Phishing Email With Subject ‘Urgent’ Sent to the Fordham Community on 01/17/17

This is a Phishing email that has been reported. This message was
received on or about January 17th, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————

From: user@fordham.edu
Date: Tue, Jan 17, 2017 at 8:29 AM
Subject: Urgent
To: user@fordham.edu

2017 FORDHAM email update program, click UPDATE (<–Link here) and fill the form correctly to update your email. ——————–End Message ——————————

Phishing Email With No Subject Sent to the Fordham Community on 01/16/17

This is a Phishing email that has been reported. This message was
received on or about January 16th, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————

From:Kelby Chrivia <kpchrivi@mtu.edu>
Date: Mon, Jan 16, 2017 at 11:54 AM
To: user@fordham.edu
Subject:

2017 FORDHAM email update program, click UPDATE (<–Link here) and fill the form correctly to update your email.

——————–End Message ——————————

ACG Website – Invitation to edit – Phishing Email Sent to the Fordham Community on 01/10/2017

These are Phishing emails that have been reported. These messages were
received on or about January 10th, 2017. Please DO NOT respond to these
messages or anything that look like it. You may disregard and delete
these messages. If you have any questions about the validity of these emails
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————
From: User <user@fordham.edu>
Date: Tue, Jan 10, 2017 at 11:39 AM
Subject: ACG Website – Invitation to edit
To: user@fordham.edu

User has invited you to edit the following document:

ACG Website

Link Here
Google Docs: Create and edit documents online.
Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
You have received this email because someone shared a document with you from Google Docs.
Logo for Google Docs

—————————–End Message —————

Article: Clever Phishing Trick You Need to Be Aware Of

“Despite the ever-evolving complexity of cyber-attacks and malware code, phishing and spear-phishing attacks remain the initial entry point in many of today’s security breaches.

In most phishing attacks, crooks leverage a common theme, asking users to update their profile information on various profiles, but redirecting users to pages hosted on lookalike domains.

As users have got accustomed to this basic phishing trick in recent years, attackers found other creative ways of phishing for login credentials.

One trick, first seen in June 2016, was observed again this past month. This clever phishing attack relies on telling users they received an important or secure file, and they need to visit a web page to view it.

The real trick takes place on the crook’s page, which shows a blurred out document on the background. To view the document, users have to enter their credentials.

The blurred out document seen in the page’s background acts as a promise for what users are going to receive if they authenticate. In fact, these are nothing more than simple web pages showing an image of a blurred out document, and nothing more. The only thing working on the page is the login form that will record any login credentials that you enter inside it.

2017 phishing attack

Page showing a blurred out image of a PDF file on the page’s background (Source: ISC)

Just like the 2016 attacks, crooks don’t specify which login credentials users have to fill in, and leave it to the user enter what he thinks he should entered. A careless user could enter anything from his Intranet details to Google logins.

Right now, based on the 2016 and 2017 incidents, these attacks are quite easy to detect. If the crooks behind these phishing pages would be less sloppy and spend more time in refining details, these type of attacks could be quite effective and harder to detect for what they really are.

Below are some screenshots from the June 2016 campaign.”

2016 phishing attack

 

 

please call me asap – Spam Email Sent to the Fordham Community on 01/06/2016

This is a Spam email that has been reported. This message was
received on or about January 6th, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————
From: Performance SLC <slc@performanceslc.org>
Date: Fri, Jan 6, 2017 at 12:13 PM
Subject: please call asap
To: User <user@fordham.edu>

Records indicate you have inquired in the past for student loan relief. You may now meet the new criteria for a student loan forgiveness program which may include loan consolidation into one new low payment, monthly payment deferments, loan discharge, or even complete loan forgiveness.

We are an A-rated BBB accredited agency, that offers graduated students help with a money back guarantee. You won’t pay us anything unless we complete your enrollment, and your call-in consultation does not cost you anything either.

Connect with a specialist now at  888-870-6120

It only takes a few minutes to find out your options. Call our direct line, and be instantly connected without waiting on hold between the hours of 7 AM- 6 PM PST (Pacific Standard).

Sincerely,

Performance SLC
888-870-6120

17748 Sky Park Cir.
#150
Irvine CA 92612
USA

To unsubscribe or change subscriber options visit: (LINK HERE)

—————————–End Message —————

*Multiple Subjects* Invitation to Edit/Collaborate – Phishing Emails Sent to the Fordham Community on 12/21/2016

These are Phishing emails that have been reported. These messages were
received on or about December 21st, 2016. Please DO NOT respond to these
messages or anything that look like it. You may disregard and delete
these messages. If you have any questions about the validity of these emails
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————
From: User <user@fordham.edu>
Date: Thu, Dec 21, 2016 at 6:42 PM
Subject: Dining Service Colleagues – Invitation to edit  OR Westworld – Invitation to collaborate OR Spring 2017 – View Intend to Enroll.xlsx OR CDC Events Tracker 2016-2017 – Invitation to edit
To: User@fordham.edu

User has invited you to edit the following spreadsheet:

(Link to spreadsheet here)

—————————–End Message —————

David Maahle Shared this file: – Phishing Email Sent to the Fordham Community on 12/27/2016

This is a Phishing email that has been reported. This message was
received on or about December 27th, 2016. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————
From:  David Mahle <davidmmahle@gmail.com>
Date: Tues, Dec 12, 2016 at 7:32 AM
Subject: David Maahle Shared this file:
To: user@fordham.edu

                          Image result for Drop Box
                           Protected Message (2017)
        (davidmmahle@gmail.com) has sent you a protected file.

—————————–End Message —————

Article: Hacked Yahoo Data Is for Sale on Dark Web

“Some time around August 2013, hackers penetrated the email system of Yahoo, one of the world’s largest and oldest providers of free email services. The attackers quietly scooped up the records of more than 1 billion users, including names, birth dates, phone numbers and passwords that were encrypted with an easily broken form of security.

The intruders also obtained the security questions and backup email addresses used to reset lost passwords — valuable information for someone trying to break into other accounts owned by the same user, and particularly useful to a hacker seeking to break into government computers around the world: Several million of the backup addresses belonged to military and civilian government employees from dozens of nations, including more than 150,000 Americans.

No one knows what happened to the data during the next three years. But last August, a geographically dispersed hacking collective based in Eastern Europe quietly began offering the whole database for sale, according to Andrew Komarov, chief intelligence officer at InfoArmor, an Arizona cybersecurity firm, who monitors the dark corners of the internet inhabited by criminals, spies and spammers. Three buyers — two known spammers and an entity that appeared more interested in espionage — paid about $300,000 each for a complete copy of the database, he said.

The attack, which Yahoo disclosed on Wednesday, is the largest known data breach of a company. And neither Yahoo nor the public had any idea it had occurred until a month ago, when law enforcement authorities came to the company with samples of the hacked data from an undisclosed source.

Yahoo still does not know who broke into its systems in 2013, how they got in or what they did with the data, the company said Wednesday. It has made more progress tracking down a separate hacking episode in 2014, which compromised 500 million email accounts and was disclosed in September. The company has said it believes the 2014 attack was sponsored by a government entity but has not identified it.

The Federal Bureau of Investigation said in a statement that it was investigating the Yahoo breach. Attorney General Eric T. Schneiderman of New York also said his office was in touch with Yahoo to examine the circumstances of the data breach.

Security experts and former government officials warned that the real danger of the Yahoo attack was not that hackers gained access to Yahoo users’ email accounts, but that they obtained the credentials to hunt down more lucrative information about their targets wherever it resided across the web.

“This wasn’t an attack against Yahoo, but rather reconnaissance to launch other campaigns,” said Oren Falkowitz, a former analyst at the National Security Agency who now runs Area 1, a Silicon Valley security start-up.

“Inactive or not, a billion user accounts and hashes means attackers have a golden key for new phishing attacks,” he said. In a phishing attack, a hacker often poses as a trusted contact and tries to induce the recipient of an email to click on a malicious link or share sensitive information.

Users routinely ignore advice to use different passwords for their different accounts across the web, which means a stolen Yahoo user name and password could open the door to more sensitive information in online-banking, corporate or government email accounts.

Mr. Komarov said the group that hacked Yahoo in 2013, which he calls Group E, appeared to be motivated by money, not politics. It is believed to have broken into the systems of major American internet companies like LinkedIn, Myspace, Dropbox and Tumblr, as well as foreign-owned services like VKontakte, a Russian social network similar to Facebook.

Group E sometimes sells complete copies of the data, Mr. Komarov said. It also combines information from different hacking forays into a master database. Like a corporate marketer, it peddles chunks of the data to spammers seeking to reach specific audiences, like middle-aged women who live in certain ZIP codes. It sometimes operates through intermediaries.

That database of 1 billion Yahoo accounts, Mr. Komarov said, is still for sale, although current bids are coming in at $20,000 to $50,000 since the data is much less valuable now that Yahoo has changed the passwords.”

Source: http://www.nytimes.com/2016/12/15/technology/hacked-yahoo-data-for-sale-dark-web.html?_r=2

Article: 1 Billion Yahoo Accounts Stolen

“Yahoo has suffered another hack.

The company disclosed today that it has discovered a breach of more than one billion user accounts that occurred in August 2013. The breach is believed to be separate and distinct from the theft of data from 500 million accounts that Yahoo reported this September.

Troublingly, Yahoo’s chief information security officer Bob Lord says that the company hasn’t been able to determine how the data from the one billion accounts was stolen. ‘We have not been able to identify the intrusion associated with this theft,’ Lord wrote in a post announcing the hack.

‘The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers,’ Lord added.

Yahoo was alerted to the massive breach by law enforcement and has examined the data with the help of outside forensic experts. The data does not appear to include payment details or plaintext passwords, but it’s still bad news for Yahoo account holders. The hashing algorithm MD5 is no longer considered secure and MD5 hashes can easily be looked up online to discover the passwords they hide.

Yahoo says it is notifying the account holders affected in the breach. Affected users will be required to change their passwords.

Yahoo also announced today that its proprietary code had been accessed by a hacker, who used the code to forge cookies that could be used to access accounts without a password. ‘The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. We are notifying the affected account holders, and have invalidated the forged cookies,’ Lord said, adding that he believed the attack was launched by a state-sponsored actor.

Today’s revelations add to Yahoo’s long string of security problems. Yahoo employees reportedly knew of the intrusion that led to the theft of data from 500 million users as early as 2014, but the company did not announce the breach until this September. What Yahoo executives knew about the breach, and when they knew it, have been crucial questions in Verizon’s ongoing acquisition of Yahoo. Yahoo did not disclose the first breach until several months after the deal was announced.”

“What can users do to protect their account?

  • Change your passwords and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account;
  • Review all of your accounts for suspicious activity;
  • Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information;
  • Avoid clicking on links or downloading attachments from suspicious emails; and
  • Consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.”

Sources: https://techcrunch.com/2016/12/14/yahoo-discloses-hack-of-1-billion-accounts/

https://yahoo.tumblr.com/post/154479236569/important-security-information-for-yahoo-users

please call asap – Spam Email Sent to the Fordham Community on 11/30/2016

This is a Spam email that has been reported. This message was
received on or about November 30th, 2016. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————
From: “Performance SLC” <slc@performanceslc.org>
Date: Fri, Nov 4, 2016 at 12:48 PM
Subject: please call asap
To: user@fordham.edu

Dear User,

Records indicate you have inquired in the past for student loan relief. You may now meet the new criteria for a student loan forgiveness program which may include loan consolidation into one new low payment, monthly payment deferments, loan discharge, or even complete loan forgiveness.

We are an A-rated BBB accredited agency, that offers graduated students help with a money back guarantee. You won’t pay us anything unless we complete your enrollment, and your call-in consultation does not cost you anything either.

Connect with a specialist now at  888-870-6120

It only takes a few minutes to find out your options. Call our direct line, and be instantly connected without waiting on hold between the hours of 7 AM- 6 PM PST(Pacific Standard).

Sincerely,

Performance SLC
888-870-6120

17748 Sky Park Cir.
#150
Irvine CA 92612
USA

To unsubscribe or change subscriber options visit: (LINK HERE)

—————————–End Message —————