Category Archives: Malicious Email

“Wire Transfer” Scam Email Sent to the Fordham Community on July 5, 2017

This is a Scam email that has been reported. This message was
received on or about July 5, 2017. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact IT Customer Care at 718-817-3999 or via email: helpit@fordham.edu.
———————-———-——Begin Message ——–——————————

From: <CustomerService@interaudibank.com>
Date: July 5, 2017 at 10:51:32 AM EDT
To: <user@fordham.edu>
Subject:Wire Transfer

A wire request has been sent to Interaudi Bank on 07/05/17 at 08:13:59 AM to transfer 10000.00 to your account.
The confirmation ID for this request is ******.
Please do not respond to this confirmation. This is an unmonitored mailbox, and replies to this email cannot be read or responded to.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The information contained in this message is privileged and confidential and protected from disclosure.

If the reader of this message is not the intended recipient, or an employee or agent responsible for

delivering this message to the intended recipient, you are hereby notified that any dissemination,

distribution or copying of this communication is strictly prohibited.

If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.

Thank you.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

———————-———-——End of Message ——-———-———————

Alert: New DHL Phishing Emails Targeting Fordham Community

Please be advised that there are suspicious emails circulating that are targeting members of the Fordham Community. The email contains what appear to be images of package slips. However, the images redirect you to a malicious phishing site.

These are not legitimate emails and should be reported immediately.
Please remain diligent and avoid giving any personally identifiable information through email. Pay attention to the sender of the email and if something appears suspicious, contact the sender directly to verify the messages legitimacy. DO NOT respond via email. If direct contact with the sender is not possible, please contact ITCC for assistance.

The content of the email is as follows:

———- Start of Message ———-
From: DHL Service <baqader1407@gmail.com>
Date: Tue, Jun 27, 2017 at 9:50 AM
Subject: DHL delivery details ……
To:

Dear  Customer ,

Please find attached DHL AWB , pls printed and given to courier upon arrival .
Thanks

Best regards

DHL Expess Team

DHL receipt.pdf
—————End of Message—————-

 

Please remember that Fordham IT will NEVER ask you for your username and password or ask you to click any links to validate or verify your account or password. If you receive questionable or suspicious communications, contact IT Customer Care and allow the University Information Security Office (UISO) to validate the legitimacy of these communication attempts.

Google provides explanation on recent Google Docs campaign

A Google spokesperson shared the following statement with TNW, noting that 0.1 percent of Gmail users were affected. That’s roughly 1 million users, though:

“We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1 percent of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.”

Source: https://thenextweb.com/security/2017/05/03/massive-google-docs-phishing-attack-currently-sweeping-internet/#.tnw_G8nzqYyw

Alert: Easter Holiday Phishing Scams and Malware Campaigns

Via: US CERT

“Original release date: April 11, 2017

As the Easter holiday approaches, US-CERT reminds users to stay aware of holiday scams and cyber campaigns, which may include:

  • unsolicited shipping notifications that may actually be scams by attackers to solicit personal information (phishing scams),
  • electronic greeting cards that may contain malicious software (malware),
  • requests for charitable contributions that may be phishing scams or solicitations from sources that are not real charities, and
  • false advertisements for holiday accommodations or timeshares.

US-CERT encourages users and administrators to use caution when reviewing unsolicited messages. Suggested preventive measures to protect against phishing scams and malware campaigns include:

  • Do not click web links in untrusted email messages.
  • Refer to the Shopping Safely Online Tip.
  • Use caution when opening email attachments. Check out the Using Caution with Email Attachments Tip for more information on safely handling email attachments.
  • Review the Federal Trade Commission’s page on Charity Scams. Use the links there to verify a charity’s authenticity before you donate.
  • Read the Avoiding Social Engineering and Phishing Attacks Tip.
  • Refer to the Holiday Traveling with Personal Internet-Enabled Devices Tip for more information on protecting personal mobile devices.”

Source: https://www.us-cert.gov/ncas/current-activity/2017/04/11/Easter-Holiday-Phishing-Scams-and-Malware-Campaigns

“Help…………………..Paul Williams” Scam Email Sent to the Fordham Community on March 30, 2017

This is a Scam email that has been reported. This message was
received on or about March 30th, 2017. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact IT Customer Care at 718-817-3999 or via email: helpit@fordham.edu.
————————————Begin Message ————————————
From: “Paul Williams” <Pppandpw@aol.com>
Date: Mar 30, 2017 10:14 AM
Subject: Help…………………..Paul Williams
To: <user @ fordham.edu>

Good Morning,
I thought i could reach out to you to help me out, I made a quick trip out of the country for a conference, unfortunately i had my bag stolen from me with my phone on my way back to my hotel room. I need your urgent help before my return flight.I will forever be grateful if you can help me.
Paul Williams

————————————End of Message ————————————

Fw: COPY OF DOCUMENTI – Phishing Email Sent to the Fordham Community on 2/7/2017

This is a Phishing email that has been reported. This message was
received on or about February 7, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————

From: Regional Traffic Management Offi Cordillera Administrative Region <rtmocar_opn@yahoo.com>

Date: Tue, Feb 7, 2017 at 9:34 PM
Subject: Fw: COPY OF DOCUMENTI
To: user@Fordham.edu

FYI
*There is an attached PDF titled “Document.pdf”, an image of which can be seen below*

——————–End  Message ——————————

Article: Clever Phishing Trick You Need to Be Aware Of

“Despite the ever-evolving complexity of cyber-attacks and malware code, phishing and spear-phishing attacks remain the initial entry point in many of today’s security breaches.

In most phishing attacks, crooks leverage a common theme, asking users to update their profile information on various profiles, but redirecting users to pages hosted on lookalike domains.

As users have got accustomed to this basic phishing trick in recent years, attackers found other creative ways of phishing for login credentials.

One trick, first seen in June 2016, was observed again this past month. This clever phishing attack relies on telling users they received an important or secure file, and they need to visit a web page to view it.

The real trick takes place on the crook’s page, which shows a blurred out document on the background. To view the document, users have to enter their credentials.

The blurred out document seen in the page’s background acts as a promise for what users are going to receive if they authenticate. In fact, these are nothing more than simple web pages showing an image of a blurred out document, and nothing more. The only thing working on the page is the login form that will record any login credentials that you enter inside it.

2017 phishing attack
Page showing a blurred out image of a PDF file on the page’s background (Source: ISC)

Just like the 2016 attacks, crooks don’t specify which login credentials users have to fill in, and leave it to the user enter what he thinks he should entered. A careless user could enter anything from his Intranet details to Google logins.

Right now, based on the 2016 and 2017 incidents, these attacks are quite easy to detect. If the crooks behind these phishing pages would be less sloppy and spend more time in refining details, these type of attacks could be quite effective and harder to detect for what they really are.

Below are some screenshots from the June 2016 campaign.”

2016 phishing attack

 

 

Article: Post-Election Spear Phishing Campaigns

A recent article warns of election related spear-phishing and malware infected emails.

—Begin—

In the wake of the 2016 United States Presidential Election, not even six hours after Donald Trump became the nation’s President-Elect, an advanced persistent threat (APT) group launched a series of coordinated and well-planned spear phishing campaigns.

These e-mails came from a mix of attacker created Google Gmail accounts and was appears to be compromised e-mail accounts at Harvard’s Faculty of Arts and Sciences (FAS). These e-mails were sent in large quantities to different individuals across many organizations and individuals focusing in national security, defense, international affairs, public policy, and European and Asian studies. Two of the attacks purported to be messages forwarded on from the Clinton Foundation giving insight and perhaps a postmortem analysis into the elections. Two of the other attacks purported to be eFax links or documents pertaining to the election’s outcome being revised or rigged. The last attack claimed to be a link to a PDF download on “Why American Elections Are Flawed.”

The post-election attacks launched by the Dukes on November 9 were very similar to previous attacks seen from the Dukes in both 2015 and 2016. The PowerDuke malware, first seen in August 2016, was once again used in these most recent attacks. Three of the five attack waves contained links to download files from domains that the attackers appear to have control over. The other two attack contained documents with a malicious macros embedded within them. Each of these different attack waves were slightly different from one another and are detailed below.

Attack Wave 1: eFax – The “Shocking” Truth About Election Rigging
Attack Wave 2: eFax – Elections Outcome Could Be revised [Facts of Elections Fraud]
Attack Wave 3: Why American Elections Are Flawed

—End—

More information can be found at: https://www.volexity.com/blog/2016/11/09/powerduke-post-election-spear-phishing-campaigns-targeting-think-tanks-and-ngos/

Receipt ###-### – Malicious Email With Attachment Sent to the Fordham Community on 09/29/2016

This is a Malicious email that has been reported. This message was
received on or about September 29th, 2016. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————

From: User_Name@gmail.com
Date: Thurs, Sept 29, 2016 at 6:46AM
To: user@fordham.edu
Subject: Receipt ###-###

*There is no body to this message only an attached file titled “Receipt”. The file is confirmed to be malicious.*

——————–End Message ——————————

DVSA RECEIPT – Malicious Email With Attachment Sent to the Fordham Community on 02/12/2016

This is a Malicious email that has been reported. This message was
received on or about February 12th, 2016. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————

From: copier@ <copier@fordham.edu>
Date: Fri, Feb 12, 2016 at 3:52 AM
To: user@fordham.edu
Subject: DVSA RECEIPT

Good afternoon

Please find attached your receipt, sent as requested.

Kind regards

(See attached file)

Fixed Penalty Office
Driver and Vehicle Standards Agency | The Ellipse, Padley Road, Swansea,
SA1 8AN
Phone: 0300 123 9000

Find out more about government services at www.gov.uk/dvsa

**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed.  Any views or opinions presented may be those of the
originator and do not necessarily represent those of DVSA.

If you were not the intended recipient, you have received this email and
any attached files in error; in which case any storage, use,
dissemination, forwarding, printing, or copying of this email or its
attachments is strictly prohibited.  If you have received this
communication in error please destroy all copies and notify the sender
[and postmaster@dvsa.gsi.gov.uk ] by return email.

DVSA’s computer systems may be monitored and communications carried on
them recorded, to secure the effective operation of the system and for
other lawful purposes.

Nothing in this email amounts to a contractual or other legal commitment
on the part of DVSA unless confirmed by a communication signed on behalf
of the Secretary of State.

It should be noted that although DVSA makes every effort to ensure that
all emails and attachments sent by it are checked for known viruses
before transmission, it does not warrant that they are free from viruses
or other defects and accepts no liability for any losses resulting from
infected email transmission.

Visit www.gov.uk/dvsa  for information about the Driver Vehicle and Standards Agency.
*********************************************************************

The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Vodafone in partnership with Symantec. (CCTM Certificate Number 2009/09/0052.) This email has been certified virus free.
Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes.

**The email contains an attachment that is malicious**

——————–End Message ——————————