Spam Friday!

This phishing attempt has been visiting many of you. It is indeed spam. Please delete it. F you’ve clicked on any of its links, please change your password at mypassword.pomona.edu

From: Microsoft Exchange-PayRoll Service
Date: Friday, June 9, 2017 at 2:12 PM
Subject: Outlook Web App WebMail -Paychecks Overview Status

Outlook Web App WebMail -Paychecks Overview Status
Go To My Paychecks-Overview-Status#042017
Payroll – Human Resources
© Microsoft Exchange.(PayRoll Service)

I know you didn’t fall for this one, right?

This email created a ticket in our Footprints ticketing system, much to my delight. A day without phishing is like a day without sunshine.

From: brenda.woodward@damelin.co.za:

Good day,

This is message to all staff.Please take a moment to complete a survey on incident INC0903501 regarding “help desk survey on your email” Your feedback is extremely valuable to keep the your effort relevant to this organization Click Here for the Help Desk Performance Survey

Please note: This e-mail and any attachments are intended solely for the use of the intended recipient(s) and may contain legally privileged, proprietary and/or confidential information. Any use, disclosure, dissemination, distribution or copying of this e-mail and any attachments for any purposes that have not been specifically authorized by the sender is strictly prohibited. If you are not the intended recipient, please immediately notify the sender by reply e-mail and permanently delete all copies and attachments.

Summer Phishing Hole

The examples below are yet more pathetic stabs at luring you in. I’ve italicized the notable issues with each. I am fairly sure I will run out of italics before the Phishers run out of lame attempts. (Though I confess, I wouldn’t mind having the name of “Kiki”.)


Example 1:

New Login From Another Device

Dear Costumer,
We are Detect new login from another device.

Date and Time: 08 JUNE 2017, 5:57 AM GMT
Browser: Firefox

Support team detect unauthorised person has accessed your account and now your account access has been locked for security measures, you must change your password from your Apple ID account page at:
Click Here

Sincerely,
Apple
Copyright © 2017 Apple. All rights reserved.

Example 2:

From: Kiki Zondag
Sent: Thursday, June 08, 2017 11:34 AM
To: Kiki Zondag
Subject: IMPORTANT ALERT

EmailAlert#1818

We have sent you a message.

Your e-mail account was LOGIN today by Unknown IP address: 103.240.180.228, click on the Administrator to validate and verify your e-mail account to avoid temporary block.
Help Desk

“Internet Security Damaged !!!”

Well. I’ll say.

One of you sent me this example today. Tons of fun here.

1. After the rather alarming announcement about damaged internet security (as if we didn’t already know this),
2. Every Single Word In The First Few Paragraphs Is Capitalized. I mean every Single Word.
3. Security buzzword garbage abounds. Your TCP connection. Your Firewall. Leaked. Trojan Virus.
4. You are given a choice of visiting your Nearest Windows Service Center [sic]. Tell me, just off the top of your head, where IS your nearest Windows Service Center? Is that by any chance a booth in America’s Discount Tire?
5. Or you can of course call the Help Desk…. TOLL FREE!

Let me tell you what will happen. You will call them and they will ask to start a remote session with you on your computer so they can scan it for viruses. During that scan, they will (of course) find something wrong with your computer that they can probably help you with but there will be some charge for the service. There will most certainly be some form of this give and take. “Let us in” “Oh noze! You need to buy my service, give me your credit card, etc.”

Finally, the entire missive has an interesting and education cut and paste below the initial atrocity. This looks as though it’s been lifted from Wikipedia. Be that as it may and though it is indeed pasted in to the rest of this message, go ahead and read it for your own edification.

Warning: Internet Security Damaged !!!

A Suspicious Connection Was Trying to Access Your Logins, Banking Details & Tracking Your Internet Activity.

Your TCP Connection Was Blocked by Your Firewall. Your Accounts May be Suspended Until You Take an Action.

Your Personal Information May Have Leaked. IMMEDIATE RESPONSE REQUIRED

Your Hard Disk May Have Trojan Virus! Please Do Not Try to Fix Manually, It May Crash Your Data.

Consequently, we are performing additional security checks to verify system security.

Please Visit Your Nearest Windows Service Center OR Call Help Desk

———————————————————
Customer Service: + 1-844-870-4018 (TOLL-FREE)
———————————————————

********** IMMEDIATE RESPONSE REQUIRED **********

Please contact network administration to rectify the issue.
Please do not open internet browser for your security issue to avoid data corruption on your registery of your operating system. Please contact network administration department at + 1-844-870-4018 (TOLL-FREE)

Virus Info:
A Trojan horse, or Trojan, in computing is a non-self-replicating type of malware program containing malicious code that, when executed, carries out actions determined by the nature of the Trojan, typically causing loss or theft of data, and possible system harm. The term is derived from the story of the wooden horse used to trick defenders of Troy into taking concealed warriors into their city in ancient Greece, because computer Trojans often employ a form of social engineering, presenting themselves as routine, useful, or interesting in order to persuade victims to install them on their computers.

A Trojan often acts as a backdoor, contacting a controller which can then have unauthorized access to the affected computer. The Trojan and backdoors are not themselves easily detectable, but if they carry out significant computing or communications activity may cause the computer to run noticeably slowly. Malicious programs are classified as Trojans if they do not attempt to inject themselves into other files (computer virus) or otherwise propagate themselves (worm).

A computer may host a Trojan via a malicious program a user is duped into executing files or browsing internet.
Please contact network administration department at + 1-844-870-4018 (TOLL-FREE)

Won’t someone help this poor man?

One of you sent me an email you had received this morning. It would not be worthy of note except that it’s just so blatant. It’s as if the sender didn’t even care anymore. It’s drips apathy. It exudes a lack of enthusiasm. It’s as if this poor person has no reason to try, no point in seeking success. I think an intervention might be necessary.

I kind of feel sorry for him/her.

Subject: Service Desk

Your mailbox is full.

Upgrade your account with the following link: http://deskmes.zohosites.com/

©2017 Helpdesk

On second though, nah.

First Dropbox, then Google, now Whatsapp

Social engineering continues. We are so trained to respond immediately to emails, invitations and phone calls that the bad guys are using our bad habits against us.

We recently received an email informing us gleefully that we have a new voice mail message from Whats App. All the cool kids are using it.

Since we know no one who uses the app we were immediately suspicious and rightly so. According to the Security Cheat Sheet website, the links in the email are malicious.

Beware of Phishing Scams that Spoof Legitimate WebSites

Phishing Scams come in many varieties. Some are personalized, i.e. ‘spearphishing’, but most are sent out to the widest possible distribution. One phishing email in particular is circulating the internet disguised as a notification from the popular messaging service, WhatsApp (see image below).

If you click the ‘Play’ button or any of the links contained in the email, your computer may become infected. The links embedded in the email direct your browser to a malicious or compromised website run by hackers. Once you’re on the malicious site, malware is downloaded to your computer.

Please delete the email!

Never click, never open, never respond, never give up, never surrender

It bears repeating.

If you receive an email, even from someone you know, that asks you to click on something, anything — Stop, drop and roll.

Think about it for a minute.

1. Were you expecting this?
2. Do you know this person?
3. Is the tone of the email something that provides you with the context of the request? (“Click here” is not informative.)
4. Is anything about the To: field out of the ordinary?

If you receive an email similar to the one below, just delete it. It’s bad.

From: “cnoble2@nd.edu”
Date: Wednesday, May 3, 2017 at 11:30 AM
To: “hhhhhhhhhhhhhhhh@mailinator.com”
Subject: Chelsea Noble has shared a document on Google Docs with you

Chelsea Noble has invited you to view the following document:

Open in Docs

Gone Phishing

I am taking a little vacation right now but couldn’t ignore today’s phishing as it seems to indicate a change to my. pomona.edu (the portal). This is definitely phishing. The sender address alone should alert you.

From: Sae Arm Park
Date: April 22, 2017 at 05:10:59 PDT
To: Undisclosed recipients:;
Subject: Upgrade Your Pomona College Account

We wish to inform you Pomona College are Upgrading our Pomona.edu login page. To Upgrade to latest version Simply CLICK HERE and get 32 gigabytes more space.

Copyright © 2017 Pomona College​

“Dear Pomona College Account Users”

For a change of pace, I thought I’d retype this message the way I might if ITS were actually to send it.

Here’s the original:

From: GONZALEZ VILLA TOMAS [mailto:tomas.gonzalez@usc.es]
Sent: Wednesday, April 12, 2017 8:10 AM
To: GONZALEZ VILLA TOMAS
Subject: RE: Dear Pomona College Account Users

Dear Pomona College Account Users.

You have exceeded your pomona.edu e-mail account limit quota of 2 GB and you are requested to expand it within 24 hours or else your pomona.edu e-mail account will be disable from our database. Simply CLICK with the complete information requested to expand your pomona.edu e-mail account quota to 10 GB.

Thank you for using Pomona College Webmail.
Copyright © 2017

Now my version:

From: Julie Journitz
Subject: From ITS: Information about your email account

All,

As ever, ITS continues to strive to provide you with the best services that will support your work here at Pomona College. It is important that your email service perform well and that you have confidence in privacy and consistency. That being said, from time to time you might receive some email that might suggest that you have something called “an email quota”. Some times it may be referred to as “limit” but regardless it will sugggest that there are boundaries to your email. BOUNDARIES? There are no boundaries here. This is a place filled with Daring Minds!

Now that same email might suggest that your account might be disabled. Pish tush. Of course not. For one thing, if the disabling of your account is based on the fact that you have exceeded your email quota which doesn’t exist, then it is logical to assume that the disablement of your account is just as false as the suggestion of an email quota.

We are so happy to be able to provide you with this service and with those others that help to make your experience here at Pomona College productive and rewarding.

Let me know if you have any questions!

Julie

Commitment? Yes! Irregular? No!

Some of you have reported receiving the following email from Mr. Avila. Let me just validate you. It is SO phishing. It’s VERY phishing. And add to that? It’s boring phishing. How am I to keep my creative juices flowing if there’s not a little bit more of a challenge than this?

I swear.

From: Anthony David Avila
Sent: Tuesday, April 4, 2017 11:26 AM
To: Anthony David Avila
Subject: RE: I T HELP DESK

As part of our commitment to help keep your account secure, we have detected an irregular activity on your account and we are placing a hold on your account for your protection. Please Click Here and follow the instructions to unlock your account