Phishing Campaign -- $1,499 iCloud Orders

Today multiple gmail.com accounts sent emails to a fraction of our organization. The emails claim that the recipient would be charged $1,499 for their 12TB iCloud storage plan.

This is a good opportunity to announce that October is Cyber Security Awareness month. Best to keep in mind that any email may be a scam and we all are one degree away from criminals.

The most common IT crime still is Business Email Compromise (BEC) even though ransomware is increasing rapidly. It is best to be mindful of how to parse an email address and to do your best to understand who is emailing you.

Email addresses are formed by concatenating a username with the '@' sign and with a domain (e.g., bob@example.com). Sometimes people are confused by the common phishing addresses that use a domain inside the username (e.g., bob.manhattan.edu@example.com). Understand that such email addresses are available to anyone including to criminals.

If you receive a phishing email, you can report it to Gmail if you're using the web interface (not the Gmail mobile app, unfortunately). Google will alert ITS!

Gmail's 'Report phishing' feature is under a vertical ellipsis in the upper-right of an email.

You can also forward the email to its@manhattan.edu. If you are unsure if an email is a phishing email, please forward it to its@manhattan.edu. We can help to determine what is what and if necessary report the email as a phishing attempt to Google.

Holiday Break Phishing Scam Protection

Phishing attacks are on the rise and we are taking steps to prevent these attacks from affecting Manhattan College. ITS would like to request your assistance by asking for your hyper vigilance in regards to potential phishing scams by doing the following: 

1. Never respond to any suspicious or unfamiliar emails. 

2. Report any of these suspicious emails to ITS by forwarding the message to its@manhattan.edu for validation.

3. If you think your account has been compromised contact ITS immediately at 718-862-7973 or emailing its@manhattan.edu

For more information about Phishing scams and how to protect yourself this holiday season please check out the links below:

Holiday Scams and Malware Campaigns
Phishing Infographics
Half of all Phishing Sites Now Have the Padlock

As we approach the Christmas Holiday break, ITS would like to remind campus users that we will NOT be performing updates and will NOT ASK for information from you.   

• ITS will NOT ASK for you to update your password or other personal information.
  
  
• ITS will NOT DISABLE your account over the break if you do not respond to an email.
  
  

Phishing with Viruses

2020 seems to have come in strong by hurdling the Coronavirus (COVID-1) at us pretty quickly!  Now that we have more information, we can take preventative steps to keep from getting sick. However, cyber criminals are now using the Coronavirus to try and steal your sensitive information and it's just as important to take preventative measures to keep your cyber presence safe as well. 

It has been reported by the World Health Organization (WHO) that they are aware of suspicious emails going out requesting personal information from people under the guise of helping to spread awareness about the Coronavirus. These emails have been identified as “Phishing” scams. Phishing is the practice of cyber criminals sending emails claiming to be from a trusted source with the intent of gaining access to your personal information such as your: usernames and passwords, credit card numbers, birthdate, or social security number.

Luckily, there are ways to prevent this from happening to you! The World Health Organization would like to remind everyone of the following: 

1. Make sure to verify the sender by checking their email address. If it is coming from the World Health Organization (WHO) the email address should read “person@who.int”. No other email addresses are used by the WHO.  
2. Make sure the link is correct before clicking on it. The link should only begin with ‘https://www.who.int.’If you are still unsure, do not click the link you received- open up your browser and navigate the WHO website to check if it is valid. 
3. Be cautious when providing sensitive info. Use extra caution when giving your username and password, and credit card info out. Most of the information on the WHO website is public info and will not require a username and password. 
4. Don't feel pressured to make any quick decisions. Cyber criminals rely on your panic instincts and will use this to try and get you to give them your personal information. Take a moment to think of whether or not it is appropriate that you are receiving this request. 
5. If you did give sensitive information out, don't panic. Change the credentials that you gave out, as soon as you can. 
6. If you suspect something is a scam report. Trust your gut. If you think something is wrong, report it! This will help to spread awareness about the scam and help organizations to block potential scammers. To report a scam to the WHO please follow the instructions here. 

While these are somewhat specific to the WHO, the preventative steps are still just as relevant to keep in mind for any other phishing scams. Make sure that you are monitoring all your accounts and report any suspicious activity or emails.

 For questions about what to do if you’ve opened a phishing scam email please check out this knowledge base article and alert ITS by emailing its@manhattan.edu or calling (718) 862-7973. 

Phishing Scam Currently Circulating

ITS is investigating a phishing scam that is currently circulating.  If you receive the message, please mark it as SPAM and do not click any links.  If you did click on any links in the message, please notify its@manhattan.edu immediately and follow these instructions to clean your account.

Below are the contents of the message:
Date: Tue, Dec 3, 2019 at 9:47 AM
Subject: We Disable your JasperNET
To:


If уоu оwn the аccоunt, уоu cаn гequeѕt аcceѕѕ tо it аgаin. уоuг аccоunt
will be гeаctivаted if уоu ѕign in belоw within 2 dауѕ

https://webauth.manhattan.edu/U?9495 <http://926.charbonneaucommunity.com/>
Yоu'll lоѕe аcceѕѕ tо аll оf уоuг dаtа аnd cоntent like уоuг emаilѕ аnd
emаil fоldeгѕ if уоu dо nоt гeаctivаte.

Cyber World Reality Facts

1. Microsoft Security Intelligence Report and Consumer Reports
2. AARP, “Caught in the Scammer’s Net: Risk Factors That May Lead to Becoming an Internet Fraud Victim,” 2014
3. Norton Cyber Security Insights Report Q1, 2017
4. Ponemon Institute, “2015 Cost of Cyber Crime Study: Global,” 2015
5. Facebook
6. Federal Trade Commission, “The Top Frauds of 2017”
7. staysafeonline.org

For more information on this topic review The Facts Get Clued into the Cyber World Reality.

Be Secure Online! Refer to Manhattan College's Cyber Safety site for additional resources.

Refer to Manhattan College's Email Signature Knowledge Base 

Article for instructions on how to create your own email signature. 

Using a Manhattan College email signature is important because it is the perfect opportunity to brand every message you send. By creating a cohesive email signature for each employee on your team, you create brand recognition in every person to whom your employees sends emails. 

Reach out to IT Services with any questions:

• Email: its@manhattan.edu
• Call: 718-862-7973

Partially reposted from Official website of the Department of Homeland Security

From the spam folder

This spam message knew it would be labeled as spam!

Gmail does more than just deliver email for the college. It also tries to protect us from malicious emails.

First, Gmail automatically delivered this to my spam folder not my inbox. Next, Gmail displayed a large red banner that states the message may be dangerous and attempting to steal personal information. A yellow warning banner is also displayed because Gmail prevents users from absentmindedly downloading attachments of such messages without first clicking the "Not spam" button above the message.

Amusingly, the body of this phishing email only states, "[p]lease move this to inbox and open the pdf file." This phishing email knew it would be labeled as spam. The sender does not know how to evade Gmail's spam & phishing detection, and is hoping people will ignore Gmail's advice.

Caught Phishing Email

Earlier this year ITS caught an email, which attempted to steal someone's paycheck.

Tue, 19 Mar 2019 19:44:48 +0000
From: "Brennan O'Donnell," <ceosoffice@lycos.com>
To: ██████.█████████@manhattan.edu

Hi ██████ ,

Are you in the office?

I changed my bank and I'll like to change my paycheck dd details,
can the change be effective for the current pay date?.

Best Regards,
Brennan O'Donnell

Thankfully this was not delivered to anyone's inbox with the help of some tools Google offers.

But what if the email was delivered successfully? The phishers are hoping that no out of band communication will happen such as phoning the employee they are posing as. Also the phishers are hoping that manual and form-driven processes are bypassed to quickly get work done.

Do not be surprised if phishers start posing as family members asking for help. Phishers can surf the web and track your social media accounts to build a comprehensive graph of people you likely know. Talk to your loved ones about this type of scam. Be safe.

Whaling, SMiShing, and Vishing…Oh My!

Cybercriminals use types of social engineering—manipulating people into doing what they want—as the most common way to steal information and money. Social engineering is at the heart of all types of phishing attacks—those conducted via email, SMS, and phone calls. Technology makes these sorts of attacks easy and very low risk for the attacker. Make sure you're on the lookout for these variants on the traditional, mass emailed phishing attack.

• Spear phishing: This kind of attack involves often very well-crafted messages that come from what looks like a trusted VIP source, often in a hurry, targeting those who can conduct financial transactions on behalf of your organization (sometimes called "whaling").
• SMiShing: Literally, phishing attacks via SMS, these scams attempt to trick users into supplying content or clicking on links in SMS messages on their mobile devices. Flaws in how caller ID and phone number verification work make this an increasingly popular attack that is hard to stop.
• Vishing: Voice phishing, these are calls from attackers claiming to be government agencies such as the IRS, software vendors like Microsoft, or services offering to help with benefits or credit card rates. Attackers will often appear to be calling from a local number close to yours. As with SMiShing, flaws in how caller ID and phone number verification work make this a dangerous attack vector.

No matter the medium, follow these techniques to help prevent getting tricked by these social engineering attacks:

• Don't react to scare tactics: All of these attacks depend on scaring the recipient, such as with a lawsuit, that their computer is full of viruses, or that they might miss out on a chance at a great interest rate. Don't fall for it!
• Verify contacts independently: Financial transactions should always follow a defined set of procedures, which includes a way to verify legitimacy outside email or an inbound phone call. Legitimate companies and service providers will give you a real business address and a way for you to contact them back, which you can independently verify on a company website, support line, etc. Don't trust people who contact you out of the blue claiming to represent your company.
• Know the signs: Does the message/phone call start with a vague information, a generic company name like "card services," an urgent request, and/or an offer that seems impossibly good? Hang up or click that delete button!

For further information on how a phishing attack affected this undergraduate students view this video:

Information Security Awareness Training Video: "Phishing: E-Safe"


View this video for strategies on how to address illegal robocalls:

FCC Chairman provides some tips to help consumers confront illegal robocalls and maliciously spoofed calls.

Partially reposted from: Educause Campus Security Awareness Campaign 2019: April 2019: Whaling, SMiShing, and Vishing…Oh My!

Gift Card Scam

A common phishing scam is to target associates or subordinates.  The initial message is a short question, intending for a quick reply.

Are you on campus?

Eventually each respondent is requested to purchase an online gift card.

Earlier this year, a higher education point of view news report of this was published. It reports on multiple accounts of superiors being impersonated.  It is humorous while also showcasing the premise of this scam, which is that those in power could abuse their power and that subordinates are pressured to gain favor.

There is another Phishing Scam circulating with the title "Are you a Photographer?"

There is another Phishing Scam circulating with the title "Are you a Photographer?"

Please delete this email.  If you did click into it, please follow these instructions to clean your account.

Phishing Attack "Ushering Job This Weekend"

There is another Phishing Scam Circulating with the title "Ushering Job This Weekend".
Please delete this email.  If you did click into it, please follow these instructions to clean your account.

Phishing Scam Circulating Indicates from Provost

There is a phishing scam circulating indicating that it is coming from the Provost.  The email address from which this is originating is not the Provost's email.  Please do not click on the PDF attachment.

Update Phishing

ITS is working to re-enable accounts.  If you clicked on the link, please follow the steps in this article.

Phishing Attack - Google Docs

** ATTENTION ** Phishing Attack  

ITS is aware of a series of phishing email messages indicating that a user has shared a file with you in Google Docs.  A sample of the malicious message is below:

When the "Open in Docs" link is clicked, a malicious application will request access to your Contacts and Gmail.  

DO NOT ALLOW ACCESS

A sample of the access request is listed below:

If you have clicked the "Allow" button, please contact ITS ASAP by calling x7973.

Google is aware of this issue and is working to mitigate the problem.  As you can see on social media, this is an issue that is widely affecting numerous Google users nationally.

https://twitter.com/search?q=google+docs+virus&ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Esearch

Phishing Attack Happening Now

There is a sophisticated Phishing Scam that is currently circulating on campus.  The message text looks like:

First name Last name has invited you to view the following document:

Open in Docs

Do NOT click on this link.  It is a Phishing Scam.

ITS is working diligently to take back control of the compromised accounts.

Black Friday, Cyber Monday Phishing Scams

Cyber-criminals are stepping up their cyber-scams and phishing campaigns against shoppers looking for the best deals this holiday shopping season, Zscaler researchers said. Check out some of the common spam and phishing attacks targeting Black Friday, Cyber Monday, and Thanksgiving.

Researchers have already observed a "sharp increase" in phishing and spam activities against online shoppers, and the number is expected to increase over the next few weeks, Rubin Azad, a security researcher at Zscaler, wrote on the Threat Labz blog. "The motive behind these attempts is to steal sensitive user information which includes personal credentials and financial data," Azad said. The data comes directly from Zscaler Security Cloud, with Web traffic activity for over 12 million users at 5,000 global customers.

Walmart 
Examples of phishing attacks include this fake page pretending to be from Walmart:

Amazon
This phishing page has been designed to look like a legitimate Amazon.com page and attempts to trick users into entering their credit card information:

There are also a number of fake websites offering special Black Friday and Cyber Monday deals. The URLs aren't from legitimate retailers but from unrelated domains such as "busycatholicmoms" and "postyourads." You can see a detailed list on the blog post.

Spam Lines
Zscaler also listed some of the common spam subject lines it has seen targeting online shoppers:

• Make the Most of Black Friday, with A New smart-phone
• Brand name laptops on sale for BlackFriday
• [Black Friday Starts EARLY]Saveup to 90% +FREE BonusItems!
• Walmart One Day Specials BlackFriday
• Thanksgiving Specials and BlackFriday Discounts!
• New Early BlackFriday Door busters are Added EveryDay
• Shop Black Friday to find discounts on electronics
• Search major Savings on laptops...On black-friday
• Limited Time Black Friday Deal
• 10% off Site-Wide. Get Your Black Friday Shopping Started Today!

All online shoppers should be on the lookout for these and related scams, Azad said. Users should scrutinize the source of emails touting shopping deals to make sure they are coming from legitimate senders. They should also check links before clicking on it to make sure the site is valid. E-mailed invoices are convenient, but cyber-criminals also like using them in social engineering attempts. Users should never be entering sensitive information such as payment information or login credentials on pages which aren't protected with HTTPS connections. And it goes without saying you shouldn't be shopping while on an insecure wireless network.

"We caution consumers to be extra vigilant this holiday season when shopping online," Azad wrote.

http://securitywatch.pcmag.com/spam/329927-tasty-spam-black-friday-cyber-monday-phishing-scams