Archive for October, 2011

Like the DHL scam mentioned yesterday, this is technically not phishing, but email with malware attached; the purpose of the malware is to steal your personal information.

Remember, the safest thing to do to check on a package delivery is to go to the vendor’s legitimate Web site and check the status there. With this FedEx scam, most of us at UD will find the infected attachment blocked from our email, as shown below.


From: 	FedEx Customer Service 
Subject: 	Error in the delivery address No67072540
Date: 	October 28, 2011 10:02:22 AM EDT
To: 	______@udel.edu

WARNING!!! (from md10.nss.udel.edu)

The following message attachments were flagged by the antivirus scanner:

Attachment [2.2] Post_Document_#0874.zip, virus infected: Mal/EncPk-AAT,Troj/BredoZp-GH.  
Action taken: deleted

Dear customer,

Your parcel has arrived at the post office on October 14.
Our Driver was unable to deliver the parcel to your address.
Please print out the invoice copy attached and collect the package at our office.

Thank you,
FedEx Global Mail.

VIRUS WARNING Message (from md10.nss.udel.edu)

The virus Mal/EncPk-AAT,Troj/BredoZp-GH was detected in email attachment [2.2] 
Post_Document_#0874.zip.  The infected attachment has been deleted.

Just delete it.

Comments Comments Off

Technically, this one’s not a “phishing scam,” but spam with malware–but it has the same effect.

Help Net Security reports that spam has resurfaced looking like legitimate email about an international package. From Help Net Security’s description:

They spoofed the sender information, making it look like the email was sent from” “DHL Express International Support “, and the subject line says that it’s a “DHL Express Notification for shipment for 26 Oct 2011,” says MX Lab.

Apart from the usual (legitimate) information about the company, the email contains a request not to reply to the email as it is used by an automated application and an invite to open the attached file for more details about the shipment:

When unzipped, the attached file revels an executable – DHL-Delivery-Notification-Message-102611.exe.

Red flag should go up once you see that the name of the attached “notification” message ends in .exe. Download apps from trusted Web sites–e.g., from the DHL corporate Web site–not from email. Just delete it.

The complete article is online at http://www.net-security.org/malware_news.php?id=1888.

Comments Comments Off

Sophos.com reports that there’s a new facebook phishing scam in the wild. We’ve not seen it here at UD–yet.

See Graham Cluley’s article, Beware Facebook lottery email scam, published yesterday. Bottom line, if you get email from “Facebook” that you’ve won a lottery and just need to send some money to an address in London to claim it…. Don’t believe it. Delete it.

Comments Comments Off

Every so often, you hear a local news story about someone having fallen for this kind of scam. Usually someone new to email is convinced that, because the story is so sad, because the alleged sender says she prayed over it, because the text refers to Jesus Christ so respectfully and because her husband’s alleged death was “politically motivated,” it’s OK to send all the requested bank information in reply. The victims are then shocked when their bank accounts are emptied.

No one at UD is going to fall for this phish, right? No legitimate organization will ever ask you to email them information about banking accounts. But if your parents or grandparents or great grandparents just got an email account, tell them to just delete it.


From: Limana Benson
Subject: My beloved.
Date: October 21, 2011 9:21:17 AM EDT
Reply-To: linda225benson1@yahoo.co.jp

My beloved.
Greetings in the name of our lord Jesus Christ. i am Mrs Limana Benson from
Bahrain, a widow to late Jeff Benson i am 51 years old, i am now a new
Christian convert, suffering from long time cancer of the breast, from all
indication my condition is really deteriorating and it is quite obvious that
i won’t live more than 2 months, according to my doctors, this is because
the cancer stage has gotten to a very worst stage.

My late husband and my only child died last five years, his death was
politically motivated. My late husband was a very rich and wealthy business
man who was running his cocoa business in Cote d’Ivoire and after his death;
i inherited all his business and wealth. my doctors has advised me that i
may not live for more than 2 months, so i now decided to divide the part
of this wealth, to contribute to the development of the church in Africa,
America, Asia, and Europe. i collected your email address during my desperate
search on the internet and i prayed over it.

i decided to donate the sum of $3,500,000.00 usd( Theree million five hundred
thousand united states dollars) to the less privileged because i cannot take
this money to the grave. Please i want you to note that this fund is lodged
in a bank in Ivory Coast in West Africa .

Once i hear from you, i will forward to you all the information’s you will
use to get this fund released from the bank and to be transferred to you.
i honestly pray that this money when transferred to you, will be sure
for the said purpose, because i have come to find out that wealth
acquisition without Christ is vanity. may the grace of our lord Jesus the
love of god and the fellowship of god be with you and your family.

Please contact me in this my private e-mail id so that i will give you
all the details

Your beloved sister in Christ.
Mrs Limana Benson

Comments Comments Off

Remember, the University WILL NEVER request information about your email account.
Any messages you receive that say otherwise are phishing for personal information.
ALWAYS delete these messages. One such message was received by UD personnel on Oct. 19, 2011.


From: "UNIVERSITY   WEB  CENTER"
Subject: .Dear .Webmail. Account .Owner!
Date: Wed, 19 Oct 2011 23:10:02 +0100

.Dear .Webmail . Account .Owner, 

This message is  from the University Webmail Messaging Center 
to all email account owners.

We are currently carrying out scheduled maintenance,
upgrade of our web mail service and we are changing our mail host server,
as a result your original password will be reset. 

We are sorry for any inconvenience caused. 

To complete your webmail email account upgrade, you must 
reply to this email immediately and provide the 
information requested below.
***************************************************************
CONFIRM YOUR EMAIL IDENTITY NOW
E-mail Address:
User Name/ID:
Password:
Re-type Password:
****************************************************************
Failure to do this will immediately render your email 
address deactivated from the University Webmail.
****************************************************************
This E-mail is confidential and privileged. 
If you are not the intended Recipient please accept our apologies; 
Please do not Disclose, Copy or Distribute 
Information in this E-mail or take any action in 
Reliance on its contents: to do so is strictly 
prohibited and may be Unlawful. 

Please inform us that this Message has gone astray before deleting it. 

Thank you for your Co-operation. 

Copyright ?2011 University Webmaster. 
All Rights Reserved

Comments 2 Comments »