Author Archives: Gerald Johnson Jr.

Alert: Employment Scam Targeting College Students Remains Prevalent

Via: IC2

“College students across the United States continue to be targeted in a common employment scam. Scammers advertise phony job opportunities on college employment websites, and/or students receive e-mails on their school accounts recruiting them for fictitious positions. This “employment” results in a financial loss for participating students.

How the scam works:

  • Scammers post online job advertisements soliciting college students for administrative positions.
  • The student employee receives counterfeit checks in the mail or via e-mail and is instructed to deposit the checks into their personal checking account.
  • The scammer then directs the student to withdraw the funds from their checking account and send a portion, via wire transfer, to another individual. Often, the transfer of funds is to a “vendor”, purportedly for equipment, materials, or software necessary for the job.
  • Subsequently, the checks are confirmed to be fraudulent by the bank.

The following are some examples of the employment scam e-mails:

“You will need some materials/software and also a time tracker to commence your training and orientation and also you need the software to get started with work. The funds for the software will be provided for you by the company via check. Make sure you use them as instructed for the software and I will refer you to the vendor you are to purchase them from, okay.”

“I have forwarded your start-up progress report to the HR Dept. and they will be facilitating your start-up funds with which you will be getting your working equipment from vendors and getting started with training.”

“Enclosed is your first check. Please cash the check, take $300 out as your pay, and send the rest to the vendor for supplies.”

Consequences of participating in this scam:

  • The student’s bank account may be closed due to fraudulent activity and a report could be filed by the bank with a credit bureau or law enforcement agency.
  • The student is responsible for reimbursing the bank the amount of the counterfeit checks.
  • The scamming incident could adversely affect the student’s credit record.
  • The scammers often obtain personal information from the student while posing as their employer, leaving them vulnerable to identity theft.
  • Scammers seeking to acquire funds through fraudulent methods could potentially utilize the money to fund illicit criminal or terrorist activity.

Tips on how to protect yourself from this scam:

  • Never accept a job that requires depositing checks into your account or wiring portions to other individuals or accounts.
  • Many of the scammers who send these messages are not native English speakers. Look for poor use of the English language in e-mails such as incorrect grammar, capitalization, and tenses.
  • Forward suspicious e-mails to the college’s IT personnel and report to the FBI. Tell your friends to be on the lookout for the scam.”

Source: https://www.ic3.gov/media/2017/170118.aspx

Google provides explanation on recent Google Docs campaign

A Google spokesperson shared the following statement with TNW, noting that 0.1 percent of Gmail users were affected. That’s roughly 1 million users, though:

“We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1 percent of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.”

Source: https://thenextweb.com/security/2017/05/03/massive-google-docs-phishing-attack-currently-sweeping-internet/#.tnw_G8nzqYyw

Alert: Easter Holiday Phishing Scams and Malware Campaigns

Via: US CERT

“Original release date: April 11, 2017

As the Easter holiday approaches, US-CERT reminds users to stay aware of holiday scams and cyber campaigns, which may include:

  • unsolicited shipping notifications that may actually be scams by attackers to solicit personal information (phishing scams),
  • electronic greeting cards that may contain malicious software (malware),
  • requests for charitable contributions that may be phishing scams or solicitations from sources that are not real charities, and
  • false advertisements for holiday accommodations or timeshares.

US-CERT encourages users and administrators to use caution when reviewing unsolicited messages. Suggested preventive measures to protect against phishing scams and malware campaigns include:

  • Do not click web links in untrusted email messages.
  • Refer to the Shopping Safely Online Tip.
  • Use caution when opening email attachments. Check out the Using Caution with Email Attachments Tip for more information on safely handling email attachments.
  • Review the Federal Trade Commission’s page on Charity Scams. Use the links there to verify a charity’s authenticity before you donate.
  • Read the Avoiding Social Engineering and Phishing Attacks Tip.
  • Refer to the Holiday Traveling with Personal Internet-Enabled Devices Tip for more information on protecting personal mobile devices.”

Source: https://www.us-cert.gov/ncas/current-activity/2017/04/11/Easter-Holiday-Phishing-Scams-and-Malware-Campaigns

Article: Google slaps Symantec for sloppy certs, slow show of SNAFUs

Via: The Register

“Google’s Chrome development team has posted a stinging criticism of Symantec’s certificate-issuance practices, saying it has lost confidence in the company’s practices and therefore in the safety of sessions hopefully-secured by Symantec-issued certificates.

Google’s post says “Since January 19, the Google Chrome team has been investigating a series of failures by Symantec Corporation to properly validate certificates. Over the course of this investigation, the explanations provided by Symantec have revealed a continually increasing scope of misissuance with each set of questions from members of the Google Chrome team; an initial set of reportedly 127 certificates has expanded to include at least 30,000 certificates, issued over a period spanning several years.”

Googler Ryan Sleevi unloads on Symantec as follows:

“Symantec allowed at least four parties access to their infrastructure in a way to cause certificate issuance, did not sufficiently oversee these capabilities as required and expected, and when presented with evidence of these organizations’ failure to abide to the appropriate standard of care, failed to disclose such information in a timely manner or to identify the significance of the issues reported to them.These issues, and the corresponding failure of appropriate oversight, spanned a period of several years, and were trivially identifiable from the information publicly available or that Symantec shared.”

The post gets worse, for Symantec:

“The full disclosure of these issues has taken more than a month. Symantec has failed to provide timely updates to the community regarding these issues. Despite having knowledge of these issues, Symantec has repeatedly failed to proactively disclose them.  Further, even after issues have become public, Symantec failed to provide the information that the community required to  assess the significance of these issues until they had been specifically questioned. The proposed remediation steps offered by Symantec have involved relying on known-problematic information or using practices insufficient to provide the level of assurance required under the Baseline Requirements and expected by the Chrome Root CA Policy.”

The upshot is that Google feels it can “no longer have confidence in the certificate issuance policies and practices of Symantec over the past several years” and it therefore proposes three remedies:

  • A reduction in the accepted validity period of newly issued Symantec-issued certificates to nine months or less, in order to minimize any impact to Google Chrome users from any further misissuances that may arise.
  • An incremental distrust, spanning a series of Google Chrome releases, of all currently-trusted Symantec-issued certificates, requiring they be revalidated and replaced.
  • Removal of recognition of the Extended Validation status of Symantec issued certificates, until such a time as the community can be assured in the policies and practices of Symantec, but no sooner than one year.

The first remedy will mean that Chrome stops trusting Symantec-issued certificates as outlined in the table below.

Chrome version Cert validity period
Chrome 59 (Dev, Beta, Stable) 33 months (1023 days)
Chrome 60 (Dev, Beta, Stable) 27 months (837 days)
Chrome 61 (Dev, Beta, Stable) 21 months (651 days)
Chrome 62 (Dev, Beta, Stable) 5 months (465 days)
Chrome 63 (Dev, Beta) 9 months (279 days)
Chrome 63 (Stable) 5 months (465 days)
Chrome 64 (Dev, Beta, Stable) 9 months (279 days)

Google reckons this plan will mean “web developers are aware of the risk and potential of future distrust of Symantec-issued certificates, should additional misissuance events occur, while also allowing them the flexibility to continue using such certificates should it be necessary.”

And of course it also gives developers time to arrange new certificates from whatever issuer pleases them most.

Symantec has told The Register it is developing a response to Google’s allegations. We will add it to this story as soon as we receive it.”

Additional information can be found Here.

Source: https://www.theregister.co.uk/2017/03/24/google_slaps_symantec_for_sloppy_certs_slow_show_of_snafus/

Article: Data Breaches Skyrocketing In NY, A Million People Exposed

Via: Patch.com

“The reported number of data breaches jumped 60 percent in 2016, mostly by hackers. See tips on how to protect yourself.

Data breaches, mostly by hackers, are skyrocketing, according to a new report from the state Attorney General.

In 2016, the personal records of 1.6 million New Yorkers were exposed as data breaches jumped 60 percent over the previous year. Social Security and financial information were the primary targets.

‘In 2016, New Yorkers were the victims of one of the highest data exposure rates in our state’s history,” said Attorney General Eric Schneiderman in an announcement about the data. “The total annual number of reported security breaches increased by 60% and the number of exposed personal records tripled. Hacking is increasingly prevalent – making it all the more important for companies and citizens alike to take precaution when sharing and storing personal data. It’s on all of us to guard against those who try to use our personal information for harm – as these breaches too often jeopardize the financial health of New Yorkers and cost the public and private sectors billions of dollars.’

Four times out of 1o, the data breach was because someone hacked in from outside. Another 14 percent of the time, the breach was by a skimming device. Only 1.48 percent of the time was it due to theft of something like a phone or computer.

It wasn’t always personally and maliciously targeted, though. This past year, employee negligence, namely the inadvertent exposure of records, accounted for 24 percent of breaches.

And what personal records were most exposed?

The most frequently acquired information in 2016 was Social Security numbers and financial account information, which together accounted for 81 percent of breaches in New York. Other records such as driver’s license numbers (8 percent), date of birth (7 percent) and password/account information (2 percent) together accounted for 1,284,037 of exposed personal records in 2016.

While they get big headlines, mega-breaches were not all that common in 2016, Schneiderman’s office said.

On October 12, 2016, Newkirk Products, Inc., a business associate of Capital District Physicians’ Health Plan, Inc., CDPHP Universal Benefits, Inc., and Capital District Physicians’ Healthcare Network, Inc., reported exposing the personal health information of 761,782 New Yorkers. The next largest breach, reported on January 13, 2016, was at HSBC bank. It exposed the financial, personal, and social security information of 251,201 New Yorkers. Additionally, breaches at Eddie Bauer and Emblem Health reportedly affected 60,205 and 55,664 New Yorkers in August and November, respectively.

The Attorney General’s Office suggests that consumers guard against threats in these ways:

  • Create Strong Passwords for Online Accounts and Update Them Frequently. Use different passwords for different accounts, especially for websites where you have disseminated sensitive information, such as credit card or Social Security numbers.
  • Carefully Monitor Credit Card and Debit Card Statements Each Month. If you find any abnormal transactions, contact your bank or credit card agency immediately.
  • Do Not Write Down or Store Passwords Electronically. If you do, be extremely careful of where you store passwords. Be aware that any passwords stored electronically (such as in a word processing document or cell phone’s notepad) can be easily stolen and provide fraudsters with one-stop shopping for all your sensitive information. If you hand-write passwords, do not store them in plain sight.
  • Do Not Post Any Sensitive Information on Social Media. Information such as birthdays, addresses, and phone numbers can be used by fraudsters to authenticate account information. Practice data minimization techniques. Don’t overshare.
  • Always Be Aware of the Current Threat Landscape. Stay up to date on media reports of data security breaches and consumer advisories.”

Source: http://patch.com/new-york/ossining/data-breaches-skyrocketing-ny-million-people-exposed-ag

Eviction Notice #: Phishing Email Sent to the Fordham Community on 3/16/2017

This is a Phishing email that has been reported. This message was
received on or about March 16th, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————
From: <owsaxj@wireconsult.com>
Date: Thursday, March 16, 2017 at 6:44 PM
Subject: Eviction Notice # …..
To: user@fordham.edu

The eviction will take place on the date named in the enclosure unless you:

1. Leave the property and return control of the property to the landlord;
or
2. The occupant has the right to pay full amount ordered by the Court in the warrant of restitution to the landlord to stop the eviction process, unless the court checked the box on the Warrant of Restitution that says \”Without Right of Redemption\”.

The occupant has the right to pay the redemption amount to the landlord in cash or check at any time before actual execution of the eviction will take place.
On the day of eviction, the payment shall be made to the landlord or landlord’s agent in the
presence of the Executive Service in orderto stop the eviction order execution.


To download details, please get more information here:


Get Your Eviction Notice <LINK HERE>


WARNING:
• Once Executive Service begins the eviction, any personal property that you leave in the leased premises is considered abandoned. The occupant does NOT have any right to re-enter the property or re-claim any property after the eviction process.
• All property may be disposed of by the landlord at any time after the eviction process begins. The landlord is prohibited from putting the property in the street or alleys.
This is the final notice of the date of the eviction that you will receive, even if the eviction date is postponed by the sheriff.



The hotelkeeper should deliver the payer 14 bright careers heed. This stop that the hotelkeeper cannot conjecture the day the notice is served on the tenant, and the hotelkeeper cannot conjecture the day the payer stirs up agitate elsewhere. Example: A payer has been having behind celebration and displeasing unlisted tenants . The hotelkeeper has hardened the payer aggregate caveats to control the partying, on the contrary the payer has forgotten the landlord. The hotelkeeper agrees to deliver the payer a 14 day notice to cease the occupation for worthy breach . If the hotelkeeper hand over the payer the notice on July 5, so the notice is adequate on July 20. Why? July 5 doesn’t conjecture seeing that is the yr the notice is served. July 6-19 are the 14 bright days, and July 20 doesn’t conjecture seeing this is the day the payer should move elsewhere.

—————————–End Message —————

Article: Major Cloudflare bug leaked sensitive data from customers’ websites

Via: TechCrunch

“Cloudflare revealed a serious bug in its software today that caused sensitive data like passwords, cookies, authentication tokens to spill in plaintext from its customers’ websites. The announcement is a major blow for the content delivery network, which offers enhanced security and performance for more than 5 million websites.

This could have allowed anyone who noticed the error to collect a variety of very personal information that is typically encrypted or obscured.

Remediation was complicated by an additional wrinkle. Some of that data was automatically cached by search engines, making it particularly difficult to clean up the aftermath as Cloudflare had to approach Google, Bing, Yahoo and other search engines and ask them to manually scrub the data.

The leak may have been active as early as Sept. 22, 2016, almost five months before a security researcher at Google’s Project Zero discovered it and reported it to Cloudflare.

However, the most severe leakage occurred between Feb. 13 and Feb. 18, when around 1 in every 3,300,000 HTTP requests to Cloudflare sites would have caused data to be exposed. Attackers could have accessed the data in real-time, or later through search engine caches.”

The details of this compromise are still emerging and we will update this blog as we become more informed about the impact.

Source: https://techcrunch.com/2017/02/23/major-cloudflare-bug-leaked-sensitive-data-from-customers-websites/

Multifactor Authentication Enrollment

Fw: COPY OF DOCUMENTI – Phishing Email Sent to the Fordham Community on 2/7/2017

This is a Phishing email that has been reported. This message was
received on or about February 7, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————

From: Regional Traffic Management Offi Cordillera Administrative Region <rtmocar_opn@yahoo.com>

Date: Tue, Feb 7, 2017 at 9:34 PM
Subject: Fw: COPY OF DOCUMENTI
To: user@Fordham.edu

FYI
*There is an attached PDF titled “Document.pdf”, an image of which can be seen below*

——————–End  Message ——————————

Article: Clever Phishing Trick You Need to Be Aware Of

“Despite the ever-evolving complexity of cyber-attacks and malware code, phishing and spear-phishing attacks remain the initial entry point in many of today’s security breaches.

In most phishing attacks, crooks leverage a common theme, asking users to update their profile information on various profiles, but redirecting users to pages hosted on lookalike domains.

As users have got accustomed to this basic phishing trick in recent years, attackers found other creative ways of phishing for login credentials.

One trick, first seen in June 2016, was observed again this past month. This clever phishing attack relies on telling users they received an important or secure file, and they need to visit a web page to view it.

The real trick takes place on the crook’s page, which shows a blurred out document on the background. To view the document, users have to enter their credentials.

The blurred out document seen in the page’s background acts as a promise for what users are going to receive if they authenticate. In fact, these are nothing more than simple web pages showing an image of a blurred out document, and nothing more. The only thing working on the page is the login form that will record any login credentials that you enter inside it.

2017 phishing attack
Page showing a blurred out image of a PDF file on the page’s background (Source: ISC)

Just like the 2016 attacks, crooks don’t specify which login credentials users have to fill in, and leave it to the user enter what he thinks he should entered. A careless user could enter anything from his Intranet details to Google logins.

Right now, based on the 2016 and 2017 incidents, these attacks are quite easy to detect. If the crooks behind these phishing pages would be less sloppy and spend more time in refining details, these type of attacks could be quite effective and harder to detect for what they really are.

Below are some screenshots from the June 2016 campaign.”

2016 phishing attack