We have seen what are called “whaling attacks” coming through. These are somewhat akin to spearphishing but they are particularly active when a position high in an organization’s hierarchy is newly filled. In this case, it is the position of the Pomona College President.
An excerpt that explains in more detail from https://searchsecurity.techtarget.com/definition/whaling:
“A whaling attack, also known as whaling phishing or a whaling phishing attack, is a specific type of phishing attack that targets high-profile employees, such as the CEO or CFO, in order to steal sensitive information from a company, as those that hold higher positions within the company typically have complete access to sensitive data. In many whaling phishing attacks, the attacker’s goal is to manipulate the victim into authorizing high-value wire transfers to the attacker.
The term whaling stems from the size of the attacks, and the whales are thought to be picked based on their authority within the company.
Due to their highly targeted nature, whaling attacks are often more difficult to detect than standard phishing attacks. In the enterprise, security administrators can help reduce the effectiveness of whaling attacks by encouraging the corporate management staff to undergo information security awareness training.
How whaling attacks work
The goal of a whaling attack is to trick an individual into disclosing personal or corporate information through social engineering, email spoofing and content spoofing efforts. For example, the attackers may send the victim an email that appears to be from a trusted source; some whaling campaigns include a customized malicious website that has been created especially for the attack.”
The specific example we saw today is this:
From: G. Gabrielle Starr
Sent: Thursday, September 13, 2018 12:57 PM
Are you in the Office?
Sent from a Mobile Device
Note that is supposed to come from President Starr but that the sending email address is not hers. Note that it is brief and engineered to engage you into responding quickly, because who wouldn’t do so if President Starr needed you?
So. Before you respond to emails like this, be very careful of it. Let ITS help you out if you are unsure.
Many of you may have received something like the following in your email:
It’s certainly impressive but it is not real. Please delete it.
There has been a rash of Personal Assistant scams, some of which are hitting our campus. Here’s a rough draft of how these things work. This basically begins with a job search but it could simply come in the form of an email. Indeed.com, a job website, is replete with examples of many people who have been hit. People post fake jobs on jobsites with the general idea of hooking someone.
- You receive a job offer from a stranger for some outrageously great amount of money. It is that of a Personal Assistant. (If you were applying for a job, you may receive an email saying that the job you applied for is filled but So-and-So is looking for a Personal Assistant.)
- During the course of your communication, there will be a heavy emphasis placed on you staying on top of emails or texts.
- You will be sent checks for tasks you perform for this person. The tasks vary but you might be asked to buy Apple gift cards and send the person the PINs of them to him/her.
- The checks you deposit are all from empty bank accounts so your bank will likely lock you out of your account.
What does the scammer get? In some cases, such as that described above, they get Apple gift cards, sometimes of significant value. In some cases, you are helping them launder their money and in extreme cases, you may be helping them send illegal goods.
Before taking a job or applying for a job, thoroughly research an employer. If the job doesn’t include a specific name of an employer, forget about it. Google search the supposed employer to see if they are legitimate.
If you are hired sight unseen or with the most minimal interview questions, forget about it.
Note, the from is your email address “@quarantine.com”. The links go to something called “gastatoo.com”
Please just delete these.
In addition to those scams and phishing things I’ve been notifying you by flooding your email inboxes, here’s another one:
Well, this has scam written all over it, doesn’t it? First of all, that font color. Who chooses “mustard” from the crayola box and thinks it’s a good idea?
Plus, here’s great news: you are already all migrated to Office 365. YAY!
Please, confiscate my keyboard if I ever use the word “staffs” in a sentence that is not talking about multiple shepherds.
Random non-sentence: “On behalf of IT Support.” I’m on the edge of my chair about what the end of that would be. “On behalf of IT Support, here’s a peach.” “On behalf of IT Support, use sunblock.”
“Very compulsory.” As opposed to “Quasi-compulsory?” “Reasonably compulsory?’
This was a fun one.
But, better to be safe than sorry, am I right?
So, here’s the culprit:
By now, most of you spam-sleuths have sussed out the symptoms of serious silliness.
Some of you have reported receiving an email supposedly from the ITS Support Desk warning you that you are reaching the limit of your email quota. Let’s dissect this one:
1. It is from someone who is not familiar to you.
2. Though the subject is using a familiar organizational name to you, it’s not quite right. The whole “RE:” part is out of place because “RE” assumes this is a reply to something. Just for the record, we do officially refer to our “help desk” as the ITS Service Desk as, not only do we help people, but we provide services as well. “Service” versus “Help” is a little more than cosmetic. But you be you.
3. Dire warning. We don’t typically use words such as warning in such a way. We gently suggest you avoid something or do something but we never scream “WARNING” at you.
4. “Your mailbox is currently in your 18.9GB and will be deactivated on 19.4GB.” What now? Tell you what, if you receive a message like that, your response in your head should just be “Fine. Go ahead and deactivate me. Make my day.”
5. NEVER CLICK TO INCREASE ANYTHING!!!!!
Have a great day.
From: Shala Atdhear (HES)
Sent: Wednesday, June 13, 2018 2:34 PM
Subject: RE: ITS SUPPORT HELP-DESK
18.9 GB 20 GB
Do not delete any emails in your mailbox.
Your mailbox is currently in your 18.9GB and will be deactivated on 19.4GB.
To re-validate your mailbox Click here to increase your mailbox size.
System Administrator Center
You may have received something like the following in your email:
Date: June 7, 2018 at 7:14:59 AM PDT
Subject: SPECIAL INVITE TO AN ALL-EXPENSE PAID CONFERENCE IN CALIFORNIA
You have been invited to an all-expense paid Conference holding in California. This is for all Educators and Students, View the enclosed attached document to accept invite.
You may believe me when I say it is pure phishing. Please delete it.
Did you know?
You can forward messages to Microsoft as an attachment to help the junk/phishing detection learning of End Point Protection.
Use email to submit junk (spam) or phishing scam messages to Microsoft.
To submit a junk or phishing scam message to Microsoft:
1. Create a new, blank email.
2. Address the email to the Microsoft team that reviews messages as follows:
For junk messages, address your email to firstname.lastname@example.org.
For phishing scam messages, address your email to email@example.com.
3. Copy and paste the junk or phishing scam message into that email (as an attachment).
4. Send the message.