Category Archives: Phishing Email

Alert: Phishing Messages from WeTransfer

Please be advised that there are suspicious emails circulating that are targeting members of the Fordham Community. The subject line of these emails contain the words “sent you files via WeTransfer”. The messages contain a file download link from a seemingly legitimate email source. However, the file itself instructs the user to go to a phishing site and enter confidential information.

These are not legitimate emails and should be reported immediately.
Please remain diligent and avoid giving any personally identifiable information through email. Files sent via WeTransfer can be easily crafted to look like they are from legitimate email addresses and even trusted third parties. Do not assume a message from WeTransfer is trustworthy based on the displayed name of the sender. Pay attention to the sender of the email and if something appears suspicious, contact the sender directly to verify the messages legitimacy. DO NOT respond via email. If direct contact with the sender is not possible, please contact ITCC for assistance.

The content of the email is as follows:

————Start of Message————

From: WeTransfer <noreply@wetransfer.com>
Date:
Subject: fake@notreal.com sent you files via WeTransfer
To:

————End of Message————

Please remember that Fordham IT will NEVER ask you for your username and password or ask you to click any links to validate or verify your account or password. If you receive questionable or suspicious communications, contact IT Customer Care and allow the University Information Security Office (UISO) to validate the legitimacy of these communication attempts.

New Email Scam Using Fake Netflix Website

Via: mailguard.com.au

A scam email has appeared today that is pretending to be from Netflix. MailGuard detected the new scam early this morning, and stopped the malicious emails from entering our client’s inboxes.

This scam email is relatively well designed. The scammers are using a template system to generate individualised messages with specific recipient data.

This works like a mail-merge; the body of the email is generic, but the sender field is designed to show the name of the intended victim, which personalises the scam making it more convincing.

In this case the scammer’s system has not worked as well as they hoped and in the example below – screen-captured by our operations team – you can see that the ‘recipient’ field in the email has not been merged successfully. Instead of the victim’s name, it shows the placeholder instead:

 

Screen Shot 2017-11-03 at 11.23.26-1.png

Aside from the error with the recipient name field, this email looks quite convincing. The message tells the intended victim that their Netflix billing information has been invalidated and urges them to update their details on the website. If the recipient clicks the link in the email they are taken to a fake Netflix page, that asks them to log in and then enter their personal information, including credit card details.

Of course, this website is completely bogus and is just a mechanism for the scammers to steal the victim’s identity and credit card information.

The fake Netflix site this scam is using is built on a compromised WordPress blog. Scammers can break into WordPress sites by making use of vulnerabilities in blog plugins and once in, they can make the website look enough like a real Netflix login page to trick their victims – as shown in the screenshot above.

Screen Shot 2017-11-03 at 11.24.52.png

Screen Shot 2017-11-03 at 11.25.22.png

With the detailed data the fake website form asks for: address; credit card details; driver’s license; mother’s maiden name; etc, the scammers could potentially execute an identity theft and gain access to the victim’s bank accounts as well as their credit cards.

Once the fake website has collected all the sensitive data the scammers want, the victim is shown a reassuring ‘reactivation’ screen.

Screen Shot 2017-11-03 at 11.26.15.png

If you receive an email from Netflix today, ‘Chill,’ but don’t click without thinking first. Scammers can make their fake emails and bogus websites look pretty convincing, so it’s always a good idea to check carefully that the email comes from the actual company domain and not a scammer.

Think Before You Click:

– Always hover your mouse over links within emails and check the domain they’re pointing to. If they look suspicious or unfamiliar don’t open them.

– Cybersecurity threats take many different forms from simple spyware downloads to sophisticated ransomware attacks. Your business can be exposed to a wide variety of different vectors: through peripherals; USB devices; networks; attachments; etc. Security best practice recommends a layered defence strategy to protect users against web threats and malware.

Netflix Scam Warning

via: malwarebytes

Always be on your toes

While we are used to receiving scam attempts pretending to be from banks, online shops, credit card companies, and international courier services that does not mean all the other emails are safe. Far from it. To demonstrate this point we will show you a scam aimed at Netflix customers which has been used in the Netherlands and is now doing the rounds in the UK but could just as easily spread to the US.

The mail in question

The sender address, in this case, was supportnetflix@checkinformation[.]com and the content of the email informs us that there has been a problem with our last payment. Obviously to those of us who are not customers of Netflix this is the first red flag. The fact that the domain name checkinformation[.]com does not belong to Netflix is another big red flag. In fact, the domain is for sale at the moment of writing.

phishing mail

Netflix

Account disabled!

Dear User,

We’re having some trouble with your current billing information. We’ll try again. But in the meantime you may want to update your payment details. During the next login process, you will be required to provide some informations like (billing info, phone number, payment info)

 

So the email asks us to fill out our payment details on a site. This should always be a red flag for everyone. A security-aware company does not provide you with a clickable button to their site. They will tell you to log into their site and provide you with instructions on how to proceed. They will not provide a direct link to a page with a form to fill out asking for billing information and what not.

Pay attention to

When you have to provide such details always look for the green padlock in the address bar of your browser.

green padlock

Remember that the green padlock is not the sole condition, but it is a must before you proceed.

Another telltale sign is spelling errors, but again, the lack of them is not a definite green light to proceed. Scammers have learned that their efficiency goes up if they pay attention to their spelling.

Also never judge a site by its looks, because phishers are masters in the art of copying the layout and images from legitimate sites. In fact, they usually link to the actual layout and images of the website they are pretending to be.

source: https://blog.malwarebytes.com/cybercrime/2017/09/netflix-scam-warning/

Alert: New DHL Phishing Emails Targeting Fordham Community

Please be advised that there are suspicious emails circulating that are targeting members of the Fordham Community. The email contains what appear to be images of package slips. However, the images redirect you to a malicious phishing site.

These are not legitimate emails and should be reported immediately.
Please remain diligent and avoid giving any personally identifiable information through email. Pay attention to the sender of the email and if something appears suspicious, contact the sender directly to verify the messages legitimacy. DO NOT respond via email. If direct contact with the sender is not possible, please contact ITCC for assistance.

The content of the email is as follows:

———- Start of Message ———-
From: DHL Service <baqader1407@gmail.com>
Date: Tue, Jun 27, 2017 at 9:50 AM
Subject: DHL delivery details ……
To:

Dear  Customer ,

Please find attached DHL AWB , pls printed and given to courier upon arrival .
Thanks

Best regards

DHL Expess Team

DHL receipt.pdf
—————End of Message—————-

 

Please remember that Fordham IT will NEVER ask you for your username and password or ask you to click any links to validate or verify your account or password. If you receive questionable or suspicious communications, contact IT Customer Care and allow the University Information Security Office (UISO) to validate the legitimacy of these communication attempts.

Re: Appointment As UNICEF Ambassador-Sent to the Fordham Community Around March 23, 2017

This is a Phishing email that has been reported. This message was
received on or about March 23, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————

UNITED NATIONS
Ambassador Registration Department,
Ambassador Ms Susan Namondo Ngongi
UNICEF (UN) Representative
P O BOX 4325
Accra, Ghana.
 
 
UNICEF GHANA 
4-8th Rangoon Close
P. O. Box AN 5051
Cantonment
Accra, Ghana.

Attn: Ambassador Select,


                                                Re: Appointment As UNICEF Ambassador.


 
  Greetings to you. Am Ms. Susan Namondo Ngongi the current UNICEF Representative in Ghana. On the behalf of the United Nations Children Fund(UNICEF) and the Federal Republic of Ghana, I wish to inform you that your name was in the Vetted list of candidate that World Health Organization (WHO) submitted for Appointment as the UNICEF New National/Regional Ambassador. Am very happy to inform you that you are among ten (10) selected by the new secretary general of United Nations Hon. António Guterres. The Executive Director of UNICEF Sir Anthony Lake, has given his acknowledgement on your  appointment as UNICEF National and Regional Ambassador as Field coordinator In Ghana, and the current new president of Ghana Nana Akfo-Addo has also given his consent to your appointment, among his agent for Ghana is to provide humanitarian and developmental assistance to children and mothers in the country. Due to the increase of natural disaster and man-made crises around the globe, which has rendered most people homeless, there is an increase of lack of food, good water, education, shelter, and medication, which call for immediate attention. The need of humanitarian service has double more than ever; there is a high need of humanitarian officer that is why we do need you to care for some responsibility in refugee camps in Asia/Africa.
 
Benefits and Entitlements.
 
Ambassador’s benefit from family friendly, work-life, and diversity policies, and UNICEF is committed to maintaining a balanced gender and geographical representation. Other Benefits and entitlements include:
 
• Annual leave
• Dependency allowance
• Medical and dental insurance
• Pension scheme
• Rental subsidy
• Education grant
• Home leave
• Life insurance
• Paid sick leave
• Family leave
• Family Visit
• Maternity / Paternity adoption leave
• Special leave
 
Job Description.
 
Your responsibility as Field coordinator will be to care for the following.
 
    An administrative headquarters to coordinate services.
    Sleeping accommodations (frequently tents).
    Hygiene facilities (washing areas and latrines or toilets).
    Clinics, hospitals and immunization centers.
    Food distribution and therapeutic feeding centers.
    Communication equipment (e.g. radio).
    Security, including protection from banditry (e.g. barriers and security checkpoints).
    Peacekeeping troops to prevent armed violence.
    Places of worship.
    Schools and training centers (if permitted by the host country).
    Markets and shops (if permitted by the host country).
    Organizing workshop to educate children and women: given then education and preventive measure on health issues such as Aids, Cancer, Malaria, sickle cell anemia and typhoid fever
    Organizing a workshop to improve Talents in camps both children and women.
    Fund-Raising and Good communication.
 
The United Nations High Commissioner for Refugees (UNHCR) will provide all these facility mentions above. Is there any Benefit of accepting this position? Yes, there are a lot of benefit and allowance that wait for the New National/Regional  UNICEF Ambassador. Below is the line-up of your salary, your salary is a post adjustment salary. The post adjustment salary includes, a monthly base salary multiplier and takes into account cost-of-living factors and exchange rate fluctuation as well as inflation.
 
 
Salary of $55,000.00USD
Health allowances $4,543.00USD
Traveling allowance $6,321.00USD
 
Which is sum up to $65,864,00USD that you will be receiving monthly, besides you will be given a compensation of $50.000USD, also a good furnish 4 bedroom Apartment (optional if you wish to relocate to the place of duty) and a private SUV of your choice from the United Nations. In addition to this, you also have the mandatory right to claim any fund from any other financial institution or organization, being you the beneficiary or benefactor, without any form of disagreement or controversy. Moreover, you will be able to set up a refugee camp or Orphanage home in your own residential country with the UN Certificate of permit that will be the issue to you.
 
 Ambassador selects, so what then hold you back from completing your registration? Kindly get back to me with the complete filled forms, alongside with a size passport photograph of yourself and any means of your identification (your personal file and document are safe with us, we cherish the confidentiality of our Staff), kindly send them as soon as possible to complete your registration, which will only take 7 working days before all files and your official document to be ready before you resume office with all benefit, allowance, and compensation to be given to you. 
 
 
 
Best Regard,
Ambassador Ms Susan Namondo Ngongi
UNICEF Representative,
For Urgent Reply: susan-unicef@diplomats.com
Accra, Ghana.
    
                                                         ©2017 Unicef – All rights reserved
 
 
 
 
——————–End  Message ——————————

Eviction Notice #: Phishing Email Sent to the Fordham Community on 3/16/2017

This is a Phishing email that has been reported. This message was
received on or about March 16th, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————
From: <owsaxj@wireconsult.com>
Date: Thursday, March 16, 2017 at 6:44 PM
Subject: Eviction Notice # …..
To: user@fordham.edu

The eviction will take place on the date named in the enclosure unless you:

1. Leave the property and return control of the property to the landlord;
or
2. The occupant has the right to pay full amount ordered by the Court in the warrant of restitution to the landlord to stop the eviction process, unless the court checked the box on the Warrant of Restitution that says \”Without Right of Redemption\”.

The occupant has the right to pay the redemption amount to the landlord in cash or check at any time before actual execution of the eviction will take place.
On the day of eviction, the payment shall be made to the landlord or landlord’s agent in the
presence of the Executive Service in orderto stop the eviction order execution.


To download details, please get more information here:


Get Your Eviction Notice <LINK HERE>


WARNING:
• Once Executive Service begins the eviction, any personal property that you leave in the leased premises is considered abandoned. The occupant does NOT have any right to re-enter the property or re-claim any property after the eviction process.
• All property may be disposed of by the landlord at any time after the eviction process begins. The landlord is prohibited from putting the property in the street or alleys.
This is the final notice of the date of the eviction that you will receive, even if the eviction date is postponed by the sheriff.



The hotelkeeper should deliver the payer 14 bright careers heed. This stop that the hotelkeeper cannot conjecture the day the notice is served on the tenant, and the hotelkeeper cannot conjecture the day the payer stirs up agitate elsewhere. Example: A payer has been having behind celebration and displeasing unlisted tenants . The hotelkeeper has hardened the payer aggregate caveats to control the partying, on the contrary the payer has forgotten the landlord. The hotelkeeper agrees to deliver the payer a 14 day notice to cease the occupation for worthy breach . If the hotelkeeper hand over the payer the notice on July 5, so the notice is adequate on July 20. Why? July 5 doesn’t conjecture seeing that is the yr the notice is served. July 6-19 are the 14 bright days, and July 20 doesn’t conjecture seeing this is the day the payer should move elsewhere.

—————————–End Message —————

Fw: COPY OF DOCUMENTI – Phishing Email Sent to the Fordham Community on 2/7/2017

This is a Phishing email that has been reported. This message was
received on or about February 7, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————

From: Regional Traffic Management Offi Cordillera Administrative Region <rtmocar_opn@yahoo.com>

Date: Tue, Feb 7, 2017 at 9:34 PM
Subject: Fw: COPY OF DOCUMENTI
To: user@Fordham.edu

FYI
*There is an attached PDF titled “Document.pdf”, an image of which can be seen below*

——————–End  Message ——————————

New Message Notification- Phishing Email Sent to the Fordham Community on 01/25/17

This is a Phishing email that has been reported. This message was
received on or about January 25th, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————
From: Fordham Support <fordhamsupport@comcast.net>
Date: Wed, Jan 25, 2017 at 2:10 PM
Subject: New Message Notification
To: user@fordham.edu

Your Fordham account Needs to be verified for security purpose.

Verify Now (Link contained within text)

Fordham University.

—————————–End Message —————

Phishing Email With Subject ‘Urgent’ Sent to the Fordham Community on 01/17/17

This is a Phishing email that has been reported. This message was
received on or about January 17th, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————

From: user@fordham.edu
Date: Tue, Jan 17, 2017 at 8:29 AM
Subject: Urgent
To: user@fordham.edu

2017 FORDHAM email update program, click UPDATE (<–Link here) and fill the form correctly to update your email.

——————–End Message ——————————

Phishing Email With No Subject Sent to the Fordham Community on 01/16/17

This is a Phishing email that has been reported. This message was
received on or about January 16th, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————

From:Kelby Chrivia <kpchrivi@mtu.edu>
Date: Mon, Jan 16, 2017 at 11:54 AM
To: user@fordham.edu
Subject:

2017 FORDHAM email update program, click UPDATE (<–Link here) and fill the form correctly to update your email.

——————–End Message ——————————