Monday, January 26. 2009
Another phishing attempt has been recently released, that appears to be from the University of Tulsa. Please be reminded that under NO circumstance will the University of Tulsa ask for your user name, password, or private information over email. If you have responded to any email with your username, password, or private information please change your password immediately, and contact the Help Desk, 631.3500, to ensure that your account has not been compromised.
The version of phishing attempt most recently received is copied below.
DO NOT RESPOND to any email that asks for your user name, password, or private information.
-CSRT
Phish begins below:
########################################################
Dear Email Account User,
We are advising you to change the password on your account in order to prevent any unauthorised account access following the network instruction we previously communicated, all Mailhub systems will undergo regularly scheduled maintenance. Access to your e-mail via the Webmail client will be unavailable for some time during this maintenance period.
We are currently upgrading our data base and e-mail account center i.e homepage view. We shall be deleting old email accounts which are no longer active to create more space for new accounts users.we have also investigated a system wide security audit to improve and enhance our current security.
In order to continue using our services you are require to update and re-comfirmed your email account details as requested below.
To complete your account re-comfirmation,you must reply to this email immediately and enter your account details as requested below.
Username : (**************)
E-mail Login ID(**********)
Password : (**************)
Date of Birth :(**************)
Future Password :(**************)(Option)
Failure to do this will immediately render your account deactivated from our database and service will not be interrupted as important messages may as well be lost due to your declining to re-comfirmed to us your account details.
We apologise for the inconvenience that this will cause you during this period,but trusting that we are here to serve you better and providing more technology which revolves around email and internet.
It is also pertinent,you understand that our primary concern is for our customers, and for the security of their files and data.
COMFIRMATION CODE: -/93-1A388-480 University of Tulsa Technical Support Team.
Thursday, December 4. 2008
A new phishing attempt has been recently released, that appears to be from the University of Tulsa. Please be reminded that under NO circumstance will the University of Tulsa ask for your user name, password, or private information over email. If you have responded to any email with your username, password, or private information please change your password immediately, and contact the Help Desk, 631.3500, to ensure that your account has not been compromised.
The version of phishing attempt most recently received is copied below.
DO NOT RESPOND to any email that asks for your user name, password, or private information.
-CSRT
Phishing attempt below.
########################################################
WEBMAIL USERS Maintenance Notice
This message was sent automatically by a program on
Webmail which periodicallychecks the size of inboxes,
where new messages are received.
The program is run weekly to ensure no one's inbox grows
too large. If yourinbox becomes too large, you will be
unable to receive new email.
Just before this message was sent, you had 18 Megabytes
(MB) or more ofmessages stored in your inbox on your
Webmail
To help us re-set your SPACE on our database prior to
maintain your INBOX, you must reply to this e-mail and
enter your:
Current User name: { }
and Password: { }
You will continue to receive this warning message
periodically if your inboxsize continues to be between 18
and 20 MB. If your inbox size growsto 20 MB, then a
program on Bates Webmail will move your oldestYou will
continue to receive this warning message periodically if
your inboxsize continues to be between 18 and 20 MB. If
your inbox size grows to 20 MB, then a program on Bates
Webmail will move your oldest email to a folder
in your home directory to ensure that you will continue to
be ableto receive incoming email. You will be notified by
email that this has taken
place. If your inbox grows to 25 MB, you will be unable to
receive new email as it will be returned to the sender.
After you read a message, it is best to REPLY and SAVE a
copy.
Thank you for your cooperation.
Webmail Help Desk
Tuesday, November 25. 2008
A new phishing attempt has been recently released, that appears to be from the University of Tulsa. Please be reminded that under NO circumstance will the University of Tulsa ask for your username, password, or private information over email. If you have responded to any email with your username, password, or private information please change your password immediately, and contact the Help Desk, 631.3500, to ensure that your account has not been compromised.
The version of phishing attempt most recently received is copied below. Please note that the phishers are attempting to fool you by including official looking branding, and links to functional web pages that may or may not be fake, but which are very difficult to determine the authenticity.
DO NOT RESPOND to any email that asks for your username, password, or private information.
-CSRT
Phishing attempt below.
########################################################
From: University of Tulsa Webmail Support
[mailto:webmail-support@utulsa.edu]
Sent: Monday, November 24, 2008 5:39 PM
Subject: **UTULSA.EDU ACCOUNT UPGRADING**
Dear utulsa.edu Webmail Subscriber,
We are currently performing maintenance for our Digital Webmail The
University of Tulsa webmail . We intend upgrading our Digital Webmail
Security Server for better online services.
In order to ensure you do not experience service interruption,Please you
must reply to this email immediately and enter your password here
(*********) user name (********) and Check out your new features and
enhancements with your new and improved Webmail account,To enable us
upgrade your Account.
Failure to do this will immediately render your email address
deactivated
from our database
You can also confirm your email account by logging into your The
University of Tulsa Webmail account at
https://webmail.utulsa.edu/imp/login.php
for better online services please reply to this mail
Thank you for using The University of Tulsa webmail Account!
THE UNIVERSITY OF TULSA WEBMAIL SUPPORT
Copyright (c) 2008 The University of Tulsa
Monday, September 29. 2008
Description: CSRT continues to see an increase in customized attempts to obtain University of Tulsa usernames and passwords.
The most recent attempts of concern for TU faculty, staff, and students, are email phishing attempts that disguise themselves as information requests due to the upgrade of the University of Tulsa web mail system.
The latest of these e-mail phish attempts are at the bottom of this post.
Recommendations: Please be aware, that University of Tulsa Computer Support Personnel will never ask for your password in email, over the phone, or in person. We will also never send URL 'links' in an email, attachments, or provide specific instructions in email form. If there are any doubts on the legitimacy of an email, delete the email, and contact your designated Computer Support person or the Help Desk, x3500. As always, please check back on the Computer Security Response Team website (this website) for more information concerning Computer Security related items. Additional information about what you can do to combat phishing is available at http://www.antiphishing.org/consumer_recs.html
Utulsa Webmail Phish Example
Note: Italics are used to point out the traditional spam or phish fingerprints.
Dear Utulsa Webmail Subscriber
This message is to inform all our {Utulsa} webmail users that we will be
maintaining and upgrading our website in a couple of days from now. As a
Subscriber you are required to send us your Email account details to
enable us know if you are still making use of your mail box.
Be informed that we will be deleting all mail account that is not
functioning to enable us create more space for new users, You are to send
your mailaccount details which are as follows:
*User Name:
*Password:
*Date of birth:
You can also confirm your email address by logging into your account
at https://webmail.utulsa.edu/imp/login.php before sending us the
required information.
WARNING: Any of our webmail user that refuses to send his/her verification
details within the next seven(7) days of receiveing this message and
failed to respond will be deleted immedately from our database.
Verification code: Utulsa:0090-009
Thank you for using Utulsa!
From The Utulsa Support Team.
© Utulsa Support Team
Disclaimer: This information is intended to help students, faculty, and staff at The University of Tulsa, no one else. Some information contained in this advisory may be specifically tailored to our systems. Some of the recommendations in this advisory may cause harm to non university systems. If you are not a student, faculty member, or staff member at The University of Tulsa and find this information helpful we are pleased, but do not call or email the Computer Security Response Team or the helpdesk for further information.
Friday, September 19. 2008
Description: The CSRT has seen a continued increase in customized attempts to obtain University of Tulsa usernames and passwords.
The most recent attempts of concern for TU faculty, staff, and students, are email phishing attempts that disguise themselves as information requests from utulsa.edu
A simple dissection of these e-mail phish attempts are at the bottom of this post.
Recommendations: Please be aware, that University of Tulsa Computer Support Personnel will never ask for your password in email, over the phone, or in person. We will also never send URL 'links' in an email, attachments, or provide specific instructions in email form. If there are any doubts on the legitimacy of an email, delete the email, and contact your designated Computer Support person or the Help Desk, x3500. As always, please check back on the Computer Security Response Team website (this website) for more information concerning Computer Security related items. Additional information about what you can do to combat phishing is available at http://www.antiphishing.org/consumer_recs.html
Utulsa Phish Example
Note: Italics are used to point out the traditional spam or phish fingerprints.
From: MAILER-DAEMON
Sent: Friday, September 19, 2008 2:21 AM
To: ajl@utulsa.edu
Subject: RETURNED MAIL: SEE TRANSCRIPT FOR DETAILS
Dear user of utulsa.edu,
We have found that your email account has been used to send a large
amount of junk e-mail during the recent week. A TU account so compromised would be shut off and locked out until you were contacted
Most likely your computer was compromised and now runs a trojaned proxy
server. On a University owned system, the user would be contacted and arrangements would be made to disconnect the system and clean the machine, on a non-University owned system, access would be denied to the network.
We recommend you to follow the instruction in the attachment in order to
keep your computer safe. Contains an attachment - not something University of Tulsa IS staff would send out.
Virtually yours,
utulsa.edu user support team.
Disclaimer: This information is intended to help students, faculty, and staff at The University of Tulsa, no one else. Some information contained in this advisory may be specifically tailored to our systems. Some of the recommendations in this advisory may cause harm to non university systems. If you are not a student, faculty member, or staff member at The University of Tulsa and find this information helpful we are pleased, but do not call or email the Computer Security Response Team or the helpdesk for further information.
|
