cyber attack " width="231" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><i>Star Tribune article about cyber attack </i></td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<a href="http://www.startribune.com/cyber-attackers-infiltrate-hennepin-county-workers-e-mails/490508031/">http://www.startribune.com/cyber-attackers-infiltrate-hennepin-county-workers-e-mails/490508031/</a><br />
<a href="https://minnesota.cbslocal.com/2018/08/09/cyberattack-hennepin-county-email/">https://minnesota.cbslocal.com/2018/08/09/cyberattack-hennepin-county-email/</a>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-22601805879848390172018-08-10T11:14:00.003-07:002018-08-10T13:45:43.496-07:00Example 222: Job Job Job!!!<b>Description:</b><br />
<br />
This email scam campaign appears to mostly be directed at students. It is sent by multiple senders with multiple different subject lines, including (but not limited to):<br />
<br />
<span style="background-color: white; color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif; font-size: 14px; white-space: pre-wrap;">Employment Opportunity For Student Only</span><br />
<span style="background-color: white; color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif; font-size: 14px; white-space: pre-wrap;">EMPLOYMENT OPPORTUNITY FOR MALE AND FEMALE STUDENT APPLY NOW</span><br />
<span style="background-color: white; font-size: 14px; white-space: pre-wrap;"><span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;">Employment Opportunity</span></span><br />
<span style="background-color: white; color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif; font-size: 14px; white-space: pre-wrap;">New Personal Assistant Needed ( Part-Time Job )</span><br />
<span style="background-color: white; color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif; font-size: 14px; white-space: pre-wrap;">Job Opportunity</span><br />
<span style="background-color: white; color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif; font-size: 14px; white-space: pre-wrap;">SCHOOL RESUME</span><br />
<span style="background-color: white; color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif; font-size: 14px; white-space: pre-wrap;">School Announcements</span><br />
<span style="background-color: white; color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif; font-size: 14px; white-space: pre-wrap;">University Announcements</span><br />
<span style="background-color: white; color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif; font-size: 14px; white-space: pre-wrap;"><br /></span>
<span style="background-color: white; color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif; font-size: 14px; white-space: pre-wrap;">There is a Resume.txt file attached, which is only a text file with the phony job offer, not malware. </span><br />
<span style="background-color: white; color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif; font-size: 14px; white-space: pre-wrap;"><br /></span>
<span style="background-color: white; color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif; font-size: 14px; white-space: pre-wrap;">The scam ends by the scammer asking the student for money to get through customs to come to the United States so he can hire the student.</span><br />
<span style="background-color: white; color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif; font-size: 14px; white-space: pre-wrap;"><br /></span>
<span style="background-color: white; color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif; font-size: 14px; white-space: pre-wrap;">This is a type of "Money Mule" Scam: </span><span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;"><span style="font-size: 14px; white-space: pre-wrap;"><a href="http://www.lse.ac.uk/intranet/students/supportServices/healthSafetyWellbeing/MoneyMuleScam.aspx">http://www.lse.ac.uk/intranet/students/supportServices/healthSafetyWellbeing/MoneyMuleScam.aspx</a></span></span><br />
<br />
<b>What you should do: </b><br />
<br />
<ul>
<li>Report the email as spam in Gmail to help educate Google's spam filters. </li>
<li>Do not engage with the sender.</li>
</ul>
<br />
<br />
<span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;"><span style="background-color: white; font-size: 14px; white-space: pre-wrap;"><b>Content of Resume.txt</b></span></span><br />
<span style="color: #333333; font-family: "helvetica neue" , "helvetica" , "arial" , sans-serif;"><span style="background-color: white; font-size: 14px; white-space: pre-wrap;"><br /></span></span>
<br />
<div class="MsoNormal">
Dear Student,<o:p></o:p></div>
<div class="MsoNormal">
I am Dr. Williams Morgan and I work as a clinical counselor for the
department of Disability Resources and Educational Services (DRES). I provide
individual and group therapy, coaching, assessment and academic screenings to
support students with disabilities (physical, chronic, psychiatric, and
invisible)registered with DRES. A large percentage of the students served by
the mental health unit have psychiatric disabilities or co-morbid psychiatric
disabilities and need mental health support to be successful at the university.
In addition,many University of students with academic difficulties and no prior
diagnosis are seen and assessed through the academic screening and assessment
process. I also am the director of supervision, training and coordination of
counseling psychology and clinical psychology graduate students of the United
States who have practicums at DRES and APA-accredited school psychology
pre-doctoral interns.You have received this email because you have an offer
from the University Office for Students with Disabilities to work with me while
we help Students with disabilities frustrated with ignorance and lack of
services but as my temporary personal assistant. I care about Animal Welfare,
Arts and Culture, Children, Civil Rights and Social Action, Education,
Environment, Disaster and Humanitarian Relief, Social Services and lots
more.This is a very simple employment. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
You will only help me Mail letters, Make payments at Walmart
and purchase some Items when needed. This employment only takes an hour a day
and 3 times a week for $480 weekly.I am unable to meetup for an interview
because I am currently away and helping the disabled students in Australia. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
You will be paid in advance for all tasks and purchased to
be done on my behalf and some of my personal letters and mails will be
forwarded to your residence or nearby post office for you to pick up at your
convenience. Upon my arrival we will discuss the possibility of making this a
long-term employment if I am impressed with your services while I am away. My
arrival is scheduled for the </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
First week of September 2018<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
To Apply, Please email your Full name, Address, Alternate
email (different from school email) and mobile and Correspondent will reply you as soon as
possible.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Regards,<o:p></o:p></div>
<br />
<div class="MsoNormal">
Dr Williams Morgan <o:p></o:p></div>
<pre></pre>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-80071761164954415022018-07-20T07:56:00.002-07:002018-07-25T07:00:50.509-07:00Advisory: Scam Extortion Using Leaked PasswordsAttempt to extort bitcoin payment using passwords from data breaches.<br />
<br />
<b>Scam Details</b><br />
<b><br /></b>
<br />
<ul>
<li>Victim's email and a password are exposed in a data breach, i.e. Linked-in, etc.</li>
<li>Attacker crafts an email to that email address "revealing" they know the password, with the following details:</li>
</ul>
<blockquote class="tr_bq">
<ul>
<li>They have installed malicious software on the victim's computer </li>
</ul>
<ul>
<li>They have used the victim's computer camera to secretly record the victim watching porn</li>
</ul>
</blockquote>
<blockquote class="tr_bq">
<ul>
<li>They will send the recording to the user's contacts <i>unless </i>the victim sends bitcoin payment to buy their silence.</li>
</ul>
</blockquote>
<div>
<br /></div>
<div>
<b>What's Going On</b></div>
<div>
<b><br /></b></div>
<div>
Data breaches are all too common - many yielding large "dumps" of email addresses and passwords. The attackers in this scenario are using this information to trick their victim into thinking they have been compromised - which is very, <i style="font-weight: bold;">very</i> unlikely. The most convincing piece of information is that they know a single password that the victim used somewhere at some time. Unless they use the same password everywhere (note:<i> this is a <b>very bad</b> practice</i>) it isn't going to unlock their computer.</div>
<div>
<br /></div>
<div>
<b>How You Can Protect Yourself</b></div>
<div>
</div>
<div>
<ul>
<li>Use unique, strong, passwords for each account.</li>
<li>Use a password manager to track your passwords. (<a href="http://en.wikipedia.org/wiki/Password_manager">en.wikipedia.org/wiki/Password_manager</a>)</li>
<li>Subscribe to <a href="http://haveibeenpwned.com/">haveibeenpwned.com</a> to learn if your email has shown up in password dumps - change any password if an account turns up.</li>
<li>You can use <a href="http://haveibeenpwned.com/">haveibeenpwned.com</a> to check to see if your email address has shown up in the past in any password breaches. [Note: haveibeenpwned will <b>not</b> tell you the <i>password</i> that was exposed, but it will tell you the <i>date</i> of the exposure. If your current password is newer than that date, you do not need to update your password.]</li>
</ul>
<div>
<b>See Brian Krebs (notable security blogger) take on this scam</b> at: <a href="https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/">https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/</a></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-46012469445884213412018-07-18T08:06:00.005-07:002018-07-18T08:06:41.647-07:00Example 221: University J0b Recruiting / Artnet Job Offer<div class="tr_bq">
Scam offers for employment sent to students using an image file to present the offer.</div>
<br />
<b>Messages text:</b><br />
<br />
<blockquote>
From: <br />Date: Wed, Jul 18, 2018 at 12:44 AM<br />Subject: Re: Artnet Job Offer<br />To: <br /><br />*find attached..*</blockquote>
<b><i>The above had this customized IMAGE file delivering the message:</i></b><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-jS9PkucD8W8/W09WdpmBiTI/AAAAAAAACCk/xILO1iS7VuQr_COBZYJdXxM98KvKRVCdACLcBGAs/s1600/20180718-job1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1600" data-original-width="1455" height="320" src="https://3.bp.blogspot.com/-jS9PkucD8W8/W09WdpmBiTI/AAAAAAAACCk/xILO1iS7VuQr_COBZYJdXxM98KvKRVCdACLcBGAs/s320/20180718-job1.png" width="291" /></a></div>
<br />
<blockquote>
From:<br />Date: Tue, Jul 17, 2018 at 11:26 PM<br />Subject: University J0b Recruiting<br />To:<br /> <br />Dear selected Candidate,<br />Your university recruiting department has selected you for an on-campus<br />offer. Please find attached..<br /> <br />Regards,</blockquote>
<b><i>This message, sent by a different email as the first, included this image with the gmail address used in the other "Artnet" offer:</i></b><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-_7evDHy9nko/W09WmapAXLI/AAAAAAAACCo/Cqc0m9TuK84N4va7YGlqhobAHEtdnfD3ACLcBGAs/s1600/20180718-job2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="678" data-original-width="1600" height="135" src="https://1.bp.blogspot.com/-_7evDHy9nko/W09WmapAXLI/AAAAAAAACCo/Cqc0m9TuK84N4va7YGlqhobAHEtdnfD3ACLcBGAs/s320/20180718-job2.jpg" width="320" /></a></div>
<div>
<br /></div>
<div>
<b>Things to note:</b></div>
<div>
<div style="background-color: white; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px;">
<ul style="line-height: 1.4; margin: 0.5em 0px; padding: 0px 2.5em;">
<li style="margin: 0px 0px 0.25em; padding: 0px;">Sender is unknown </li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">Email text sent as image file - presumably to avoid being detected as spam</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">Message follows standard "money mule" come-on</li>
</ul>
</div>
<div style="background-color: white; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px;">
<br /></div>
<div style="background-color: white; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px;">
<br /></div>
<div style="background-color: white; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px;">
<h1 style="font-family: Arial, Helvetica, sans-serif; font-size: 1.7em; font-weight: normal; margin: 0px; position: relative;">
What is a money mule?</h1>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12px; line-height: 14.4px;">
A money mule is someone recruited by criminals to transfer the profits of their illegal activities. The money may have been stolen directly from another bank account or may be the profits of fraud, drug trafficking, child labour or prostitution. Most of the criminals carrying out this type of crime are located abroad, so a money mule based in the UK is required to transfer the money overseas.</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12px; line-height: 14.4px;">
Although some money mules know that they are handling stolen money, criminals also target groups such as university students to unwittingly laundering the funds on their behalf.</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12px; line-height: 14.4px;">
<br /></div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12px; line-height: 14.4px;">
<br /></div>
<div style="line-height: 14.4px; text-align: right;">
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-size: 12px;"><a href="http://www.lse.ac.uk/intranet/students/supportServices/healthSafetyWellbeing/MoneyMuleScam.aspx" style="color: #888888; text-decoration-line: none;">http://www.lse.ac.uk/intranet/students/supportServices/healthSafetyWellbeing/MoneyMuleScam.aspx</a></span></span></div>
</div>
</div>
<div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-11495008121417670732018-07-18T07:31:00.001-07:002018-07-18T07:31:22.159-07:00Advisory: FTC Issues Alert on Tech Support Scams<br />
<h1 class="title" id="page-title" style="border: 0px; color: #b01d11; font-family: inherit; font-size: 18px; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 5px 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
FTC Issues Alert on Tech Support Scams</h1>
<div class="block block-system block-main block-system-main odd block-without-title" id="block-system-main" style="border: 0px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<div class="block-inner clearfix" style="border: 0px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<div class="content clearfix" style="border: 0px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<article class="node node-current-activity node-published node-not-promoted node-not-sticky author-amccarty odd clearfix" id="node-current-activity-11276" style="border: 0px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><footer class="submitted meta-text" style="background-color: white; border: 0px; color: #999999; font-family: Arial, Helvetica, Tahoma, sans-serif; font-size: 12px; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 5px 0px; outline: 0px; padding: 5px 0px; vertical-align: baseline;"><a class="popup-share" href="http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fwww.us-cert.gov%2Fncas%2Fcurrent-activity%2F2018%2F07%2F16%2FFTC-Issues-Alert-Tech-Support-Scams" rel="nofollow" style="background: url("/profiles/uscert_gov/themes/uscert_gov_theme/images/common/share-button.png") left top no-repeat; border: 0px; color: #00578d; display: inline !important; font: inherit; height: 16px; margin: 0px; outline: 0px; padding: 2px 5px 2px 10px; text-decoration-line: none; text-indent: -9999px; vertical-align: baseline; width: 55px;" target="_blank"><br /></a></footer><div class="content clearfix" style="background-color: white; border-bottom-color: initial; border-bottom-style: initial; border-image: initial; border-left-color: initial; border-left-style: initial; border-right-color: initial; border-right-style: initial; border-top-color: rgb(213, 215, 218); border-top-style: solid; border-width: 1px 0px 0px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 10px 0px 0px; vertical-align: baseline;">
<div class="field field-name-body field-type-text-with-summary field-label-hidden" style="border: 0px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<div class="field-items" style="border: 0px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<div class="field-item even" style="border: 0px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">
<div style="border: 0px; color: #333333; font: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 5px 0px; vertical-align: baseline;">
The Federal Trade Commission has released an alert on tech support scams. Scammers use pop-up messages, websites, emails, and phone calls to entice users to pay for fraudulent tech support services to repair problems that don’t exist. Users should not pay or give control of their devices to any stranger offering to fix problems. </div>
<div style="border: 0px; color: #333333; font: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 5px 0px; vertical-align: baseline;">
NCCIC encourages users and administrators to refer to the <a href="https://www.consumer.ftc.gov/blog/2018/07/avoiding-tech-support-scams" style="border: 0px; color: #005ebd; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">FTC Alert</a> and the NCCIC Tip on <a href="https://www.us-cert.gov/ncas/tips/ST04-014" style="border: 0px; color: #005ebd; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Avoiding Social Engineering and Phishing Attacks</a> for more information. If you believe you are a victim of a tech support scam, file a complaint at <a href="http://www.ftc.gov/complaint" style="border: 0px; color: #005ebd; font: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">www.FTC.gov/complaint</a>.</div>
<div class="separator" style="clear: both; color: #333333; font-family: inherit; font-size: inherit; font-style: inherit; font-variant-caps: inherit; font-variant-ligatures: inherit; font-weight: inherit; text-align: center;">
<a href="https://4.bp.blogspot.com/-9x7WBra_MQU/W09O-vSkGXI/AAAAAAAACCM/2_ERDPrFnTgYxkIGTxgh8SXVmdjF0YUBwCLcBGAs/s1600/ftc-tech.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="442" data-original-width="723" height="195" src="https://4.bp.blogspot.com/-9x7WBra_MQU/W09O-vSkGXI/AAAAAAAACCM/2_ERDPrFnTgYxkIGTxgh8SXVmdjF0YUBwCLcBGAs/s320/ftc-tech.jpg" width="320" /></a></div>
<div style="color: #333333; font-family: inherit; font-size: inherit; font-style: inherit; font-variant-caps: inherit; font-variant-ligatures: inherit; font-weight: inherit;">
<br /></div>
<div style="text-align: right;">
<span style="color: #333333; font-family: Arial, Helvetica, Tahoma, sans-serif;"><span style="font-size: 13px;"><a href="https://www.us-cert.gov/ncas/current-activity/2018/07/16/FTC-Issues-Alert-Tech-Support-Scams">https://www.us-cert.gov/ncas/current-activity/2018/07/16/FTC-Issues-Alert-Tech-Support-Scams</a></span></span></div>
</div>
</div>
</div>
</div>
</article></div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-47230275031720988922018-07-09T11:08:00.001-07:002018-07-09T11:08:17.362-07:00Advisory: Reports of scam caller 'spoofing' 911<div class="tr_bq">
<b><i>Spoofed calls "from" 911 used to steal personal information.</i></b></div>
<br />
<br />
<blockquote>
<b>MARQUETTE COUNTY, Mich</b>. (WLUC) - Marquette County Central Dispatch/Emergency Management received a report of a caller ID spoofing incident using “911” as the callback number here in Michigan.<br />A bad actor using 911 as the caller ID called a citizen and said that someone in their family had been in an accident and started to ask for personal information. The citizen called her family member and found out they were fine. If this ever happens to you, please remember this:<br /><blockquote class="tr_bq">
• If you get a voice call from 911, it will NOT be on a 911 line. If the 911 center calls you, it will always be on a 10-digit line, not a 911 line.<br />• The only time that the digits 911 will show up as an incoming communication will be via a text.<br />• If you receive a call from someone who says that they are from 911 or other public safety department (police, fire, or EMS), ask them for the number they can be reached at and call them back.<br />• NEVER give your social security, credit card, or insurance information over the phone.</blockquote>
</blockquote>
<br />
<div style="text-align: right;">
<span style="font-size: x-small;"><a href="http://www.uppermichiganssource.com/content/news/ALERT-Reports-of-scam-caller-spoofing-911-482187141.html">http://www.uppermichiganssource.com/content/news/ALERT-Reports-of-scam-caller-spoofing-911-482187141.html</a> </span></div>
<div style="text-align: right;">
<span style="font-size: x-small;"><a href="https://firstorion.com/911-spoofing/">https://firstorion.com/911-spoofing/</a></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-4377256718148256532018-06-11T11:46:00.001-07:002018-06-11T11:46:11.861-07:00Example 220: Email xxxx@umn.edu De-Activation<div class="tr_bq">
Personalized "warning" of email account closure</div>
<br />
<b>Message text:</b><br />
<br />
<blockquote>
From: <administrator@mail.com><br />Date: Mon, Jun 11, 2018 at 4:48 AM<br />Subject: Email xxxx@umn.edu De-Activation<br />To: xxxx@umn.edu<br /><br /><br /><br />Server Message<br /><br />*Dear xxx@umn.edu<br />Our record indicates that you requested to close your recent email:<br />xxxx@umn.edu. This requires that we verify with you as soon as possible.<br />If the request was accidentally made and you have no knowledge of it, you<br />may now cancel the request below<br />*Cancel Request*<br />Note: Failure to cancel this request within 24 hours will result to Email<br />Service De-Activation (ESD) and all email data will be permanently lost.<br />Regards.<br />*Email Administrator*<br />------------------------------<br />This message is auto-generated from E-mail security server, and replies<br />sent to this email can not be delivered.<br />This email is meant for: *xxxx@umn.edu <xxxx@umn.edu>*</blockquote>
<br />
<b>Web forms:</b><br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://4.bp.blogspot.com/-wDxeiZDZeYk/Wx7CcjZQE1I/AAAAAAAACAw/oe1ym4_Ek0g8goLeVGvhOBH_2gIhphlbwCLcBGAs/s1600/20180611-challenge.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="fake login form to keep account from being "canceled"" border="0" data-original-height="484" data-original-width="498" height="311" src="https://4.bp.blogspot.com/-wDxeiZDZeYk/Wx7CcjZQE1I/AAAAAAAACAw/oe1ym4_Ek0g8goLeVGvhOBH_2gIhphlbwCLcBGAs/s320/20180611-challenge.jpg" title="fake login form to keep account from being "canceled"" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><b><i>fake login form to keep account from being "canceled"\</i></b></td></tr>
</tbody></table>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><img alt="Claims of "success" in keeping account active" border="0" data-original-height="605" data-original-width="979" height="197" src="https://4.bp.blogspot.com/-Wz99DAwJvMc/Wx7Chgj5DeI/AAAAAAAACA0/8hpq0W3f9sspE5hfTsZhiUuEP6jzqkufACLcBGAs/s320/20180611-success.jpg" style="margin-left: auto; margin-right: auto;" title="Claims of "success" in keeping account active" width="320" /></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><b><i>Claims of "success" in keeping account active<br /><br /></i></b></td></tr>
</tbody></table>
<br /><b>Things to note:</b><div>
<b><br /></b></div>
<div>
<ul>
<li>Email is personalized to individual recipient</li>
<li>Web form link carries ID info so webforms have account name</li>
<li>No UMN branding in forms</li>
<li>Email does not come from a UMN.EDU address</li>
<li>Email has no contact information</li>
<li>Filling in the form "fails" and makes you try again</li>
<li>Filling in the second time "succeeds" then redirects you to a real umn.edu page.</li>
</ul>
</div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-Wz99DAwJvMc/Wx7Chgj5DeI/AAAAAAAACA0/8hpq0W3f9sspE5hfTsZhiUuEP6jzqkufACLcBGAs/s1600/20180611-success.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a><a href="https://4.bp.blogspot.com/-Wz99DAwJvMc/Wx7Chgj5DeI/AAAAAAAACA0/8hpq0W3f9sspE5hfTsZhiUuEP6jzqkufACLcBGAs/s1600/20180611-success.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<div>
<br /></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-18869848172436623532018-05-24T08:13:00.003-07:002018-05-24T08:13:44.343-07:00Advisory: FBI Releases Article on Building a Digital Defense with Credit Reports<i>Summary: <span style="background-color: white; color: #222222; font-family: arial, sans-serif; font-size: 12.8px;">FBI has released an article on using credit reports to build a digital defense against identify theft.</span></i><br />
<span style="background-color: white; color: #222222; font-family: arial, sans-serif; font-size: 12.8px;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-MhdrYsFz_eg/WwbWOyfnYjI/AAAAAAAACAM/CTbZRmHFPAwatxo72_H6lLDGM21MzgHEwCLcBGAs/s1600/fbi-id-theft.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="323" data-original-width="748" height="172" src="https://4.bp.blogspot.com/-MhdrYsFz_eg/WwbWOyfnYjI/AAAAAAAACAM/CTbZRmHFPAwatxo72_H6lLDGM21MzgHEwCLcBGAs/s400/fbi-id-theft.jpg" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Arial, Helvetica, Tahoma, sans-serif; font-size: 13px;">FBI has released an article on using credit reports to build a digital defense against identify theft. FBI explains how identity theft can deal a devastating blow to consumers' credit history. However, regularly checking the accuracy of credit reports can help consumers minimize risk.</span></div>
<div style="background-color: white; border: 0px; color: #333333; font-family: Arial, Helvetica, Tahoma, sans-serif; font-size: 13px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 5px 0px; vertical-align: baseline;">
NCCIC encourages consumers to review the <a href="https://www.fbi.gov/contact-us/field-offices/portland/news/press-releases/fbi-tech-tuesday-building-a-digital-defense-with-credit-reports" style="border: 0px; color: #005ebd; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">FBI Article</a> and NCCIC's Tip on <a href="https://www.us-cert.gov/ncas/tips/ST05-019" style="border: 0px; color: #005ebd; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Preventing and Responding to Identity Theft</a>.</div>
<span style="background-color: white; color: #222222; font-family: arial, sans-serif; font-size: 12.8px;"><br /></span>
<span style="background-color: white; color: #222222; font-family: arial, sans-serif;"><span style="font-size: xx-small;"><br /></span></span>
<div style="text-align: right;">
<span style="background-color: white;"><span style="color: #222222; font-family: arial, sans-serif; font-size: xx-small;"><a href="https://www.us-cert.gov/ncas/current-activity/2018/05/23/FBI-Releases-Article-Building-Digital-Defense-Credit-Reports">https://www.us-cert.gov/ncas/current-activity/2018/05/23/FBI-Releases-Article-Building-Digital-Defense-Credit-Reports</a></span></span></div>
<span style="background-color: white; font-size: 12.8px;"><span style="color: #222222; font-family: arial, sans-serif;"><br /></span></span>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-69412141021893705932018-05-22T06:56:00.003-07:002018-05-22T06:56:43.041-07:00Advisory: Tragedy-Related Scams<div style="background-color: white; border: 0px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 5px 0px; vertical-align: baseline;">
<span style="color: #333333; font-family: Arial, Helvetica, Tahoma, sans-serif;"><span style="font-size: 13px;"><i>Summary: In the wake of the recent Texas school shooting, NCCIC advises users to watch out for possible malicious cyber activity </i></span></span></div>
<div style="background-color: white; border: 0px; color: #333333; font-family: Arial, Helvetica, Tahoma, sans-serif; font-size: 13px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 5px 0px; vertical-align: baseline;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-SBo3RqBm7Nc/WwQhZB-_8GI/AAAAAAAAB_w/3snEBAGny18VNsXqYOsg8d5T-7C-fUccwCLcBGAs/s1600/cert-scam.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="534" data-original-width="734" height="232" src="https://1.bp.blogspot.com/-SBo3RqBm7Nc/WwQhZB-_8GI/AAAAAAAAB_w/3snEBAGny18VNsXqYOsg8d5T-7C-fUccwCLcBGAs/s320/cert-scam.jpg" width="320" /></a></div>
<div style="background-color: white; border: 0px; color: #333333; font-family: Arial, Helvetica, Tahoma, sans-serif; font-size: 13px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 5px 0px; vertical-align: baseline;">
<br /></div>
<div style="background-color: white; border: 0px; color: #333333; font-family: Arial, Helvetica, Tahoma, sans-serif; font-size: 13px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 5px 0px; vertical-align: baseline;">
In the wake of the recent Texas school shooting, NCCIC advises users to watch out for possible malicious cyber activity seeking to capitalize on this tragic event. Users should exercise caution in handling emails related to the shooting, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic events. Be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to the event.</div>
<div style="background-color: white; border: 0px; color: #333333; font-family: Arial, Helvetica, Tahoma, sans-serif; font-size: 13px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 5px 0px; vertical-align: baseline;">
To avoid becoming a victim of fraudulent activity, NCCIC encourages users and administrators to review NCCIC's Tips on <a href="https://www.us-cert.gov/ncas/tips/ST04-010" style="border: 0px; color: #005ebd; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Using Caution With Email Attachments</a> and <a href="https://www.us-cert.gov/ncas/tips/ST04-014" style="border: 0px; color: #005ebd; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Avoiding Social Engineering and Phishing Attacks</a> as well as the Federal Trade Commission's article on <a href="https://www.consumer.ftc.gov/articles/0074-giving-charity" style="border: 0px; color: #005ebd; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Before Giving to a Charity</a>.</div>
<div style="background-color: white; border: 0px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 5px 0px; text-align: right; vertical-align: baseline;">
<span style="color: #333333; font-family: Arial, Helvetica, Tahoma, sans-serif;"><span style="font-size: 13px;"><a href="https://www.us-cert.gov/ncas/current-activity/2018/05/21/Tragedy-Related-Scams">https://www.us-cert.gov/ncas/current-activity/2018/05/21/Tragedy-Related-Scams</a></span></span></div>
<div style="background-color: white; border: 0px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 5px 0px; vertical-align: baseline;">
<span style="color: #333333; font-family: Arial, Helvetica, Tahoma, sans-serif;"><span style="font-size: 13px;"><br /></span></span></div>
<div style="background-color: white; border: 0px; color: #333333; font-family: Arial, Helvetica, Tahoma, sans-serif; font-size: 13px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 5px; margin-top: 5px; outline: 0px; padding: 5px 0px; vertical-align: baseline;">
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-68703814463684280832018-05-03T08:15:00.005-07:002018-05-03T08:15:53.263-07:00Example 219: XXX, Secure Your Email Communication. Now!<div class="tr_bq">
Forged (personalized) letter providing link to malicious software.</div>
<br />
<b>Message text:</b><br />
<br />
<blockquote>
From: UMN Security <umnalert@ xxxx .win><br />Date: Thu, May 3, 2018 at 7:22 AM<br />Subject: XXX, Secure Your Email Communication. Now!<br />To: xxx < xxxxx@umn.edu><br /><br />Hello Xxx,<br />As a result of the rising cyber security threat, it has become necessary<br />that the entire staff and students of this institution download and install<br />the new Microsoft Email Security Software, *<u><span style="color: blue;">WinMail Defender</span></u>* in order to <br />further protect all our email communications.<br />*<u><span style="color: blue;">WinMail Defender</span></u>* is an email security software that adds an extra layer<br />of security to your email communications. It provides end-to-end email <br />encryption, there by making it a lot more difficult for third parties and<br />other unauthorised parties to access your email communications.<br />Regards,<br />Bernard Gulachek<br />Vice President and Chief Information Officer,<br />Regents of the University of Minnesota.</blockquote>
<div>
<br /></div>
<div>
<b>Linked Form</b></div>
<div>
<br /></div>
<div>
Email contains a tinyurl.com link which redirects to this page:</div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://4.bp.blogspot.com/-7tMKxQblA2g/WusmXXOx-sI/AAAAAAAAB_I/stjIL2LHYw0eXq_j0W5EwszFovuR4kXRwCLcBGAs/s1600/050318-fakewinmail.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="webform hosting malicious software ink" border="0" data-original-height="999" data-original-width="1000" height="319" src="https://4.bp.blogspot.com/-7tMKxQblA2g/WusmXXOx-sI/AAAAAAAAB_I/stjIL2LHYw0eXq_j0W5EwszFovuR4kXRwCLcBGAs/s320/050318-fakewinmail.jpg" title="webform hosting malicious software ink" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><b><i>webform hosting malicious software ink</i></b></td></tr>
</tbody></table>
<div>
<b>Things to Note:</b></div>
<div>
<ul>
<li>Email comes from NON @umn.edu address</li>
<li>Email subject and letter address recipient by first name</li>
<li>Email link goes to a tinyurl.com (<b><i>not </i>UMN.EDU</b>) link</li>
<li>Link redirect to a site123.com page - site123.com is a free website provider</li>
<li>Link on form will download malicious software</li>
<li><b>IMPORTANT: </b></li>
</ul>
<blockquote class="tr_bq">
<ul>
<li style="text-align: left;"><b><span style="font-size: large;">If you downloaded and ran this software, contact your tech support immediately to address possible system compromise. </span></b></li>
</ul>
</blockquote>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-31518843849651307842018-04-30T10:41:00.003-07:002018-04-30T10:41:47.515-07:00Example 218: Attention!!!<div class="tr_bq">
Fraudulent email promising ATM card with money from "scam artists."</div>
<br />
<b>Message Text:</b><br />
<b><br /></b>
<blockquote>
<i>From: [BOGUS UMN ADDRESS]@umn.edu<br />Subject: Attention!!!<br />Date: April 29, 2018 at 16:00:23 CDT<br />To: Undisclosed recipients:;<br />Reply-To: < xxxxx xxxx @gmail.com><br />This is to inform you that we have been working towards the eradication of fraudsters and scam Artists in America, Europe and Africa with the help of the Organization of African Unity (OAU) United Nations (UN), European Union (EU) and FBI.<br />We have been able to track down some scam artist in various parts of Europe and African countries which includes (Spain, England, Nigeria, Republic of Benin, Burkina Faso, Ghana and Senegal with Cote d'ivoire)They are all in Government custody now, they will appear at International Criminal Court (ICC) soon for Justice.</i></blockquote>
<br />
<blockquote>
<i>During the course of investigation, we were able to recover some funds from these scam<br />artists and IMF organization have ordered the funds recovered be shared among the 50<br />Lucky people listed around the World as a compensation and this will be done randomly.<br />This notice is being directed to you because your email address was found in one of the<br />scam Artists file and computer hard-disk during investigation may be you have been scammed. </i></blockquote>
<i><br /></i>
<blockquote>
<i>You are therefore being compensated with sum of ($300,000.00) Three hundred thousand US Dollars valid into an ATM Card which shall be mailed to you .<br />Since your email address is among the lucky beneficiaries who will receive the compensation funds, we have arranged your payment to be paid to you through ATM VISA CARD and deliver to your postal address with the pin code as to enable you withdrawal maximum of $5,000 on each withdrawal from any Bank ATM Machine of<br />your choice, until all the funds are exhausted.</i></blockquote>
<br />
<blockquote>
<i>The ATM Card with Security Pin number shall be delivered to you via courier Service,<br />depending your choice.</i></blockquote>
<br />
<blockquote>
<i>In order to proceed with this transaction, you will be required to e-mail us with the<br />following information:<br />YOUR FULL NAME:<br />YOUR AGE:<br />ADDRESS:<br />YOUR COUNTRY:<br />CITY:<br />DIRECT CONTACT PHONE NUMBER:<br />OCCUPATION:<br />NOTE:<br />Send your information to Mr. John Ewing via his email<br /> xxxxxxxxxxxxxx @gmail.com<br /><br />We advice you to stop all communications with everyone regarding your payment as you<br />have been short listed to receive the compensation and now urge you to comply and<br />receive your ATM Card funds. Your cooperation will be highly appreciated and if<br />you have any further information that will help this investigation and fight against<br />scam artist. Please do not hesitate to make it available to us.<br />Thanks for your understanding as you follow instructions while I wait to hear from you soon.<br />Yours in Services<br />Mr. John Ewing</i></blockquote>
<br />
<div>
<b>TO NOTE: </b></div>
<div>
<ul>
<li>Mail comes from a non-existent UMN address</li>
<li>Mail seeks personal information</li>
<li>Mail has no specific details - sounds more like a lottery than a legal notice</li>
<li>Mail return address is NOT to @umn.edu, but a gmail.com address</li>
</ul>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7222501526924548282.post-91208437895677300942018-04-12T09:32:00.001-07:002018-04-13T07:57:38.497-07:00Example 217: Google Chrome Critical ERROR<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
This is a scam. Do not call the "Help Desk" number. Research suggests that this scam spreads through malicious ads on web sites, so there might not be any malware or malicious browser plugins to clean up. However, we do recommend you follow your process to clean up University-owned devices, or run <a href="https://www.malwarebytes.com/mwb-download/thankyou/" target="_blank">Malwarebytes</a> or other anti-virus program for personal devices.<br />
<br />
<a href="https://1.bp.blogspot.com/-_EA63TT-iws/Ws-JSFGLAJI/AAAAAAAABAg/rrs3oSwxMokZOnL7ofHlEZ9OQblOdUMDACLcBGAs/s1600/chrome_critical.GIF" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="435" data-original-width="578" height="300" src="https://1.bp.blogspot.com/-_EA63TT-iws/Ws-JSFGLAJI/AAAAAAAABAg/rrs3oSwxMokZOnL7ofHlEZ9OQblOdUMDACLcBGAs/s400/chrome_critical.GIF" width="400" /></a>Unknownnoreply@blogger.com0