Whatever you might think of Angela Merkel

I think she has a right to her own beliefs.

That being said, many of us have received the message with the subject line of “Satanic ritual with German Chancellor Angela Merkel” which spews some rather bizarre stories at us. I think it’s safe to assume it probably has no good intentions and that you can plan on deleting it. We’ll see if we can get its delivery stopped.

*sigh*

This isn’t from Payroll

The link in the “Click here to View” line is something totally distinct from a legitimate Pomona College service.

From: Pomona College
Date: Tuesday, March 21, 2017 at 9:31 AM
To:
Subject: New Payroll

You have 1 new notification regarding your payroll.

Click here to View
Thank You.

Pomona College

Strangers don’t share folders with you

And friends don’t let friends click on shared folder links!

The following is phishing. Please note phish links and oddlymolded apostrophes.

From: Nicholas Reed Laukhuf [mailto:laukhufn@findlay.edu]
Sent: Monday, March 20, 2017 9:40 AM
Subject: Nicholas Reed Laukhuf Shared A Folder With You

Nicholas Reed Laukhuf (mailto:hughesz@findlay.edu)%20sent you an Important document via Google’ doc.

https://www.cmacollection.it/wp-admin/maint/goog/GD/PI/

Enjoy!
– The Google doc’ Team

Just say “Yes”

Or Don’t!

There’s a new phone scam out there and you need to be aware of it.

In this one, you will get a call from the Scammer who, after you answer it of course, will ask you a question to which you would naturally respond in the affirmative. Think of all the questions a stranger might ask you to which you could answer “Yes”.

“Can you hear me now?” (Yes.)
“Do you own your home?” (Yes, somewhat.)
“Is the sky blue?” (Mostly but not on the east coast right now.)

After you have answered, the caller hangs up. With a recording of your voice. Saying yes. This could be very bad. There’s a possibility the scam artist has recorded you and will use the response to sign you up for a product or service, and then demand payment. If you refuse to pay, the caller may use your recorded “yes” to confirm your purchase agreement.

Recommendations from AARP (Now, don’t scoff. There are a lot of us over 50 nowadays!):

  • Avoid answering calls from unfamiliar numbers. Honestly. It’s okay. You won’t offend anyone and, if it’s important, they’ll leave a message.
  • Always closely review your bills and credit card statement for unauthorized charges.
  • If you discover an unauthorized charge, call the biller immediately to dispute it.

Dissect it!

This email that many of you have received is definitely phishing. Let’s dissect it!

1. Though the “From” field shows “Microsoft Outlook – Helpdesk”, the address is actually from someone at Vanderbilt.
2. There is no Microsoft Outlook Helpdesk at Pomona College and I doubt very much that there’s one at Microsoft.
3. When we are talking about Mymail or Webmail or such, we’re talking about a remotely hosted service, not one on your computer.
4. The link to the MyMail Login Page goes to some website in the Ukraine (ua)
5. The signature of “Microsoft Outlook – University E-MAIL WEBMAIL,” is klunky, nonexistent and it’s Pomona COLLEGE not University.

Anyone see anything else?

From: Microsoft Outlook – Helpdesk [mailto:lisa.s.bauers@vanderbilt.edu]
Sent: Thursday, March 09, 2017 10:03 AM
Subject: Faculty and Staff Remote E-Mail Access Update Microsoft Outlook

Faculty and Staff Remote E-Mail Access Update

MyMail (Email) Login Page

Microsoft Outlook

To access College email just log into: https://mymail.outlook-owa.email.edu/email-update. Your login is your network username and network password (the same combination used to log into your college computer).
Microsoft Outlook – University E-MAIL WEBMAIL,

Mnuchin reaches out to you on withheld payments

Phishing, right? They went so far as to request a copy of your driver’s license, your home address, your mobile number and your blood type. Well, not that last one.

What is a little disturbing to me is not only is this someone trying to swipe your identity, but this entity is betting that you will go ahead and provide all your information for a claim you haven’t made. I mean, if someone is writing to you to “advise you of the status of your funds payment case”, is there ANY chance a person such as yourself is going to think it’s real? Or if it’s not real that there’s a chance you can make money anyway?

OF COURSE THERE’S NO CHANCE OF THAT!!!! We are not ANIMALS!

—–Original Message—–
From: U.S. DEPARTMENT OF THE TREASURY [mailto:info@treasury.org]
Sent: Monday, March 06, 2017 10:47 AM
Subject: COMMITTEE ON FOREIGN PAYMENT RESOLUTION PANEL ON WITHHELD PAYMENTS

U.S. DEPARTMENT OF THE TREASURY
1500 PENNSYLVANIA AVENUE, NW
WASHINGTON, D.C. 20220

I am Steven Mnuchin the Secretary of the U.S Department of the Treasury. The
executive agency responsible for promoting economic prosperity and ensuring
the financial security of the United States.

COMMITTEE ON FOREIGN PAYMENT RESOLUTION PANEL ON WITHHELD PAYMENTS

You are being contacted today because you have not received your awarded
funds and we want to advise you on the status of your funds payment case.
Recently there was a court decision that favored you in getting your funds
back from international banks withholding your funds. Although you are
hearing from us for the first time, we have been working very hard for
beneficiaries and making progress on our research on why international banks
had failed to completely credit funds to international beneficiaries
account.

We have also taken time to review unsuccessful transactions with most
international inheritance/contract insurance companies and other foreign
banks especially in Africa, Asia and the United Kingdom. We wish to let you
know that we have communicated with most of these foreign banking
institutions withholding most international payments to individuals and
companies so as to find out why these funds were withheld, the source of the
funds and a final solution to this problem.

Conclusively, we discovered that most withheld and unpaid funds originating
from lottery organizations, international trading, company’s awarded
contract funds and deceased persons where not properly filed for
international funds payment to its intended beneficiary.

As such, transfer suspension was placed on these funds because majority of
these international funds remittance/transfer were not properly recorded by
the paying institution for future file reference/assessment by the
International Monetary Fund and the Financial Services Authority.

Presently, your ongoing transaction in which you will gain full assistance
from us to monitor your case and make sure you receive your awarded funds on
compliance will be on full effect in your favor as long as you have complied
with the Order of Court Dialogue in which we are presently trying to obtain
favor on your funds payment case.

In joint alliance with the Financial Services Authority to resolve this
issue, we wish to let you know that we have been approved to assist you in
receiving your awarded funds but only the total sum of Nineteen Million,
Five Hundred Thousand United States Dollars ($19,500,000.00 USD). We have
gone through the security manifest booklet of all international outstanding
transactions and our extensive investigation confirmed that you are the
beneficiary of this fund through the assistance of the International
Criminal Police Organization (ICPO) to investigate and release suspended
withheld funds to its beneficiaries account abroad, we were able to gain an
Approval Authorization Letter from the International Monetary Fund (IMF)
which stated that your funds will be paid to you on proper confirmation of
its claim.

We wish to inform you once again that there is an existing arrangement with
United Nations Federal Credit Union (UNFCU) in New York to process and pay
you the outstanding debt of $19,500,000.00 USD as soon as you provide the
complete requirements needed for them to process your fund payment case.
This was resolved in a meeting held between the International Financial
Auditors in Europe and our American representatives.

Contact:

Name: Ramin Toloui
Assistant Secretary for International Finance
Email: ramintoloui@asifinance.3eeweb.com

Contact him with below details.
– A scanned copy of your ID or driver’s license:
– Your direct mobile telephone number:
– Your present home address for documents delivery:

Your nominated Bank Account information shall be requested for transfer of
your funds after confirmation of your funds claims file by the processing
officer.

By the virtue of the provision of the law which confer on us powers to
advocate, adjudicate, suspend and authorize an immediate transfer of funds
internationally, we hereby state emphatically and without prejudice that
should there be any information that may succeed your application for
unclaimed awarded funds release that are currently deposited in most foreign
banks in Europe, Asia and in Africa, please do not hesitate to provide the
information so that we can help you in receiving your funds.

Also note that failure to properly apply for the funds payment will nullify
your chances of receiving your unclaimed funds and funds will be diverted
into the government treasury.

Regards,
Steven Mnuchin
Acting Secretary, U.S. Department of the Treasury.

Another case of random capitalization

All,

Please do not open the link in the email below should you receive it. The link goes to “damagedcampers” and is a malicious PDF.

I am sure you already caught that since the format of the message is not common syntax: that of every word being capitalized. I don’t even think most of us do that in the Subject field of emails anymore.

Random capitalization. I blame A.A. Milne and Winnie the Pooh.

For instance, why is “Doing Nothing” capitalized in the following quote from Winnie the Pooh?
“Don’t underestimate the value of Doing Nothing, of just going along, listening to all the things you can’t hear, and not bothering.”
I’m perfectly in accord with the sentiment but not with the random capitalization.

Here’s another Pooh-ism:
“My spelling is Wobbly. It’s good spelling but it Wobbles, and the letters get in the wrong places.”
Again, I could be saying this but I’d say it without all the random capitalization.

Anyway: here’s the message you may (or may not) see:

From: Pomona College [mailto:info@pomona.edu]
Sent: Thursday, January 26, 2017 3:08 PM
To:
Subject: New Payroll

Hello

1 New Notification Regarding Your 2017 Payroll

Best Regards,

Pomona College

It’s not a link to a Google Doc and the Vermont State Government doesn’t know you

Well, that could be an overstatement. The Vermont government may know you well. Perhaps from your days at Woodstock? Well, for the sake of this post, let’s just go with the principle that Angel Corrow from @vermont.gov is not someone you know nor is she or he likely to be sending you links to an “Important document” [sic].

Secondly and most importantly, that link “View Document” is a link to a website that is named “darksquarefx”. That seems nefarious to me.


From: Corrow, Angel [mailto:Angel.Corrow@vermont.gov]
Sent: Monday, February 27, 2017 1:56 PM
Subject: Shared A Folder With You
Angel Corrow (angel.corrow@vermont.gov) sent you an Important document via Google’ doc.

View document

Enjoy!
– The Google doc’ Team

© 2017 Google doc

Cloudflare Bug: Should I be concerned?

A lot of people may not be aware of Cloudflare and what it is. However the fact that a “serious” Cloudflare bug was recently exposed certainly may inspire some desire to BECOME aware of what it is and if you might be affected.

According to their site: “Cloudflare protects and accelerates any website online. Once your website is a part of the Cloudflare community, its web traffic is routed through our intelligent global network. We automatically optimize the delivery of your web pages so your visitors get the fastest page load times and best performance. We also block threats and limit abusive bots and crawlers from wasting your bandwidth and server resources. The result: Cloudflare-powered websites see a significant improvement in performance and a decrease in spam and other attacks.” Cloudflare has more than 5.5 million websites as members. Cloudflare’s massive customer base includes categories like dating websites and password managers. Random sampling discovers some of their customers include Bitdefenders.com, Seriouseats.com and Ziprecruiter.com just to name a few.

That sounds pretty cool. So what’s all this about the bug (because, so NOT cool)?
data leak
According to Ars Technica, Cloudflare warned its customers that a now-fixed software bug may have exposed or did expose a range of data that may have included passwords, cookies and tokens often used to authenticate users. It appears to be a data leakage that may have been active as far back as September 22nd. That’s 5 months to you and me, but decades in Information Technology and Security years.

According to sources, Cloudflare plugged the leak within hours of its identification by a Google engineer but some of the leaked data may exist still out in various caches and repositories. The recommendation, as with other similar incidents, is to change your password if a site you use is a customer of Cloudflare.

While a comprehensive list of Cloudflare customers is not yet discovered, you can go to the Cloudflare site and visit their case studies to see if any are sites that you use. If so, change your password.

This just never gets old . . . . not.

I’m not sure how far flung this particular moldy-oldy has gone but it never hurts to remind you to check the From: addresses on your emails and also, to use your mouse to hover over links in emails before you click on them. But the best thing to do is to check with the ITS service desk if you want some validation. In this case, Ms. Rubin is with the Los Angeles Department of Water and Power. So I’m thinking, though I’m sure she’s a nice person, she really doesn’t care at all about your Outlook Web Access, a.k.a. Webmail.

Additionally the link in this email (Outlook Web Access) went to some “stevencarlmega1” at a webhost.

From: “Rubin, Katherine”
Date: February 13, 2017 at 12:54:44 AM PST
To: “Rubin, Katherine”
Subject: RE: Outlook Web Access

From: Rubin, Katherine
Sent: Monday, February 13, 2017 8:38 AM
Subject: Outlook Web Access

Dear E-mail User

Please Log on to Outlook Web Access to update your outlook account to the new secured version 2017.

Thank You.