O365 users were recently targeted by a 0-day Ransomware type attack. It goes to show that even the big players can’t stop everything from coming in their front door. It is likely some U of L users received the email they reference in the article below.
It reminds all of us that we need to implement robust data backup strategies for our information, as we never know when it will be our turn to make the fatal mistake of clicking on that malicious attachment.
Recently, the University, and other organizations nationwide have been experiencing an increase in the number of malicious emails being sent to their users. These attacks are being used to ransom systems and data, steal intellectual property, and threaten the individual privacy of users online. The attacks can take on many different forms including unsolicited resumes, fake shipping notifications, as well as claiming to be from organizations such as Revenue Canada in an effort to steal to income tax information.
Yesterday, a public notification from Ebay informed its users that there had been a significant data breach at the organization and information had been removed from their databases by attackers. The attackers didn't exploit any database vulnerabilities or access a backdoor in Ebay's web portal, but simply tricked some employees into giving away their usernames and passwords.
Fortunately, no financial data was lost, but as a precaution Ebay has asked all users to reset their passwords.
This morning, our finance department was targeted by a specific social engineering attack. An individual claiming to be Mike Mahon, sent the following email:
This morning approximately 1250 University email addresses were targeted with a convincing phishing message that directed users to put the username and password into a website that did not belong to the University. The phishing email was well written with University branding, but there were some red flags that should have alerted users:
1. The from address is binghamton.edu
2. The email is asking users to confirm their accounts. IT Services will never ask you to do this.
The phishing email looked like this...
Every year, we see attempts from cyber criminals to steal your personal information through sending false correspondence in the name of the Canadian Revenue Agency (CRA). A sample scam was recently sent to me from a University client and we wanted to make sure you weren’t fooled by what appears to be a legitimate communication.
The email contents looks like this:
We are seeing an aggressive campaign of phishing scams being sent to University email addresses over the past few days (Mar 22 - 25, 2013). Most of the emails look like this:
Subject: Warning Yourmailbox Is Almost Full®
On Nov 19, 2012 the University was attacked by multiple sources with a convincing phishing email. There were hundreds of recipients who received the text below:
From: Admin-Uleth.Ca [mailto:email@example.com]
Sent: Monday, November 19, 2012 2:02 PM
Dear:WebMail Subscriber, We hereby announce to you that your email account has exceeded its storage
limit. You will be unable to send and receive E-mails and your email
account will be deleted from our server. To avoid this problem, you are advised to verify
your email account by clicking on the Admin help desk link below for update of your email,
=====> Clink the link below.
NOTE:If unable to clink the link you are advice to copy the link and paste it in a new browser,Due to much junk/spam emails you receive daily, we are currently