This phishing scam was reported by a couple of readers. It’s not been tailored to UD; however, quickly scanning email and seeing a note from IT Service that your email account needs validating may catch a few people. Particularly if folks open the message and glance at the “Warning” subheading and copyright notice.
Click on the screen shot above to zoom in.
A few clues that this is not legitimate email:
Get this message? Just delete it.
A lot of the phishing scams we list here are examples of spear phishing, phishing scams tailored to some piece of information about you or your involvement with the University of Delaware. For example, the Fake PNC Email Message seen on campus in September was worrisome because its senders targeted UD addresses, knowing that many UD students and employees have PNC accounts and that UD has a business relationship with PNC.
Spear phishing is another example of hackers applying social engineering (manipulation!) to their schemes. Social engineering is geekspeak for manipulating/schmoozing/sweet-talking information out of someone as part of an attack or fraudulent scheme. In spear phishing, the miscreants construct their messages in such a way as to manipulate you into thinking the message is coming from your bank, shipping company, university, or other trusted entity. They hope you’ll be lulled into supplying personal information that they can use to further their schemes.
Two recent articles may help you see how social engineering and spear phishing can be dangerous:
If you want to report a possible phishing or spear phishing attack, review our advice about reporting a phishing scam.
Here’s a fun one that looks like a notification about something at AOL. What’s tricky about this one is that it uses a mixture of a real AOL graphic, real AOL links, a spoofed real-looking AOL email address, and one doozy of a bad link–takes you off to a bogus Viagra sales site. Don’t click the link in this email: note what shows up when you hover your mouse over the main link!
Have an AOL account? Think it might really have a notification? Don’t click the link; go to the AOL site and log in to look for the notification. And this email message? Just delete it.
Like the DHL scam mentioned yesterday, this is technically not phishing, but email with malware attached; the purpose of the malware is to steal your personal information.
Remember, the safest thing to do to check on a package delivery is to go to the vendor’s legitimate Web site and check the status there. With this FedEx scam, most of us at UD will find the infected attachment blocked from our email, as shown below.
From: FedEx Customer Service
Subject: Error in the delivery address No67072540
Date: October 28, 2011 10:02:22 AM EDT
WARNING!!! (from md10.nss.udel.edu)
The following message attachments were flagged by the antivirus scanner:
Attachment [2.2] Post_Document_#0874.zip, virus infected: Mal/EncPk-AAT,Troj/BredoZp-GH.
Action taken: deleted
Your parcel has arrived at the post office on October 14.
Our Driver was unable to deliver the parcel to your address.
Please print out the invoice copy attached and collect the package at our office.
FedEx Global Mail.
VIRUS WARNING Message (from md10.nss.udel.edu)
The virus Mal/EncPk-AAT,Troj/BredoZp-GH was detected in email attachment [2.2]
Post_Document_#0874.zip. The infected attachment has been deleted.
Just delete it.
Technically, this one’s not a “phishing scam,” but spam with malware–but it has the same effect.
Help Net Security reports that spam has resurfaced looking like legitimate email about an international package. From Help Net Security’s description:
They spoofed the sender information, making it look like the email was sent from” “DHL Express International Support “, and the subject line says that it’s a “DHL Express Notification for shipment for 26 Oct 2011,” says MX Lab.
Apart from the usual (legitimate) information about the company, the email contains a request not to reply to the email as it is used by an automated application and an invite to open the attached file for more details about the shipment:
When unzipped, the attached file revels an executable – DHL-Delivery-Notification-Message-102611.exe.
Red flag should go up once you see that the name of the attached “notification” message ends in .exe. Download apps from trusted Web sites–e.g., from the DHL corporate Web site–not from email. Just delete it.
The complete article is online at http://www.net-security.org/malware_news.php?id=1888.