Instagram Phishing Lures You In With Fake Copyright Violation

A new Instagram phishing campaign is threatening users with account suspension because of a “copyright infringement”. A poorly worded email informs you that content in your account “will violate our copyright laws”. Users are asked to fill out a fake “Copyright Objection Form” within 24 hours. The form requires they enter their Instagram username and password, which are then captured and sent to the attackers. Don’t fall for this trick! Without following any links in the message, go to your account settings in Instagram and check there for a notice. More details on this phishing attack, including pictures of the messages, and what to do if you have already fallen for the ruse, are available at Bleeping Computer, at this address: https://www.bleepingcomputer.com/news/security/instagram-phishing-attack-baits-with-copyright-infringement-note/

Be careful out there on social media!

Fake blackmail email suggests you watched pornography – UPDATED!

A relatively new email scam is to send emails suggesting that the recipient has watched pornographic material online. The scammers sometimes up the validity level by including a password, usually an old one, that the potential victim has used in the past, gathered from online password dumps. They also claim to have installed malware on “the site” (which is never named) that grabs all of the user’s contacts and turns on the user’s webcam. Ultimately, the scammers threaten to send a video to the user’s contact list showing not only what the user watched on the site, but what they were doing while watching it, unless the user pays them an amount of money in the form of Bitcoin or other digital currency.

The likelihood of the scam working depends heavily on two things – first, whether or not the recipient has a web cam and two, whether or not the recipient watches pornography online. If the answer is “no” to either qualification, the email is easily dismissed. Unfortunately, with the number of laptops and even desktops that have web cams either built in or attached and the surprising number of people who indulge in viewing pornography online, this crazy-sounding blackmail scheme works, to the tune of over half a million dollars. Most of these emails ask for less than $500 in digital currency.

UPDATE: New versions of this scam will include links to a “sample” of the (non-existent) video. Do not follow the links! The file will infect the computer with malware that will steal credentials and data.

Urgent/emergency requests to purchase iTunes gift cards are fraudulent.

A number of attempts to convince faculty and staff to purchase iTunes gift cards have been circulating. These emails have some or all of the following attributes.

  • They purport to be from deans, department heads, and even the college president.
  • The email address is some form of the user’s actual email name at a domain other than “berry.edu”, Examples include “@my.com”,
  • They will ask for varying amounts, ranging from $200 to $400, of iTunes gift cards (but potentially other gift cards) be purchased and images of the redemption codes be sent.
  • The sender will always be “stuck in a meeting”, “unable to use their phone”, or other reasons why they need you to go do this “important” and “urgent” favor for them.
  • The emails generally have poor grammar, misspellings, odd word choices and other clues that they are not legitimate.
  • The opening email of the scam will generally be a simple question – “Are you available (no question mark)” and may have a subject indicating that this is a reply to a previous email or it is continuing a previous conversation – for example “Follow up”.

Please report these emails using the “Report Email as Phishing” button.

Fake invitations to join the editorial board of a non-existent publication

Attention faculty! A new phishing email is making the rounds that mentions the title of an actual article or paper you have written. After complimenting you, the email invites you to join the editorial board of a non-existent publication. It is unclear what the phishers will ask for if you reply to the email, but it is most likely payment to participate on the board.

There are some minor grammatical and spelling errors in the email, as well as uncommon use of greetings, syntax and words.

Please report these emails using the “Report Email as Phishing” button.

If you have received and replied to this email, please contact computing@berry.edu.

Job “opportunities” from Kimble Group

Emails purporting to inform the recipient of available jobs related to their field or interests from a company called “Kimble Group” appear to be suspect. The emails are generally poorly worded, include incorrect grammar, incorrect personal information (wrong names), and may be completely unrelated to job interests or fields.

While the exact purpose of the emails is unknown, it is possible that this company is either illegally or unethically promoting open positions, or it could just be an attempt to steal user credentials or install malware on the computer of any user that clicks on the link.

Please report these emails using the “Report Email as Phishing” button.

Fake “undelivered email” notification

A common phishing email that is seen here at Berry and elsewhere is a notification that the recipient has a random number of undelivered emails, usually since a certain date. Sometimes the emails are described as unique in some way, for example “clustered”. Clicking on the link will take the user to a fake Office365 login page where, if they enter their username and password, it is captured. Sometimes the fake site will redirect the user to their real login page, as if they had entered the wrong credentials.

Don’t fall for these emails, there is no self-service function to release “undelivered” emails.

Please report all emails like this using the “Report Email As Phishing” button

Fake email from the college president

A phishing email that appeared to come from President Briggs was widely circulated earlier this week. OIT responded to the issue as quickly as possible, but if you opened this email and clicked on the attachment, please contact the Technical Support Desk at computing@berry.edu or at extension 5838 (706-238-5838)