Phishing Scams Targeting Direct Deposits

An increase in cyber threat actors sending phishing emails to education employees for the purposes of obtaining account login information has been seen across the education sector and universities. In these incidents, this information is then typically used to modify the employees’ direct deposit account information. By changing this information, the cyber threat actors reroute the employees’ paychecks to a financial account under the actors’ control. No specific payroll platforms are being targeted, as reports indicate the victims have used various platforms for payroll functionality.

This type of attack utilizes the inherent risk behind the use of single sign-on (SSO) features. SSO allows for the use of a single set of credentials to gain access to connected systems, providing authentication, authorization, access control, and password synchronization across an environment. In these incidents the cyber threat actor usually sends education sector staff a phishing email, a PDF attachment or malicious link. The phishing email often spoofs the account of an IT administrator or senior official. Upon clicking the link or downloading the attachment, the user is prompted to enter their login credentials, which the cybercriminal uses to log into the payroll system. The cybercriminal then changes the direct deposit information for that employee so that the employee’s paycheck is sent to a different account or pre-paid credit card. According to the FBI, in some instances the cyber threat actor is also accessing the employee’s email account and creating rules that immediately forward incoming emails containing specific words to the deleted folder so the employee does not get alerted to the criminal activity.

Fordham University has certain protections in place against such attacks thanks in part to the email protection built into Gmail, email protection services from Proofpoint and DUO’s two-factor authentication. The combination of all these security aspects help protect Fordham accounts from being compromised even if one’s credentials are attained.

If you believe you have received a phishing message or similar suspicious message, please do the following:

  • Do not respond to the message.
  • Do not click on any attachments or links.
  • Do not call the number listed.
  • Do not provide any information such as username and password.
  • If you did respond to the email and provided confidential information, please contact Fordham IT Customer Care ASAP at (718) 817-3999 for instructions on how to manually reset your password.
  • Delete the message.

Please note: Fordham IT will NEVER ask you for your username and password or ask you to click any links to validate or verify your account or password. If you receive questionable or suspicious emails, contact IT Customer Care and allow the University Information Security Office (UISO) to validate the legitimacy of these emails.

To learn more about protecting yourself online against such phishing attacks as these and others, please take the UISO’s online course, “UISO Security Training.” The course can be accessed in Blackboard, under My Organizations. You can login to Blackboard either via the portal, at My.Fordham.edu, or directly from Fordham’s Blackboard portal.

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

Phishing Scams Now Harder to Detect

Via: Krebs On Security

Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted (http:// vs. https://) Web pages. Increasingly, however, phishers are upping their game, polishing their copy and hosting scam pages over https:// connections — complete with the green lock icon in the browser address bar to make the fake sites appear more legitimate.

Phishers are moving to HTTPS because it helps increase the likelihood that users will trust that the site is legitimate. After all, your average Internet user has been taught for years to simply “look for the lock icon” in the browser address bar as assurance that a site is safe.

Perhaps this once was useful advice, but if so its reliability has waned over the years. In November, Phishlabs conducted a poll to see how many people actually knew the meaning of the green padlock that is associated with HTTPS websites.

“More than 80% of the respondents believed the green lock indicated that a website was either legitimate and/or safe, neither of which is true,” he wrote.

What the green lock icon indicates is that the communication between your browser and the Web site in question is encrypted; it does little to ensure that you really are communicating with the site you believe you are visiting.

So what can you do to make sure you’re not the next phishing victim?

Don’t take the bait: Most phishing attacks try to convince you that you need to act quickly to avoid some kind of loss, cost or pain, usually by clicking a link and “verifying” your account information, user name, password, etc. at a fake site. Emails that emphasize urgency should be always considered extremely suspect, and under no circumstances should you do anything suggested in the email.

Phishers count on spooking people into acting rashly because they know their scam sites have a finite lifetime; they may be shuttered at any moment. The best approach is to bookmark the sites that store your sensitive information; that way, if you receive an urgent communication that you’re unsure about, you can visit the site in question manually and log in that way. In general, it’s a bad idea to click on links in email.

Links Lie: You’re a sucker if you take links at face value. For example, this might look like a link to Bank of America, but I assure you it is not. To get an idea of where a link goes, hover over it with your mouse and then look in the bottom left corner of the browser window.

Yet, even this information often tells only part of the story, and some links can be trickier to decipher. For instance, many banks like to send links that include ridiculously long URLs which stretch far beyond the browser’s ability to show the entire thing when you hover over the link.

The most important part of a link is the “root” domain. To find that, look for the first slash (/) after the “http://” part, and then work backwards through the link until you reach the second dot; the part immediately to the right is the real domain to which that link will take you.

“From” Fields can be forged: Just because the message says in the “From:” field that it was sent by your bank doesn’t mean that it’s true. This information can be and frequently is forged.

If you want to discover who (or what) sent a message, you’ll need to examine the email’s “headers,” important data included in all email.  The headers contain a lot of information that can be overwhelming for the untrained eye, so they are often hidden by your email client or service provider, each of which may have different methods for letting users view or enable headers.

Describing succinctly how to read email headers with an eye toward thwarting spammers would require a separate tutorial, so I will link to a decent one already written at About.com. Just know that taking the time to learn how to read headers is a useful skill that is well worth the effort.

Keep in mind that phishing can take many forms: Why steal one set of login credentials for a single brand when you can steal them all? Increasingly, attackers are opting for approaches that allow them to install a password-snarfing Trojan that steals all of the sensitive data on victim PCs.

So be careful about clicking links, and don’t open attachments in emails you weren’t expecting, even if they appear to come from someone you know. Send a note back to the sender to verify the contents and that they really meant to send it. This step can be a pain, but I’m a stickler for it; I’ve been known to lecture people who send me press releases and other items as unrequested attachments.

If you didn’t go looking for it, don’t install it: Password stealing malware doesn’t only come via email; quite often, it is distributed as a Facebook video that claims you need a special “codec” to view the embedded content. There are tons of variations of this scam. The point to remember is: If it wasn’t your idea to install something from the get-go, don’t do it.

Lay traps: When you’ve mastered the basics above, consider setting traps for phishers, scammers and unscrupulous marketers. Some email providers — most notably Gmail — make this especially easy.

When you sign up at a site that requires an email address, think of a word or phrase that represents that site for you, and then add that with a “+” sign just to the left of the “@” sign in your email address. For example, if I were signing up at example.com, I might give my email address as krebsonsecurity+example@gmail.com. Then, I simply go back to Gmail and create a folder called “Example,” along with a new filter that sends any email addressed to that variation of my address to the Example folder.

That way, if anyone other than the company I gave this custom address to starts spamming or phishing it, that may be a clue that example.com shared my address with others (or that it got hacked!). I should note two caveats here. First, although this functionality is part of the email standard, not all email providers will recognize address variations like these. Also, many commercial Web sites freak out if they see anything other than numerals or letters, and may not permit the inclusion of a “+” sign in the email address field.

View the full article.

Alert: Phishing Messages from WeTransfer

Please be advised that there are suspicious emails circulating that are targeting members of the Fordham Community. The subject line of these emails contain the words “sent you files via WeTransfer”. The messages contain a file download link from a seemingly legitimate email source. However, the file itself instructs the user to go to a phishing site and enter confidential information.

These are not legitimate emails and should be reported immediately.
Please remain diligent and avoid giving any personally identifiable information through email. Files sent via WeTransfer can be easily crafted to look like they are from legitimate email addresses and even trusted third parties. Do not assume a message from WeTransfer is trustworthy based on the displayed name of the sender. Pay attention to the sender of the email and if something appears suspicious, contact the sender directly to verify the messages legitimacy. DO NOT respond via email. If direct contact with the sender is not possible, please contact ITCC for assistance.

The content of the email is as follows:

————Start of Message————

From: WeTransfer <noreply@wetransfer.com>
Date:
Subject: fake@notreal.com sent you files via WeTransfer
To:

————End of Message————

Please remember that Fordham IT will NEVER ask you for your username and password or ask you to click any links to validate or verify your account or password. If you receive questionable or suspicious communications, contact IT Customer Care and allow the University Information Security Office (UISO) to validate the legitimacy of these communication attempts.

Critical macOS High Sierra Update

Apple has released a security update resolving the widely reported authentication bug known as iAmRoot. The UISO recommends that Apple computers running High Sierra (macOS 10.13.x) install this security update.

Due to its critical nature, Apple has deployed this as an automatically-installing update. However, it is still recommended to check for this and any other pending security updates.

The process to update is:

  • Click the  logo in the Taskbar
  • Click App Store
  • Click Updates
  • Install any security related updates shown
    • The recommended patch is Security Update 2017-001

Please do not hesitate to to contact infosec@fordham.edu with any questions.

Sources:

US-Cert: Apple Releases Security Update for macOS High Sierra

New security update fixes macOS root bug

Holiday Shopping 2017: How to avoid fake retail sites and other scams

Via: USAToday.com

1) Stop chasing any and all deals

“We live in an age where we have all these push notifications and emails,” said Steve Koenig, senior director of market research at the Consumer Technology Association, a trade group in Arlington, Va.

The volume of such activity during the holidays, he said, only makes consumers even more vulnerable to clicking on a $100 coupon before thinking twice.

“We’re all moving super fast, we get distracted,” said Tim Helming, director of product management at DomainTools.

When we’re rushing, we might not notice that the website in an email has an odd name.

Brands that continue to be spoofed include Amazon,Walmartand Target. Other brands that are commonly targeted include PayPal, Yahoo and Apple.

Helming told me that consumers need to be wary of fake sites that play up the “Black Friday” frenzy. Dozens of malicious domain registrations that touted a Black Friday connection cropped up last year beginning around Nov. 20, and he’d expect the same this year, too.

2) Learn how to spot a fake

Watch out for a domain decorated with a few extra, possibly even reassuring words or odd spellings. DomainTools listed some brand-abusing domains that have a dot-com at the end but they’re still frauds, such as Amazonsecure-shop, Target-officialsite or  Walmartkt.

Other fakes include: Amazonshop.gq or Targethome.today or Walmart-outlet.ga.

Helming said domains that include a hyphen and words such as shop or secure can be good clues to a phony site, as many brand names use their names alone for their sites.

Other words in a fake URL site that appears to be connected to a well-known name might be something like outlet, discounts or deals.

Many times, the fraudsters use words like “official site” to make their fake sites look legitimate. Or there might be extra letters, such as “Yahooo” or “Walmaart.”

Take care on social media. Phishers can use of “URL shortening” services to obfuscate phishing URLs. As a result a very short URL, can be used in Tweets, which automatically redirect the visitor to a longer “hidden” URL, according to the Anti-Phishing Working Group’s research.

3) Recognize the risks of rushing

Consumers who click on the links or visit malicious sites are typically unknowingly handing over their name, address, and credit card information.

Never click on links in emails or social media to go to a retailer’s website. A better bet: Take a few extra seconds to go directly to the site yourself. Be sure to take a second look at all URLs.

4) Ask yourself why would Amazon be sending you a free gift card? Really?

Yes, one of those free $50 Amazon gift cards popped up in my email the other day. Of course, it’s a spoofed email. So I just hit delete.

Amazon is warning consumers that phishing emails will direct you to a “false website that looks similar to the Amazon website, where you might be asked to provide account information such as your e-mail address and password combination.”

The fake sites can steal sensitive information that can be used without your knowledge to commit fraud, according to Amazon.

Phishers can steal usernames and passwords from one site to engage in fraud on other sites. Too many consumers carelessly use the exact same usernames and passwords across different sites.

Amazon doesn’t send emails that ask for your Social Security number, bank account information, PIN, or your Amazon.com password.

Amazon offers shoppers a way to report suspicious emails and web pages. You can forward the email or send suspicious e-mail as an attachment to stop-spoofing@amazon.com.

More: Are 2017’s Black Friday deals really as amazing as retailers claim?

More: How to find hard-to-get, out-of-stock gifts without getting ripped off

5) As you order gifts online, don’t get tripped up by fake email alerts

As holiday shipping goes up in November and December, the frequency of phishing emails relating to orders or shipments goes up, too.

Walmart warns that if you received an order confirmation email from Walmart but never placed such an order, it may be a “phishing scam attempting to gather information, or in some cases, spread malware.”

FedEx warns consumers about a  “delivery failure” scam email.

Fraudulent emails claiming to be from FedEx or the U.S. Postal Service “regarding a package that could not be delivered.”

The consumer is then asked to open an attachment in order to obtain the invoice needed to pick up their package. The attachment in the email may contain a virus.

Don’t just rush and assume there’s trouble with something that you ordered.

“Be suspicious of incoming email from unknown or unsolicited sources, especially those that have attachments as well as hyperlinks,” said Jeremy Stempien, detective for the City of Novi, Mich., and a special federal deputy marshal for the Southeast Michigan Financial Crimes Task Force.

“The same should apply to incoming phone calls,” he said.

6) Every deal you find online is not a bargain

Con artists tempt consumers with great deals on hard-to-find items or hot gifts. Maybe you’ll spot some extraordinary deal on an Apple iPhone X or find a crazy bargain price on an L.O.L. Surprise! Big Surprise toy.

Or you think you’ve found a great deal on jewelry. The Better Business Bureau and others warned in 2017, for example, about fake sites that offer up to 70% off on Pandora charms.

Charisse Ford, chief marketing officer for Pandora Americas, said shoppers should be aware that counterfeit sites have some clear indicators, including the “About Us” page that can be very generic without descriptions about the business, company mission or current Pandora images or promotions.

Another clue: Try calling and talking with someone in customer service first before placing an order to ask about return policies or the like. Shoppers are less likely to connect with a real person if going through a fraudulent site.

Companies such as Pandora note that they work hard to help identify and shut down counterfeit sites, including those on social media channels.

Con artists use phony websites to sell counterfeit goods — or engage in cybercrime.

It’s no bargain if, when you click on the link, you download malware.

“You think you are getting the discount of a lifetime or an exclusive offer, but this is a phishing attack,” warned Adam Levin, author of Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves.

Remember, bargains abound throughout the holiday season — so there’s no reason to think you absolutely must get all that shopping done right now.

 

Source: https://www.usatoday.com/story/money/columnist/tompor/2017/11/17/fake-amazon-gift-cards-phony-walmart-sites-and-other-cyber-scams-tempt-holiday-shoppers/862083001/

New Email Scam Using Fake Netflix Website

Via: mailguard.com.au

A scam email has appeared today that is pretending to be from Netflix. MailGuard detected the new scam early this morning, and stopped the malicious emails from entering our client’s inboxes.

This scam email is relatively well designed. The scammers are using a template system to generate individualised messages with specific recipient data.

This works like a mail-merge; the body of the email is generic, but the sender field is designed to show the name of the intended victim, which personalises the scam making it more convincing.

In this case the scammer’s system has not worked as well as they hoped and in the example below – screen-captured by our operations team – you can see that the ‘recipient’ field in the email has not been merged successfully. Instead of the victim’s name, it shows the placeholder instead:

 

Screen Shot 2017-11-03 at 11.23.26-1.png

Aside from the error with the recipient name field, this email looks quite convincing. The message tells the intended victim that their Netflix billing information has been invalidated and urges them to update their details on the website. If the recipient clicks the link in the email they are taken to a fake Netflix page, that asks them to log in and then enter their personal information, including credit card details.

Of course, this website is completely bogus and is just a mechanism for the scammers to steal the victim’s identity and credit card information.

The fake Netflix site this scam is using is built on a compromised WordPress blog. Scammers can break into WordPress sites by making use of vulnerabilities in blog plugins and once in, they can make the website look enough like a real Netflix login page to trick their victims – as shown in the screenshot above.

Screen Shot 2017-11-03 at 11.24.52.png

Screen Shot 2017-11-03 at 11.25.22.png

With the detailed data the fake website form asks for: address; credit card details; driver’s license; mother’s maiden name; etc, the scammers could potentially execute an identity theft and gain access to the victim’s bank accounts as well as their credit cards.

Once the fake website has collected all the sensitive data the scammers want, the victim is shown a reassuring ‘reactivation’ screen.

Screen Shot 2017-11-03 at 11.26.15.png

If you receive an email from Netflix today, ‘Chill,’ but don’t click without thinking first. Scammers can make their fake emails and bogus websites look pretty convincing, so it’s always a good idea to check carefully that the email comes from the actual company domain and not a scammer.

Think Before You Click:

– Always hover your mouse over links within emails and check the domain they’re pointing to. If they look suspicious or unfamiliar don’t open them.

– Cybersecurity threats take many different forms from simple spyware downloads to sophisticated ransomware attacks. Your business can be exposed to a wide variety of different vectors: through peripherals; USB devices; networks; attachments; etc. Security best practice recommends a layered defence strategy to protect users against web threats and malware.

Encrypt your mobile devices.

Encrypt your mobile devices.

(Photo from – http://www.androidauthority.com/how-to-encrypt-android-device-326700/)

Encrypting important files on your desktop, laptop, or mobile device will ensure that if the device is compromised, the hacker won’t be able to read these important files.

  • To encrypt your files on Mac visit: http://www.hongkiat.com/blog/encrypt-mac-folder/
    • This site will walk you through the process of encrypting your files.
  • An alternative to encrypting your mobile device would be to keep all personal information off of the device.
    • Limiting the amount of confidential information on your cellphone can greatly reduce the risk of being compromised if the device is lost or stolen.

Detailed information regarding device security and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you believe your device has been infected or compromised, please contact IT Customer Care at (718) 817-3999 or HelpIT@fordham.edu

 

 

Strong passwords (or phrases) can keep you safe.

Strong passwords (or phrases) can keep you safe.

(Photo from – https://thehackernews.com/2016/07/best-password-manager.html)

Many of us have taken cyber security trainings that encourage us to use special characters such as the @ symbol for an “a” or $ for an “S”, however cyber-criminals have developed technology that can help them crack passwords that use these tactics.

  • Consider a passphrase instead.
    • Passphrases are a series of unrelated words that are being used in place of our traditional passwords ( 8 characters 1 capital and special character).
    • For your passphrase to be strong and secure be sure to use at least 4 unrelated words.
    • ILoveYorkiePuppies can still be cracked if the cyber-criminal has done their homework.
  • Too many passwords, and not enough memory?
    • Consider using a reputable password manager.
    • These services allow you to store your information for several sites securely
    • There are several options available, as with any software there are free and paid versions available.
    • Do your homework and find one youll feel confident using.
  • A few highly rated free versions include:

Detailed information regarding device security and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you believe your device has been infected or compromised, please contact IT Customer Care at (718) 817-3999 or HelpIT@fordham.edu

Backup all of your devices, and do it often!

Backup all of your devices, and do it often!

(Photo from – https://www.fusionspan.com/backup-disaster-recovery-small-office/)

Backing up your files can help you if you are ever a victim of a cyber-crime.

  • Regular backups can help
    • Recover files that may have been ransomed or corrupted
    • Allow you to do a full wipe of a defected device
    • Ensure even in an accident ( such as water damage) your important files are safe to be recovered
    • Keep your device running smoothly
    • If you are doing regular backups you can go through and update important files and delete those you no longer need, therefore freeing up space and allowing your device to run effectively.
  • There’s more than one way to backup your important files
    • Create a backup or system image directly on the device.
    • Use reliable cloud storage.
    • Consider a portable device.
    • USB Flash Drives can be useful.
    • Consider the amount of data you are backing up and if it needs to be encrypted or not
    • Many options and sizes are available to meet your needs.
    • Ideal if you do not have a need to store a large amount of files.
    • USB’s can be easy to loose, consider password protection.
    • Remember the smaller the USB drive (in physical size not GB) the slower it maybe.
    • Portable External Hard Drives.
    • Have recently become more affordable
    • Also come in many different sizes, colors, and styles to meet your needs
    • Can be password protected and encrypted as well.
    • Would be ideal if you have a need to store a large amount of files as many being at 1TB

Detailed information regarding device security and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you believe your device has been infected or compromised, please contact IT Customer Care at (718) 817-3999 or HelpIT@fordham.edu

Keep your mobile device safe!

Keep your mobile device safe!

(Photo from – https://www.thompsoncoburn.com/insights/blogs/cybersecurity-bits-and-bytes/post/2016-09-28/the-serious-security-vulnerabilities-of-mobile-devices)

  • Don’t think you’re device is safe from cyber-attacks or criminals.
    • Mobile devices are just as susceptible to the same types of attacks.
    • Including malware and phishing.
  • Use the same security on your mobile device as you would your personal or business computer.
    • Use a strong password
    • Passphrases are strong and hard to crack, use 4 or more unrelated words to create a difficult password for your device.
    • Such as PumpkinMovieCarStar
    • Alternate the letters you capitalize for additional protection, or add a special character as well.
    • It may take longer to log in, but it will ensure your device is secure
  • If you have a newer mobile device fingerprint recognition as well as facial recognition may be available.
    • Using these options allow you to unlock your device quickly, while ensuring it can’t be accessed by another party.
    • When using fingerprint recognition remember it allows you to store more than one print. Consider using one finger on each hand for ease of use.
  • If it connects to the internet, it should be protected.
    • Tablets, iPads, and net books can also be compromised.
    • Password protect these devices, encrypt important data on them
    • Do not save your user names and passwords on them.
    • Consider a password management system
    • Do not download applications from untrusted sites.
  • If your device has been compromised contact Fordham IT.
    • Contact Fordham IT and provide them as much information as you can.
    • Fordham IT will work with public safety and local law enforcement to help you attempt to recover your files and protect you from future attacks.

Detailed information regarding device security and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you believe your device has been infected or compromised, please contact IT Customer Care at (718) 817-3999 or HelpIT@fordham.edu.