Phishing Scams Seen at UD

UD email continues to receive a steady stream of phishing email, most of it in the form of email that pretends to be from a reputable company, including stolen logo images, with links that do not take you to the company’s Web site.

For example, in this “eFaxCorporate” scam that has been going around the Internet for several months, a UD email list receives a message that you have received a fax and you should click this link to retrieve said fax. As the screenshot below indicates, if you hover your mouse over the link, you’ll see that the link takes you someplace you don’t want to go–a pharming site to harvest your information!

If you hover your mouse over the alleged efaxcorporate link, you’ll see that if you were to click it, you’d go to a pharming site in Brazil. (Click the small image to see a full size screenshot.)

More information about the eFaxCorporate scam:

• Spear Phishing Attack Relies on eFax Messages (E. Kovacs, softpedia.com, 8/17/12)
• eFax Email Phishing Scam (fedsolutions.com, 8/28/12)

UD will never send out email like the message below. Besides, look where the log in link goes!

Just delete it.

UD Header bar does NOT make this a legitmate message.

We recently tried to assist a client who was caught by a world-wide scam. This is the first we’ve heard of this scam hitting in Delaware. It includes the telephone version of spear-phishing.

Bottom line: do NOT trust any unsolicited calls about your computer being infected with a virus. University of Delaware folks, check with your departmental tech support or with the IT Support Center (http://www.udel.edu/it/help/request/, consult@udel.edu, or 302-831-6000) if you have questions about computer viruses.

Here’s what happened. (Names redacted so as not to even hint at who the victim is, particularly when you see how gullible he has been.)

Two weekends ago, one of our clients received a phone call from someone who identified himself as an employee at a special Microsoft approved partner in New Delhi, India. The caller told our client that his computer had polymorphic viruses and that the only way he could get rid of them was to pay them $250 to log in remotely from New Delhi and clean the computer. Our client fell for the pitch, paid the money, and gave the caller access to his computer.

When our client told us about this event after the fact, we told him that this didn’t sound kosher at all. We went to McAfee’s site and downloaded several of their free antivirus utilities, burnt them to CD, gave him the CD, and told him the sequence to run the utilities. We also told him to install McAfee or Norton antivirus immediately after having run the McAfee utilities.

Our client did not disconnect his computer from the network before he started running the McAfee utilities. As soon as he started running the McAfee Stinger utility, he got another call from New Delhi, India. Clearly, the scam involved installing spyware that alerted the scammers to the attempt to really clean the computer.

This time, the caller claimed that his company was not only a Microsoft Partner, but also a McAfee and Norton Partner. The caller assured him that the only way to truly and finally get the polymorphic viruses off his computers was to pay $250 per computer, plus $75 to have them install Norton Antivirus remotely. He paid them $575. He saw them take over his computers, installing and running things remotely off of his Verizon FiOS connection. He said they spent over three hours to remove over 22,000 things from two of his computers.

Clearly our client was overly gullible and should now contact his credit card company and the police to report the fraud.

This kind of scam has been reported elsewhere. Three examples:

• “Call from Microsoft a scam, police say”
  http://www.salina.com/news/story/scam-2-15-12
• “Schemes & Rip Offs: ‘Tech Support Scam’” http://www.valleynewslive.com/story/17056645/schemes-rip-offs-viewer-mail-tech-support-scam
• “Fylde computer ‘fix’ con”
  http://www.blackpoolgazette.co.uk/news/fylde-computer-fix-con-1-4314652

What is particularly troubling is that, as the Blackpool Gazette story indicates, these scammers often target certain geographical areas (area codes). If this is the first example of this scam we’ve heard of in Delaware, will others in Delaware receive similar calls?

A lot of the phishing scams we list here are examples of spear phishing, phishing scams tailored to some piece of information about you or your involvement with the University of Delaware. For example, the Fake PNC Email Message seen on campus in September was worrisome because its senders targeted UD addresses, knowing that many UD students and employees have PNC accounts and that UD has a business relationship with PNC.

Spear phishing is another example of hackers applying social engineering (manipulation!) to their schemes. Social engineering is geekspeak for manipulating/schmoozing/sweet-talking information out of someone as part of an attack or fraudulent scheme. In spear phishing, the miscreants construct their messages in such a way as to manipulate you into thinking the message is coming from your bank, shipping company, university, or other trusted entity. They hope you’ll be lulled into supplying personal information that they can use to further their schemes.

Two recent articles may help you see how social engineering and spear phishing can be dangerous:

• Loose lips still sink corporate ships (Computerworld, 11/3/11)
• Spear phishing more effective when it uses social engineering (InfoSecurity Magazine, 11/9/11).

If you want to report a possible phishing or spear phishing attack, review our advice about reporting a phishing scam.