Cyber Criminals Are After Your Information

One of the most valuable currencies on the internet is information, and there are attackers dedicated to accruing it around the clock. Shared below are some of more commonly used techniques.

Pharming

Pharming is also referred to as Domain Name System (DNS) poisoning. Pharming modifies a system’s host files or domain name system to automatically redirect users to a fake URL or website, even if the user enters the correct web address or uses a bookmarked page. When successful, this form of phishing can collect the desired information with the user none the wiser as they have navigated to legitimate website.

Content Injection

Content Injection phishing is similar to pharming in that it uses a legitimate website to compromise the user’s personal information. The difference being that the hack/malware is added to the back end of a legitimate website instead of the user’s device. With this type of phishing, the hacker is able to mislead and redirect the user to get them to give up their personal information.

These two forms of phishing may be a little harder to detect without the proper tools

Man-in-the-Middle Attacks

Man-in-the-middle (MitM) attacks occur when a hacker sets up between the user and the websites they are trying to use, like an online banking site or even social networking page. They then take the users’ information as it’s being entered, making it harder to detect this type of phish.

 

Search Engine Phishing

Search engine phishing is executed by hackers creating malicious webpages. They often contain enticing offers and attempt to get users to click on the page, when it is pulled up as a result from a search engine query. It’s important to pay attention to the web addresses you are being directed to in order to avoid being tricked into providing your personal information.

Stay Protected

  • Use anti-virus and spyware software
  •  Antivirus and spyware software is sometimes underrated. Having the software on all of your devices can seriously reduce the risk of pharming and content injection phishing schemes.
  • Make sure all of your programs, apps, and tools are up to date.
  • When updates are pushed they ensure that vulnerabilities are detected and patched, and if the updates aren’t installed, it can put your device(s) at risk.

Detailed information regarding phishing scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

 

 

Yahoo says all three billion accounts hacked in 2013 data theft

(Reuters) – Yahoo on Tuesday said that all 3 billion of its accounts were hacked in a 2013 data theft, tripling its earlier estimate of the size of the largest breach in history, in a disclosure that attorneys said sharply increased the legal exposure of its new owner, Verizon Communications Inc (VZ.N).

The news expands the likely number and claims of class action lawsuits by shareholders and Yahoo account holders, they said. Yahoo, the early face of the internet for many in the world, already faced at least 41 consumer class-action lawsuits in U.S. federal and state courts, according to company securities filing in May.

John Yanchunis, a lawyer representing some of the affected Yahoo users, said a federal judge who allowed the case to go forward still had asked for more information to justify his clients’ claims.

“I think we have those facts now,” he said. “It’s really mind-numbing when you think about it.”

Yahoo said last December that data from more than 1 billion accounts was compromised in 2013, the largest of a series of thefts that forced Yahoo to cut the price of its assets in a sale to Verizon.

Yahoo on Tuesday said “recently obtained new intelligence” showed all user accounts had been affected. The company said the investigation indicated that the stolen information did not include passwords in clear text, payment card data, or bank account information.

But the information was protected with outdated, easy-to-crack encryption, according to academic experts. It also included security questions and backup email addresses, which could make it easier to break into other accounts held by the users.

Many Yahoo users have multiple accounts, so far fewer than 3 billion were affected, but the theft ranks as the largest to date, and a costly one for the internet pioneer.

Verizon in February lowered its original offer by $350 million for Yahoo assets in the wake of two massive cyber attacks at the internet company.

Some lawyers asked whether Verizon would look for a new opportunity to address the price.

“This is a bombshell,” said Mark Molumphy, lead counsel in a shareholder derivative lawsuit against Yahoo’s former leaders over disclosures about the hacks.

Verizon did not respond to a request for comment about any possible lawsuit over the deal.

Verizon, the likely main target of legal actions, also could be challenged as it launches a new brand, Oath, to link its Yahoo, AOL and Huffington Post internet properties.

In August in the separate lawsuit brought by Yahoo’s users, U.S. Judge Lucy Koh in San Jose, California, ruled Yahoo must face nationwide litigation brought on behalf of owners accounts who said their personal information was compromised in the three breaches. Yanchunis, the lawyer for the users, said his team planned to use the new information later this month to expanding its allegations.

Also on Tuesday, Senator John Thune, chairman of the U.S. Senate Commerce Committee, said he plans to hold a hearing later this month over massive data breaches at Equifax Inc (EFX.N) and Yahoo. The U.S. Securities and Exchange Commission already had been probing Yahoo over the hacks.

The closing of the Verizon deal, which was first announced in July, had been delayed as the companies assessed the fallout from two data breaches that Yahoo disclosed last year. The company paid $4.48 billion for Yahoo’s core business.

A Yahoo official emphasized Tuesday that the 3 billion figure included many accounts that were opened but that were never, or only briefly, used.

The company said it was sending email notifications to additional affected user accounts.

The new revelation follows months of scrutiny by Yahoo, Verizon, cybersecurity firms and law enforcement that failed to identify the full scope of the 2013 hack.

The investigation underscores how difficult it was for companies to get ahead of hackers, even when they know their networks had been compromised, said David Kennedy, chief executive of cybersecurity firm TrustedSEC LLC.

Companies often do not have systems in place to gather up and store all the network activity that investigators could use to follow the hackers’ tracks.

“This is a real wake up call,” Kennedy said. “In most guesses, it is just guessing what they had access to.”

Source: https://www.reuters.com/article/us-yahoo-cyber/yahoo-says-all-three-billion-accounts-hacked-in-2013-data-theft-idUSKCN1C82O1

Have you heard of Spear and Whale Phishing?

Spear Phishing

(Photo from – https://oxen.tech/blog/spear-phishing-new-twist-old-scam/)

Spear Phishing is really what it sounds like, a directly pointed attack. The attackers gather as much information as they can from the internet to build a more personalized, and believable attack.

  

(Photo from – http://resources.infosecinstitute.com/category/enterprise/phishing/spear-phishing-and-whaling/#gref)

 Whaling

Whaling is a specific form of spear phishing, in which the attacker goes after a high-profile target associated with a business, or government entity.  These victims may include but are not limited to senators, CEO’s, and those with access to company’s finances.

  • Pay close attention to the emails you receive.
  • Look for spelling and grammatical errors. Hover over URLS to reveal the destination of the link. Also hover over the links at the bottom of the email, many times these may look functional but are not.
  • If you’re being requested to verify personal information (name, D.O.B, or SSN) don’t use any forms provided in the email. Visit the home page for the business instead and check your account that way, or call customer service for more information when possible.
  • Businesses can avoid whale phishing by simply implementing a specific stationary for their emails directed to their employees. Making it easier to spot a spoofed email.

Detailed information regarding phishing scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureITor from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

Alert: Tragic Event Related Scams

Via: US-CERT

“In the wake of Sunday’s tragic event in Las Vegas, US-CERT warns users to be watchful for various malicious cyber activity targeting both victims and potential donors. Users should exercise caution when handling emails that relate to the event, even if those emails appear to originate from trusted sources. Event-related phishing emails may trick users into sharing sensitive information. Such emails could also contain links or attachments directing users to malware-infected websites. In addition, users should be wary of social media pleas, calls, texts, fraudulent donation websites, and door-to-door solicitations relating to the recent tragic event.

To avoid becoming victims of fraudulent activity, users and administrators should consider taking the following preventive measures:

Source: https://www.us-cert.gov/ncas/current-activity/2017/10/03/Tragic-Event-Related-Scams

What are Smishing and Vishing?

(Photo from – YouTube.com )

What is Smishing??

Smishing is SMS-Phishing, messages that are sent to your mobile device to attempt to obtain your credentials (usernames, and passwords) or financial information (credit card, and social security numbers).  While these may be a little easier to spot (How did I win $1000.00 Wal-Mart gift card if I never signed up for a contest?) we should still be mindful that the potential risk is still there.

(Photo from – https://info.phishlabs.com/blog/vishing-campaign-steals-card-data-from-customers-of-dozens-of-banks)

Vishing

Similar to Smishing is Vishing. Hackers use IVR software to try to obtain sensitive information.

As with email phishing schemes there are a few steps we can take to ensure we aren’t targets of these two forms of phishing.

  • If it sounds too good to be true, it just might be!
    • If you receive a text message from a number you don’t recognize, do not click any links that may appear in the body of that message.
    • Also if you receive a phone call from a phone number you aren’t familiar with, allow it to go to voice mail. Reputable businesses will leave you a message if necessary.
  • Avoid sharing your mobile number.
    • While there may be many offers/memberships that request your cell phone number, limiting the number of websites you enter your cell number into will reduce your risk of Smishing and Vishing.

Detailed information regarding phishing scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureIT or from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

 

 

What is Phishing?

(Photo from – http://www.uidaho.edu/infrastructure/its/departments/security/phishing-scams)

Phishing is a fraudulent communication sent that appears to come from a reputable company or person, with the intent to obtain the users credentials (usernames, and passwords) or their financial information (i.e. credit card, and Social Security numbers). While phishing is one of the oldest types of cyber scams or attacks that is still prevalent in today’s world, the criminals that launch the attacks have evolved with technology making some phishes harder to identify than others.

How do I spot a phishing scam?

  • If you don’t know the sender, don’t open the email or download any attachments.
    • Even if the sender is someone you’re familiar with or do business with, pay attention to the subject line, senders email address, and body of the email. Look for spelling mistakes, hover over any URLS to see where they will take you (DO NOT CLICK ON ANY SUSPICIOUS LINKS) and if possible contact the sender to verify the contents of the email.
  • Don’t trust that link!
    • If you receive an email requesting you log in to verify account information, navigate to their home page directly. Avoid using the links provided within the email as they may automatically download Malware to your device or take you to a website that will do so.
  • Don’t fill in those blanks!
    • Do not enter your personal information (name, D.O.B, SSN, etc.) on to a form that is embedded into a suspicious email. Again if you need to verify account information for a reputable business navigate to their page directly. 
  • Does something look off?
    • Pay attention to the emails you receive regularly, they can help you spot a phony in the future. Great phishers will recreate websites with small discrepancies, keeping an eye out for minor or careless mistakes can keep you safe.

Detailed information regarding phishing scams and other IT security topics are available on our IT Security website at: www.fordham.edu/SecureITor from our blog at fordhamsecureit.blogspot.com

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

 

 

 

 

 

Don’t be a victim of a phishing scheme!

Phishing is the act of attempting to deceive a user into divulging personal or confidential information such as login credentials, credit card information, etc., to gain access to resources that enable them to steal your identity.

Phishing scams usually come in the form of email messages and false websites. Cyber criminals use social engineering to learn about their targets and then use that information to try and gather your personal information.

Below is an example of a phishing campaign scam.

phishing_email_example

Things to look for to identify that you may be targeted include:

  • Spelling and bad grammar: Phishing emails are commonly plagued with spelling and grammatical errors.
  • Links in emails: Links in emails may appear as though they are taking you to a legitimate website however they can be disguised. Hover over (DO NOT CLICK)  links and see if you are being re-routed to some other page.
  • Threats: Some emails contain threats to include legal action, time sensitive materials, etc. These are designed to convince you to make a hasty decision and click a malicious link or open a unsafe attachment.
  • Spoofing a legitimate website or company: Some emails will appear to come from a legitimate company. However that is far from the case. Again, attackers will try to make everything appear to be legitimate but things such as suspicious URL’s (pages with names not associated with the website or company), or outdated information can be tell-tale signs something is not right.

Visit us daily for more tips tips during National Cyber Security Awareness Month starting October 2nd.

If you believe you are being targeted by a phishing campaign or have received a phishing email, please contact IT Customer Care at (718) 817-3999 or HelpIT@fordham.edu.

Netflix Scam Warning

via: malwarebytes

Always be on your toes

While we are used to receiving scam attempts pretending to be from banks, online shops, credit card companies, and international courier services that does not mean all the other emails are safe. Far from it. To demonstrate this point we will show you a scam aimed at Netflix customers which has been used in the Netherlands and is now doing the rounds in the UK but could just as easily spread to the US.

The mail in question

The sender address, in this case, was supportnetflix@checkinformation[.]com and the content of the email informs us that there has been a problem with our last payment. Obviously to those of us who are not customers of Netflix this is the first red flag. The fact that the domain name checkinformation[.]com does not belong to Netflix is another big red flag. In fact, the domain is for sale at the moment of writing.

phishing mail

Netflix

Account disabled!

Dear User,

We’re having some trouble with your current billing information. We’ll try again. But in the meantime you may want to update your payment details. During the next login process, you will be required to provide some informations like (billing info, phone number, payment info)

 

So the email asks us to fill out our payment details on a site. This should always be a red flag for everyone. A security-aware company does not provide you with a clickable button to their site. They will tell you to log into their site and provide you with instructions on how to proceed. They will not provide a direct link to a page with a form to fill out asking for billing information and what not.

Pay attention to

When you have to provide such details always look for the green padlock in the address bar of your browser.

green padlock

Remember that the green padlock is not the sole condition, but it is a must before you proceed.

Another telltale sign is spelling errors, but again, the lack of them is not a definite green light to proceed. Scammers have learned that their efficiency goes up if they pay attention to their spelling.

Also never judge a site by its looks, because phishers are masters in the art of copying the layout and images from legitimate sites. In fact, they usually link to the actual layout and images of the website they are pretending to be.

source: https://blog.malwarebytes.com/cybercrime/2017/09/netflix-scam-warning/

Hackers compromised free CCleaner software, Avast’s Piriform says

via: Reuters

SAN FRANCISCO (Reuters) – Hackers broke into British company Piriform’s free software for optimizing computer performance last month potentially allowing them to control the devices of more than two million users, the company and independent researchers said on Monday.

The malicious program was slipped into legitimate software called CCleaner, which is downloaded for personal computers and Android phones as often as five million times a week. It cleans up junk programs and advertising cookies to speed up devices.

CCleaner is the main product made by London’s Piriform, which was bought in July by Prague-based Avast, one of the world’s largest computer security vendors. At the time of the acquisition, the company said 130 million people used CCleaner.

A version of CCleaner downloaded in August included remote administration tools that tried to connect to several unregistered web pages, presumably to download additional unauthorized programs, security researchers at Cisco’s (CSCO.O) Talos unit said.

Talos researcher Craig Williams said it was a sophisticated attack because it penetrated an established and trusted supplier in a manner similar to June’s “NotPetya” attack on companies that downloaded infected Ukrainian accounting software.

“There is nothing a user could have noticed,” Williams said, noting that the optimization software had a proper digital certificate, which means that other computers automatically trust the program.

In a blog post, Piriform confirmed that two programs released in August were compromised. It advised users of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 to download new versions. A spokeswoman said that 2.27 million users had downloaded the August version of CCleaner while only 5,000 users had installed the compromised version of CCleaner Cloud.

Piriform said that Avast, its new parent company, had uncovered the attacks on Sept. 12. A new, uncompromised version of CCleaner was released the same day and a clean version of CCleaner Cloud was released on Sept. 15, it said.

The nature of the attack code suggests that the hacker won access to a machine used to create CCleaner, Williams said.

CCleaner does not update automatically, so each person who has installed the problematic version will need to delete it and install a fresh version, he said.

Williams said that Talos detected the issue at an early stage, when the hackers appeared to be collecting information from infected machines, rather than forcing them to install new programs.

Piriform said it had worked with U.S. law enforcement to shut down a server located in the United States to which traffic was set to be directed.

It said the server was closed down on Sept. 15 “before any known harm was done”.

Source: https://www.reuters.com/article/us-security-avast/hackers-compromised-free-ccleaner-software-avasts-piriform-says-idUSKCN1BT0R9

Equifax Breach: Find out if you’re affected

via: Shannon Ortiz, Director of IT Security at Fordham University

Dear Colleagues and Students,

As you may have heard in the news, Equifax, a credit reporting agency widely used by major credit card companies, banks, retailers, and lenders (including lenders of student loans), has suffered a serious data breach affecting over 143 million people. Cybercriminals have stolen names, Social Security numbers, birth dates, addresses, and the numbers of some driver’s licenses.

Educate yourself about the breach: Equifax has set up a website, equifaxsecurity2017.com, with more information about the breach. Included is a page for checking whether your personally identifiable information (PII) was part of the breach.

If your PII was breached, Equifax gives you the option to enroll in their credit monitoring service, TrustedID Premier. Note that during the enrollment process, Equifax requires you to sign a consent form in which you agree to not take any legal action against Equifax related to the breach.

Good online hygiene: Fordham IT will NEVER ask for your username and password, or ask you to click any links to validate or verify your account or password. If you receive questionable or suspicious emails, contact IT Customer Care and allow the UISO to validate the legitimacy of these emails.

Educate yourself some more: Take the UISO’s online, self-paced course, “UISO Security Training.” The course can be accessed in Blackboard, under My Organizations. Login to Blackboard via My.Fordham.edu or directly from Fordham’s Blackboard portal.

If you need more information, please reach out to the University Information Security Office: infosec@fordham.edu