Description: The CSRT has seen a continued increase in customized attempts to obtain University of Tulsa usernames and passwords.
The most recent attempts of concern for TU faculty, staff, and students, are email phishing attempts that disguise themselves as information requests from utulsa.edu
A simple dissection of these e-mail phish attempts are at the bottom of this post.
Recommendations: Please be aware, that University of Tulsa Computer Support Personnel will never ask for your password in email, over the phone, or in person. We will also never send URL 'links' in an email, attachments, or provide specific instructions in email form. If there are any doubts on the legitimacy of an email, delete the email, and contact your designated Computer Support person or the Help Desk, x3500. As always, please check back on the Computer Security Response Team website (this website) for more information concerning Computer Security related items. Additional information about what you can do to combat phishing is available at
http://www.antiphishing.org/consumer_recs.html
Utulsa Phish Example
Note: Italics are used to point out the traditional spam or phish fingerprints.
From: MAILER-DAEMON
Sent: Friday, September 19, 2008 2:21 AM
To: ajl@utulsa.edu
Subject: RETURNED MAIL: SEE TRANSCRIPT FOR DETAILS
Dear user of utulsa.edu,
We have found that your email account has been used to send a large
amount of junk e-mail during the recent week.
A TU account so compromised would be shut off and locked out until you were contacted
Most likely your computer was compromised and now runs a trojaned proxy
server.
On a University owned system, the user would be contacted and arrangements would be made to disconnect the system and clean the machine, on a non-University owned system, access would be denied to the network.
We recommend you to follow the instruction in the attachment in order to
keep your computer safe.
Contains an attachment - not something University of Tulsa IS staff would send out.
Virtually yours,
utulsa.edu user support team.
Disclaimer: This information is intended to help students, faculty, and staff at The University of Tulsa, no one else. Some information contained in this advisory may be specifically tailored to our systems. Some of the recommendations in this advisory may cause harm to non university systems. If you are not a student, faculty member, or staff member at The University of Tulsa and find this information helpful we are pleased, but do not call or email the Computer Security Response Team or the helpdesk for further information.
