Recently, the University, and other organizations nationwide have been experiencing an increase in the number of malicious emails being sent to their users. These attacks are being used to ransom systems and data, steal intellectual property, and threaten the individual privacy of users online. The attacks can take on many different forms including unsolicited resumes, fake shipping notifications, as well as claiming to be from organizations such as Revenue Canada in an effort to steal to income tax information.
Yesterday, a public notification from Ebay informed its users that there had been a significant data breach at the organization and information had been removed from their databases by attackers. The attackers didn't exploit any database vulnerabilities or access a backdoor in Ebay's web portal, but simply tricked some employees into giving away their usernames and passwords.
Fortunately, no financial data was lost, but as a precaution Ebay has asked all users to reset their passwords.
This morning, our finance department was targeted by a specific social engineering attack. An individual claiming to be Mike Mahon, sent the following email:
This morning approximately 1250 University email addresses were targeted with a convincing phishing message that directed users to put the username and password into a website that did not belong to the University. The phishing email was well written with University branding, but there were some red flags that should have alerted users:
1. The from address is binghamton.edu
2. The email is asking users to confirm their accounts. IT Services will never ask you to do this.
The phishing email looked like this...
Every year, we see attempts from cyber criminals to steal your personal information through sending false correspondence in the name of the Canadian Revenue Agency (CRA). A sample scam was recently sent to me from a University client and we wanted to make sure you weren’t fooled by what appears to be a legitimate communication.
The email contents looks like this:
We are seeing an aggressive campaign of phishing scams being sent to University email addresses over the past few days (Mar 22 - 25, 2013). Most of the emails look like this:
Subject: Warning Yourmailbox Is Almost Full®
On Nov 19, 2012 the University was attacked by multiple sources with a convincing phishing email. There were hundreds of recipients who received the text below:
From: Admin-Uleth.Ca [mailto:firstname.lastname@example.org]
Sent: Monday, November 19, 2012 2:02 PM
Dear:WebMail Subscriber, We hereby announce to you that your email account has exceeded its storage
limit. You will be unable to send and receive E-mails and your email
account will be deleted from our server. To avoid this problem, you are advised to verify
your email account by clicking on the Admin help desk link below for update of your email,
=====> Clink the link below.
NOTE:If unable to clink the link you are advice to copy the link and paste it in a new browser,Due to much junk/spam emails you receive daily, we are currently
Account Status Verification Alert
Dear Valued Customer,
A recent security update as being issued from BMO Bank of Montreal fraud department. We require you to update your online accounts due to a recent security patch upgrade to our servers.
You are requested to verify your account details correctly with us.
Verify and Update your identity
Failure to confirm and verify your BMO Online Account Information's
might lead to your account permanently suspended.
We recently reviewed your account, and suspect that your TD Canada Trust Online Banking account might have been accessed by an unauthorized third party.
Protecting the security of your account is our primary concern, therefore as a preventive measure, we have temporarily limited access to sensitive account features.
To restore your account access, we need you to confirm your identity.
Please follow the link below to proceed to confirming your account information: