Spear Phishing Incident

All,

You may receive an email that is disguising itself as an email from Gabi. It’s definitely not from Gabi!
Spear Phishing is when the bad guys fake the identity of someone who may be up in the organizational chart and has the authority to driveways response.

Here’s the email (notice the email address of the sender?)

From: G. Gabrielle Starr [mailto:f_wolf4@aol.com]
Sent: Thursday, April 19, 2018 12:08 PM
To:
Subject: Work

Do you have a moment? I need you to take care of something.

Regards,
G. Gabrielle Starr

Incident Response

All,

It has come to our attention that a few email accounts appear to have been set up with a “rule” for incoming email to be moved directly to the Deleted folder. As we discover these accounts, the Client Services group is reaching out to talk you through the very important next step which is that of changing your password. Please work with them to get your account safe again.

We are still investigating the source and nature of this situation so we can’t provide you with more details yet. As soon as we have more information, we will report back.

In the meantime, this is an opportunity for us to remind you to be vigilant when reading your emails. Do not click on links in emails and we promise we’ll avoid using them. Especially at this time as we upgrade your email to Office365, you may be less than guarded as you work through slight differences in Outlook and webmail (OWA). That is certainly natural but as ever, your vigilance is an important part of your protection.

If you have a question regarding the nature of an email you have received, please don’t hesitate to bring it to our attention so that we can investigate it.

With my regards,

Julie Journitz
Director of Client Services

If it isn’t the IRS, it’s Publisher’s Clearing

I mean really. Does ANYONE know ANYONE who ever won this?

Here’s the scam:

Subject: Released on 28th-03-2018

Winning#: PCH -X8392

You have won the publishers clearing house sweepstakes prize worth $1 Million Dollars, released on 28th-03-2018.
To redeem your prize, you are requested to forward the above winning number to our agent email address via ( pch-alert@outlook.com )

Congratulations!
(Publishers Clearing House)

One of you was nice enough to let me know that I could have all of your winnings. Bonjour Paris. Au revoir Claremont.

Tax Season is Upon Us

And that means that you may be receiving calls supposedly from the IRS, a newer, meaner IRS. This IRS intends to have you arrested for something you did or did not do on your taxes. I’ve mentioned this in the past but it bears repeating as one of my colleagues received a call. The partial transcript is as follows:

“_⁠_⁠_⁠_⁠_⁠_ after that you will be taken under custody by the local cops as there are _⁠_⁠_⁠_ serious allegations pressed on your name _⁠_ this moment we would request you _⁠_⁠_⁠_⁠_⁠_⁠_ back to us so that we can discuss about this case before taking any legal action against you the number to reach us is 607-595-4407 I repeat 607-595-4407 thank you…”

The audio portion (which I could not upload for you) is definitely automated and the script read is almost certainly written by someone for whom English is a second language.

At any rate, the IRS will not call you at home to harass you. We may think many things about the IRS (and not all very kind things) but they will not call you and threaten you with the “local cops”

So if you’re a lucky one to receive this phone call, just hang up.

Scam by Dr. John Largen

Students are receiving the following email from someone who says he is Dr. John
Largen. This is completely fraudulent.

“From: Dr John Largen
Sent: Wednesday, February 21, 2018 5:33 PM
To:
Subject: Part Time Job Offer Available

FIXED-TERM (PART-TIME)FACULTY POSITIONS

Hello i am Dr. John Largen and I work as a clinical counselor for the department of Disability Resources and Educational Services (DRES). I provide individual and group therapy, coaching, assessment and academic screenings to support students with disabilities (physical, chronic, psychiatric, and invisible)registered with DRES. A large percentage of the students served by the mental health unit have psychiatric disabilities or co-morbid psychiatric disabilities and need mental health support to be successful at the university. In addition,many University of students with academic difficulties and no prior diagnosis are seen and assessed through the academic screening and assessment process. I also am the director of supervision, training and coordination of counseling psychology and clinical psychology graduate students of the United States who have practicums at DRES and APA-accredited school psychology pre-doctoral interns.You have received this email because you have an offer from the University Office for Students with Disabilities to work with me while we help Students with disabilities frustrated with ignorance and lack of services but as my temporary personal assistant. I care about Animal Welfare, Arts and Culture, Children, Civil Rights and Social Action, Education, Environment, Disaster and Humanitarian Relief, Social Services and lots more.This is a very simple employment. You will only help me Mail letters, Make payments at Walmart and purchase some Items when needed. This employment only takes an hour a day and 3 times a week for $620 weekly.I am unable to meetup for an interview because I am currently away and helping the disabled students in Australia. You will be paid in advance for all tasks and purchased to be done on my behalf and some of my personal letters and mails will be forwarded to your residence or nearby post office for you to pick up at your convenience. Upon my arrival we will discuss the possibility of making this a long-term employment if I am impressed with your services while I am away. My arrival is scheduled for the last week of March 2018

To Apply, Please email your Full name, Address, Alternate email (different from school email) and mobile

Regards, Dr. John Largen”.

This is not the way you will be told there’s a police situation

If you want to be alerted about emergencies on campus, go here: https://www.pomona.edu/emergency/how-update-your-connect5-emergency-contact-information

The link in the email brings you to a mock-up of our old portal login to get the username and password. The myPOMONA address links to http://storeno.today/po.

From: Ahmad Ghouri [mailto:A.A.Ghouri@sussex.ac.uk]
Sent: Wednesday, January 24, 2018 4:06 PM
To:
Subject: Reported Emergency on Campus
Importance: High

Hello All,

There has been a police situation on campus, we encourage everyone to read and follow

protocol.

This message is sent via secured HTML myPOMONA to view.

Thanks,
Ahmad Ghouri

Pomona College
333 N. College Way
Claremont, CA 91711

What’s up with Meltdown and Spectre?

Meltdown and Spectre KernelYou may have seen news articles recently about two significant new flaws found in computers, smartphones, tablets and other devices, called Spectre and Meltdown. Security researchers discovered these flaws, which impact the computer processors (CPUs) that are in the heart of all the computerized equipment you own and use every day.

These bugs could allow hackers to steal data from your devices through malicious software or a hacked web site. The bugs affect computer hardware dating back to the mid-1990s, so updates to operating systems such as Windows, macOS, Linux, Android, and iOS are required to protect devices from these flaws.

ITS is working with our vendors and the our colleagues across the technology community to update College-managed technology resources (including College-owned Windows and Mac computers) as vendors release updates.

For your own devices — including smartphones, tablets, home computers, etc. — we recommend you use your device’s software update feature to make sure you are updated to the latest versions. This includes updating web browsers like Chrome and Firefox to the latest versions, which contain some protections against Spectre and Meltdown.

Some manufacturers will be releasing updates in the weeks to come, so we recommend you continue to check your devices’ update features for new versions. As a standard practice, you should keep your devices updated with your providers’ most recent updates. The method changes from manufacturer to manufacturer, so if you’re unsure about how to proceed, please contact the ITS Service Desk for assistance. Familiarize yourself with methods of protecting yourself and your devices by reviewing information provided to you at the ITS Security page.

I think he’s retired

And even if Professor McGaha didn’t retire (he did), he sure as HECK doesn’t care about your email account.
Rest assured this is spam!

From: Michael McGaha
Sent: Tuesday, December 19, 2017 8:15 AM
Subject: Your @ Ponoma . edu mail account has expired

Your @ Ponoma . edu mail account has expired, You must renew now or your account will be closed.

Click here:

IT Help Desk.

Email with Subject of “Hello”

All, the email with text below is phishing. Please delete it. Thank you.

From: Julia Laurel Rogers
Date: December 13, 2017 at 7:20:35 AM PST
To: Undisclosed recipients:;
Subject: Hello

We are currently upgrading our database and e-mail account center i.e homepage view, enhance security installations of new 2017 anti-spam and anti-virus software, large mailbox space. Kindly verify your e-mail within 24 hours or your e-mail will be temporarily suspended. CLICK HERE to verify your e-mail.

Thanks for your co-operation,

Pomona IT Help Desk,
Pomona Support Help Desk,
©Copyright 2017 Pomona College

You know it’s spam!

Many of you have received the following:

From: Janelle C Herring
Date: December 8, 2017 at 5:06:17 AM PST
To: “update@mymail.pomona.edu”
Subject: UPGRADE

Your POMONA COLLEGE mailbox size has reached 901.20GB, which is over 90% of your 1000.00GB quota. Please SUBMIT HERE for Outlook to increase some more space for new messages to avoid exceeding your quota.

Please delete it. There are several giveaways here. Thanks for reporting back!