Information Security has received numerous reports about emails with the subject of “Berry College statement” and purporting to have information about your “annual bonus” and “head office correction”.
These are fraudulent and the while the email claims the link open a Word document in fact it will download a PDF file that is most likely infected with malware or will attempt to steal your username and password to “open the document”. Please note the poor punctuation in the greeting and poor grammar in the email body. Also note there is no “Heather Vance” working at the college.
Please report these using the “Report Email as Phishing” button or simply delete them if you are on a mobile device or unsupported browser/client.
If you have been paying attention to the news, you will have seen how the US embassy in Baghdad, Iraq was attacked on December 31st, 2019 and how the US retaliated with a drone strike killing a high ranking Iranian general on the 3rd of January, 2020. While not diving into the good or bad of this, there is every reason to believe Iran will attempt some kind of counterattack, most probably in the cyber realm, rather than the physical.
Iranian cyber-weapons and cyber-warfare troops are advanced and the nation has all the motivation it needs to launch a concerted digital attack. Please be extra vigilant over the next few weeks with unexpected emails, voice mails, or phone calls. Be suspicious. If you have any doubt at all to the validity of an email, please contact Information Security for assistance. It only takes one email to add Berry to the list of unfortunate institutions that have suffered a devastating cyber-attack.
I would ask department heads, office managers, directors, and other employees in managerial positions to request further training for their staff or faculty if they feel there may be a weak link in the operational unit. There’s no need to point out individuals…simply request training, either online or face-to-face, for the entire unit.
That’s my New Year’s warning and plea!
Photo credit – Photo by Goh Rhy Yan on Unsplash
Information Security has received reports of phishing emails that try to convince the user they can no longer sign in to their email, and consequently cannot send or receive emails. An example is shown below. Note the poor spacing, grammar and capitalization in the first two lines of the body. The sender address may vary from what is shown, but will not be from Microsoft or Office365. The “Update To Stay Active” button uses a valid capability (web address redirection) on a valid website (LinkedIn in this example) to send the user to a fraudulent website (0793.to), which may attempt to install malware or simply steal the user’s username and password. Please report these emails using the “Report Email As Phishing” button in the email client, if using Outlook or the web version of Outlook.
If you have any questions about these emails, please reply to this email, or if you have clicked this link and entered your username and password, immediately change your password, then contact the Technical Support Desk and report the incident.
A new scam going around is an alleged Microsoft Windows update delivered via email. The email instructs the recipient to “Please install the latest critical update from Microsoft attached to this email.” The attachment is actually a malware file that will encrypt all the files on the disk and demand a ransom, AKA ransomware.
Microsoft will NEVER email you an update, much less a “critical” update.
Please report these emails using the “Report Email As Phishing” button or simply delete them if that is not available to you.
If you have any questions about these emails please contact Information Security at x1750 (706-236-1750) or at email@example.com.
If have received one of these emails already and opened the file, please contact the Technical Support Desk at x5838 (706-238-5838) or firstname.lastname@example.org.
The newest ploy by phishers circulating the Internet now is a “keep your current password” scam. The email (full text below) claims that your account expires today!!! and if you “kindly” use the button below, you can continue to use your current password. The reasons given for requiring this verification is to “shut down robot or malicious users”.
If you “kindly” click on the button, you will be asked to log in to your email account, at which point the phishers have your current password and proceed to use your account to send phishing and spam emails or try to access your other accounts where you might have reused that same password.
Here’s the full text (with example.com used as the domain):
Your account email@example.com password expires today 11/11/2019 6:26:44 a.m.
Please kindly use the button below to continue with the same password
Keep same password
NOTE : This is a one time user verification carried out in purpose to provide a more secured platform and shut down robot or malicious users created in purpose of spamming and other fraudulent activities .
Copyright © 2019 example.com security management
Notice the poor grammar and the use of “kindly” in the message, plus the very real fact that if your password is expired, that means it is time to CHANGE it, not reuse it.
If you receive an email like this, please simply report it using the “Report Email As Phishing” button or delete it.
If you have any questions, please email firstname.lastname@example.org or give me a call at x1750 (706-236-1750).
If you have already received an email like this and decided to “keep your password”, please immediately change your password, and email email@example.com to report the incident.
It’s been almost a year since I first posted about “sextortion” emails that attempt to convince you that someone has hacked your computer and recorded you watching pornography. The campus continues to get all kinds of variations on this scam, with changes in subject, wording, tone, threats, and payment amount. Some appear to come from your own account. Some are crudely worded and attempt to shame or frighten you, while others coyly dance around the description of the content of videos, but the one thing they have in common is that they are all fake! I wanted to write an updated post about these emails since we are still receiving them.
For those who haven’t received one of these emails, the scam suggests that the recipient has watched pornographic material online. The scammers sometimes up the validity level by including a password, usually an old one, that the target (you) has used in the past, gathered from online password dumps. They also claim to have installed malware on “the adult site” (which is never named) that grabs all of the user’s contacts and gives them control of the user’s webcam. Most of the emails attempt to convince the recipient that the scammer is not only skilled, but ultimately untouchable and untraceable, and has complete control of the system or account. Ultimately, the scammers threaten to send a video to the user’s contact list showing not only what the user watched on the site, but what they were doing while watching it, unless the user pays them some amount of money (anywhere from $200 to $2000 has been requested) in the form of Bitcoin or other digital currency. Some try to scare the user into not sharing the email with anyone, as they claim that they will release the video immediately if this happens, to discourage them from asking their IT department for help or clarification.
The likelihood of the scam working depends heavily on two things – first, whether or not the recipient has a web cam and two, whether or not the recipient watches pornography online. If the answer is “no” to either qualification, the email is easily dismissed. Unfortunately, with the number of laptops and even desktops that have web cams either built in or attached and the surprising number of people who indulge in viewing pornography online, this crazy-sounding blackmail scheme works, to the tune of millions of dollars. Most of these emails ask for less than $500 in digital currency. Some versions of this scam will include links to a “sample” of the (non-existent) video. Do not follow the links! The downloaded file will infect the computer with malware that will steal credentials and data.
Please continue to report these as phishing emails or simply delete them.
Photo by bruce mars on Unsplash
Some users have received an email from a non-Berry email address that purports to be from President Briggs. The email describes an “ethical conduct program” that all employees must follow, details of which is contained in the attached document. The document only contains an image and a link to a “secure online document”. The attachment doesn’t appear to contain malware, but the link directs you to a potentially malicious site.
Those with vigilant eyes would have noticed multiple issues with the email:
- The sender was a non-Berry account (Ann Taylor – firstname.lastname@example.org), yet is “signed” Dr. Stephen Briggs.
- The email, while attempting to sound “well-voiced” actually had several grammatical errors.
- The email is vague and makes references to “the Policy” and “this code”, but never reveals to what document it is referring.
Please report this email using the “Report Email as Phishing” button. If you have opened the document and followed the link in the file, please contact email@example.com or call the Technical Support Desk at extension 5838 and provide them with your C&T number so they can scan your machine for any issues.
If you have any questions about this fraudulent email, you may contact me at x1750 or email me. I’ll be happy to answer them.