Received October 2014
Simple spam requesting login credentials via email.
Message text:
Subject: IT Help Desk Requirement
Date: Fri, 24 Oct 2014 09:46:08 +0100
From: IT Help Desk <xxxxxxxx@gmail.com>
Reply-To: xxxxxxxx@gmail.com
To: undisclosed-recipients:;
Hello,
A shadow server upgrade is been carried out. A bigger and better
server is been employed to meet with up-to-date information technology
services. In order to ensure that your files, folders and accessories
are accurately updated, do endeavor to submit the following info:
Your Email:
Your User Login:
Your User Password:
If you disregard this instruction, your account would not be updated
at the completion of this upgrade. This means that your current login
credentials would be null and void and also note that lost account
properties may not be recovered after upgrade is completed if you do not
comply. Do note that during this exercise, your account credentials and
particulars will not be altered and you will receive a notification to
change them yourself here after.
Thank You.
Help Desk
Information Technology
Friday, October 24, 2014
Thursday, October 23, 2014
Phishing Example 72: IMPORTANT****** System Admin Team
Received late September 2014:
This very deceptive message was hosted at a URL that was NOT at a umn.edu address, but included text in their URL which resembles umn.edu URLs used for logins.
The URL address was at
university-of-minnesota.system-info.info
(note: this site has been taken down) Because the last part of the URL included what looked like a umn.edu address it may have seemed legitimate.
Message text:
From:
Date: Mon, Sep 29, 2014 at 11:46 AM
Subject: IMPORTANT****** System Admin Team
To:
The Technology Team will be performing a Data Center-wide infrastructure
upgrade to protect against phishing. Please Click here
<hxxp://xxxxxxxxxx.xxx.xx.info/idp2.shib.umn.edu/idp/umn/login.html>
to complete the upgrade. If in rare case you are unable to click the
link, then you can copy and paste the below link on your browser.
hxxp://xxxxxxxxxx.xxx.xx.info/idp2.shib.umn.edu/idp/umn/login.html
Some remaining maintenance may still be undergoing for large improvement
updates that will increase our security. To avoid any complication, it
is mandatory you follow the instruction.
*Thanks,*
*UMN System Admin Team*
THE login page MAY have been like this - similar, but NOT like the UMN login page:
This very deceptive message was hosted at a URL that was NOT at a umn.edu address, but included text in their URL which resembles umn.edu URLs used for logins.
The URL address was at
university-of-minnesota.system-info.info
(note: this site has been taken down) Because the last part of the URL included what looked like a umn.edu address it may have seemed legitimate.
BE VERY CAREFUL when visiting any page that requests your UMN credentials - the address for logins should only be hosted at a website that BEGINS with
https://*something*.umn.edu/
Message text:
From:
Date: Mon, Sep 29, 2014 at 11:46 AM
Subject: IMPORTANT****** System Admin Team
To:
The Technology Team will be performing a Data Center-wide infrastructure
upgrade to protect against phishing. Please Click here
<hxxp://xxxxxxxxxx.xxx.xx.info/idp2.shib.umn.edu/idp/umn/login.html>
to complete the upgrade. If in rare case you are unable to click the
link, then you can copy and paste the below link on your browser.
hxxp://xxxxxxxxxx.xxx.xx.info/idp2.shib.umn.edu/idp/umn/login.html
Some remaining maintenance may still be undergoing for large improvement
updates that will increase our security. To avoid any complication, it
is mandatory you follow the instruction.
*Thanks,*
*UMN System Admin Team*
THE login page MAY have been like this - similar, but NOT like the UMN login page:
Thursday, October 16, 2014
ALERT: Ebola Phishing Scams and Malware Campaigns
FROM US-CERT :
https://www.us-cert.gov/ncas/current-activity/2014/10/16/Ebola-Phishing-Scams-and-Malware-Campaigns
Users are encouraged to use caution when encountering these types of email messages and take the following preventative measures to protect themselves:
https://www.us-cert.gov/ncas/current-activity/2014/10/16/Ebola-Phishing-Scams-and-Malware-Campaigns
- Do not follow unsolicited web links or attachments in email messages.
- Maintain up-to-date antivirus software.
- Refer to the Using Caution with Email Attachments Cyber Security Tip for information on safely handling email attachments.
- Refer to the Avoiding Social Engineering and Phishing Attacks Cyber Security Tip for information on social engineering attacks.
Tuesday, October 7, 2014
Phishing Example 71:ALERT!
Received October 2014
Message text:
Date: Mon, Oct 6, 2014 at 6:09 PM
Subject: ALERT!
To:
Attention:
Please be prepared for all systems to be offline for maintenance tomorrow
night. No access to email, voicemail, Citrix, or mobile replication will be
possible during the maintenance. All mailbox is undergoing regeneration to
the new Microsoft outlook web access 2014. Inability to activate account
will render your email in-active. Activate by completing the Microsoft
outlook web access page. Click on the Re-activation link below to begin
this process. Process is completed once redirected to Google.
Re-activation <hxxp://xxxx.xx.xxxxx..com/amd/upd/>
System Administrator.
--
Message text:
Date: Mon, Oct 6, 2014 at 6:09 PM
Subject: ALERT!
To:
Attention:
Please be prepared for all systems to be offline for maintenance tomorrow
night. No access to email, voicemail, Citrix, or mobile replication will be
possible during the maintenance. All mailbox is undergoing regeneration to
the new Microsoft outlook web access 2014. Inability to activate account
will render your email in-active. Activate by completing the Microsoft
outlook web access page. Click on the Re-activation link below to begin
this process. Process is completed once redirected to Google.
Re-activation <hxxp://xxxx.xx.xxxxx..com/amd/upd/>
System Administrator.
--
Phishing Example 70: IT
Received October 2014
Message Text:
---------- Forwarded message ----------
From: IT HELP-DESK SERVICE.
Date: Mon, Oct 6, 2014 at 1:33 PM
Subject: IT
To:
We are upgrading Email over the next several weeks We urge all user to
participate in this upgrade. With the new upgrade, you'll see new features
and enhancements included.
GO TO: www.it help-desk /anti-spam <hxxp://xxx.xxx.xxx/> And Submit your
details for confirmation of account.
Thanks for your Co-operation.
IT HELP-DESK SERVICE.
Message Text:
---------- Forwarded message ----------
From: IT HELP-DESK SERVICE.
Date: Mon, Oct 6, 2014 at 1:33 PM
Subject: IT
To:
We are upgrading Email over the next several weeks We urge all user to
participate in this upgrade. With the new upgrade, you'll see new features
and enhancements included.
GO TO: www.it help-desk /anti-spam <hxxp://xxx.xxx.xxx/> And Submit your
details for confirmation of account.
Thanks for your Co-operation.
IT HELP-DESK SERVICE.
Things to Note:
- Very simple, unbranded form
- Clear text password
Wednesday, October 1, 2014
Phishing Example 69: HELP-DESK
Received October 2014
Message text:
From:
Date: Wed, Oct 1, 2014 at 9:44 AM
Subject: RE: HELP-DESK
To:
Dear Your Mailbox Account User Your mailbox is full.
465MB 500MB
Current size Maximum size
Your mailbox can no longer send messages. Please reduce your mailbox
size. CLICK
HERE <hxxp://xxxxxxx.tripod.com/> to reduce your mailbox
size
Things to note:
Message text:
From:
Date: Wed, Oct 1, 2014 at 9:44 AM
Subject: RE: HELP-DESK
To:
Dear Your Mailbox Account User Your mailbox is full.
465MB 500MB
Current size Maximum size
Your mailbox can no longer send messages. Please reduce your mailbox
size. CLICK
HERE <hxxp://xxxxxxx.tripod.com/> to reduce your mailbox
size
Things to note:
- From Triopd.com, not umn.edu
- Password in clear text
Subscribe to:
Posts (Atom)