This morning, some standard phish were swimming into UDel inboxes. Here’s a screen shot of one that amazes me — not a particularly good one, but the scammers find that it still works:
Click the image to see a larger version.
We’ve highlighted some of the tell-tale signs, so that even if you didn’t know your email quota is higher than that mentioned in this scam, you can see what to look for. The non-UDel URL you see when you hover your mouse over the link is a dead giveaway. Ditto getting email about your email from someone at “snead.edu.” And why would UD be sending you email with the word “Warning” marked as a trademark? And marked as copyrighted by Microsoft?
Speaking of reminders, the SANS tip of the day at the website is a succinct summary of what to look for in phishing scams. It also includes links to two quizzes to help you see if you can recognize a phishing scam:
- Washington Post Phishing Quiz
- SonicWALL Phishing IQ Test
Two fun quizzes to improve your “Phishing IQ”!
Bottom line: When you get email with a link in it or asking for personal information or telling your to “click here” to fix a problem with your account, take a minute to examine the message. Think B4 U Click!
We’ve not seen any of these on campus yet, but reports are coming in that a series of phishing scams, complex social engineering attacks, and other scams based on the news about the Target data breach are showing up in email inboxes across the United States. As usual, the scammers are riding the wave of panic as news stories say that up to 110,000,000 of us could be affected.
Reports indicate that these scams use a variety of attack methods:
- “Our records show that you shopped at Target in the last 24 months. As a precaution, . . . visit the official identity theft database and put your information in.” (Click the image to see a copy of this scam as captured by Gar Warner of malcovery.com.)
- “Thank you for your loyalty. As a reward for your loyalty, we are offering you the chance for a $1,000 gift card if you will take a brief survey.” (The survey then asks a lot of questions about you and your finances, and just keeps going and going. Uh, folks, if you see an online survey claiming to give you a $1,000 gift card as a reward, you do recognize that that is probably a scam to get you to surrender personal information to be used in future scams, right?)
- “Add this ‘ShopAtHome’ toolbar to your web browser to earn points and enhance your shopping experience.” (Uh, right. Like I want to install an unverified piece of software on my computer that will probably report my web searches to someone.)
If you want to see a sample of one set of scams that used the fake Target warning to try to trap you into a web of deceitful shopping scams, check out Gar Warner’s January 10 blog post or this summary at Help Net Security.
Bottom line, as always, Think B4 U Click!
We had several reports of this phishing message showing up in UD inboxes this morning. One alert student sent us this screen shot off her cell phone:
Click image to see full-sized version.
Others reported seeing message headers spoofing an email address at UD: “firstname.lastname@example.org” [sic].
If you click the link in the message identified as “www.udel.edu,” it will take you to a pharming site designed to harvest your UDelNet ID and password–they stole the graphics from Google Apps at UD’s login screen. But the URL is NOT a UD URL!
Check the URL before you provide your info! (Click the image to see a full-sized version.)
Even though the graphics are a near perfect match, the scammers’ URL is clearly NOT a valid udel.edu URL: http://www.bistrotbuffet.com.br/plugins/2udel3.edu.htm
Yeah, right. Like we’re doing our tech support from a Bistro-Buffet located in Brazil.
If you did fall for this scam, log in to the UD Network page to change your UDelNet password immediately. If you are unable to change your password, contact the IT Support Center at (302) 831-6000 or by submitting an ITSC Help Request form.
Think B4 U Click!
The morning of July 30, UD announced its response to an IT security breach that put the confidential information of approximately 72,000 current and past employees, including student employees, at risk.
Unfortunately, cyber criminals also took notice of UD’s response and began sending targeted phishing email messages to UD email addresses.
Important points to remember
The wording on this one doesn’t really make sense, if you read it carefully. But I’m sure someone will fall for it.
See this message? Delete it! Don’t click the link! (Click this image to see a larger copy of the image.)
If you follow the link, you are taken to an attractive looking site with a form to fill out to “upgrade your email account.” If you do, and if you submit the form, you will have just surrendered your email account to the phishers. If you fell for it, change your password immediately. If it’s your UDelNet account you just shared with the phishers, then go to the UD Network Page to change your password. If you are unable to do so, contact the IT Support Center immediately (Help Request Form, 302-831-6000).