Fordham Information Technology - Secure IT

Tuesday, June 23, 2015

Article: Password Recovery Scam: How Hackers Are Stealing Gmail, Yahoo Mail Accounts


"Symantec has observed an increase in a "particular" type of spear-phishing attack targeting mobile users. The purpose of the attack is to gain access to the victim's email account.
"This social engineering attack is very convincing and we've already confirmed that people are falling for it," the security firm said.

To pull off the attack, the bad guys need to know the target's email address and mobile number; however, these can be obtained without much effort. The attackers make use of the password recovery feature offered by many email providers, which helps users who have forgotten their passwords gain access to their accounts by, among other options, having a verification code sent to their mobile phone.
The majority of cases observed affect Gmail, Hotmail, and Yahoo Mail users.

Symantec warns that users should be suspicious of SMS messages asking about verification codes, especially if they did not request one. If uncertain about an unexpected request, users can check with their email provider to confirm if the message is legitimate. Legitimate messages from password recovery services will simply tell you the verification code and will not ask you to respond in any way."

http://s3.firstpost.in/wp-content/uploads/2015/03/CybersecurityThinkstcok.jpg


Source: http://www.firstpost.com/business/password-recovery-scam-hackers-stealing-gmail-yahoo-mail-accounts-2299854.html





Thursday, June 18, 2015

Email Account User- Phishing Email Sent to the Fordham Community on 06/17/2015

This is a Phishing email that has been reported. This message was received on or about June 17th, 2015. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact IT Customer Care at 718-817-3999 or via email: helpit@fordham.edu.


--------------------Begin Message ------------------------------
From: Web Notice <aapay@sakarya.edu.tr> OR
Web Notice <jhansel1@binghamton.edu>  Date: Wed, Jun 17, 2015 at 7:26 PM
Subject: Email Account User
To: User@fordham.edu

Email Account User

Your Webmail account Certificate expired on the 1th-06-2015, This may interrupt your email delivery configuration, and account POP settings, page error when sending message.

To re-new your webmail Certificate, Please take a second to update your records by link below or copy and paste link


(Link here)

account will work as normal after the verification process, and your webmail Certificate will be re-newed.

Sincerely,
University Webmail Admin

-----------------------------End Message ---------------

Monday, June 15, 2015

Article - LastPass Security Notice


LastPass has sent out a notice to its users, notifying the community that on Friday, their team discovered and blocked suspicious activity on their network. " In their investigation, they found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

LastPass stated "We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed."

They are taking additional measures to ensure that users' data remains secure. They are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless they have multifactor authentication enabled. As an added precaution, they will also be prompting users to update their master password.

An email is also being sent to all users regarding this security incident.

Source: https://blog.lastpass.com/2015/06/lastpass-security-notice.html/

Notification - Phishing Email Sent to the Fordham Community on 06/13/2015

This is a Phishing email that has been reported. This message was received on or about June 13th, 2015. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact IT Customer Care at 718-817-3999 or via email: helpit@fordham.edu.


--------------------Begin Message ------------------------------


From: IT Help Desk <lynn9@mail.usf.edu>
Date: Saturday, Jun 13, 2015 at 3:01 PM
Subject: Notification
To: User@fordham.edu

Fordham User,

This is to information from fordham database due to unusual spam activities
going via internet (junk/spam message),  We are currently upgrading and to
de-activate some fordham Email Account from our database.

To avoid losing/de-activation of your fordham Account, you are advice to
contact:Click here 

We apologize for any inconvenience this may have caused.

Sincerely,
IT Help Desk.
 
-----------------------------End Message ---------------

Thursday, June 11, 2015

Help Desk - Phishing Email Sent to the Fordham Community on 06/11/2015

This is a Phishing email that has been reported. This message was received on or about June 11th, 2015. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact IT Customer Care at 718-817-3999 or via email: helpit@fordham.edu.


--------------------Begin Message ------------------------------

From: IT Support <niabryant@mail.usf.edu>
Date: Thu, Jun 11, 2015 at 1:49 PM
Subject: Help Desk
To: User@fordham.edu

Dear fordham User,

During our regular verification of our software we found out your antivirus
is out of update,

The Symantec Software Center requires you to update your antivirus,
Kindly contact HelpIT@fordham.edu (Malicious link embedded in email address)
 
Sincerely,
Fordham University 
-----------------------------End Message ---------------

Google Education Email Alert - Phishing Email Sent to the Fordham Community on 06/09/2015

This is a Phishing email that has been reported. This message was received on or about June 9th, 2015. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact IT Customer Care at 718-817-3999 or via email: helpit@fordham.edu.


--------------------Begin Message ------------------------------


From: Edu Alert <jonathan.thomas@bcsemail.org>
Date: Mon, Jun 9, 2015 at 4:26 AM
Subject: Google Education Email Alert
To:
User@fordham.edu Dear User,

We wanted to let you know that your email storage space is low,
To receive your new incoming messages, you'll need to confirm your 30 GB free
access below.

Free Access Confirm (Link Here)
Sincerely,
The Google Accounts Team

-----------------------------End Message ---------------

Friday, June 5, 2015

Article - U.S. Government Hacked; Investigators Believe China Is The Culprit


Four million current and former federal employees, from nearly every government agency, might have had their personal information stolen by Chinese hackers, U.S. investigators said.

U.S. officials believe this could be the biggest breach ever of the government's computer networks. China called the allegation irresponsible.

The Office of Personnel Management, which is conducting background checks, warned it was urging potential victims to monitor their financial statements and get new credit reports.

The breach was initially thought to have impacted the Office of Personnel Management and the Department of Interior, but government officials said nearly every federal government agency was hit by the hackers.

An assessment continues, and it is possible millions more government employees may be affected.
Source: http://www.cnn.com/2015/06/04/politics/federal-agency-hacked-personnel-management/index.html

Monday, June 1, 2015

Email Verification!! - Phishing Email Sent to the Fordham Community on 06/01/2015

This is a Phishing email that has been reported. This message was received on or about June 1st, 2015. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact IT Customer Care at 718-817-3999 or via email: helpit@fordham.edu.


--------------------Begin Message ------------------------------


From: Fordham Universtiy mailing verification <asumailingservice@gmail.com>
Date: Mon, Jun 1, 2015 at 4:26 AM
Subject: Email Verification!!
To:
User@fordham.edu Hello This e-mail is to notify the students of Fordharm University that we are
validating e-mails. Confirm that your account is still in use, also send
the following information for verification in order to keep your account
active. (1) Username:
(2) Password: Failure to do this will lead to a closure of this account.
Please do not disregard this email upon receipt. Thank you,
FU Mail Administrators.

-----------------------------End Message ---------------

Friday, May 22, 2015

Article - Your Secret Questions Are Just as Terrible As Your Passwords



A recent article from PC Magazine highlights research from Google surrounding the limited effectiveness of secret questions for account recovery:

"Not being able to remember your secret question responses is annoying, but Google said the bigger concern is hackers who try to hijack accounts using "mass guessing attacks." With weak answers, it's not that difficult: a 2009 report from the Institute of Electrical and Electronics Engineers said that researchers guessed about 10 percent of people's answers by using common responses.

In an era of openness, meanwhile, where your every move is chronicled online, it's not hard to find things like place of birth, mother's maiden name, or high school mascot by trolling a Facebook or Twitter account. This type of scenario is potentially how hackers gained access to celebrity iCloud accounts last year. "Certain celebrity accounts were compromised by a very targeted attack on user names, passwords, and security questions, a practice that has become all too common on the Internet," Apple said in a September statement"

Tips for Safe Password Sharing


Source: http://www.pcmag.com/article2/0,2817,2484538,00.asp


Wednesday, April 22, 2015

ALERT: Phishing Emails From Valid Fordham Accounts


Photo by Jamal Kurshed


Phishing emails are being sent from valid Fordham email accounts. These emails may appear to come from people you know. In some cases, their names are used to sign the emails. A list below shows the types of subjects commonly used in the phishing emails.

 
These emails are NOT legitimate. They request recipients to "Click here" or "View Document Here"  If you click on the link, you are directed to a site asking you to log into your Google Gmail, or even your Yahoo and AOL accounts.  

These sites are NOT legitimate. They are used to capture your usernames (AccessIT IDs) and passwords. An attacker with this information can log into your account and send phishing emails to everyone in your contact list.

We have seen phishing emails with the following subjects:

  • Update
  • New Doc
  • Important
  • Important Message
  • Important!!!
  • Yahoo Security Update
  • Your Yahoo Account Safety Is Our Top Priority
If you believe you have received this phishing message, please do the following: 
  • Do not respond to the message.
  • Do not click any links within the message.
  • Do not provide any information such as a username (AccessIT ID) and password.
If you responded to the email and provided confidential information:
  • Contact Fordham IT Customer Care ASAP at 718-817-3999.
  • Manually reset your password and disconnect any active login sessions to your Gmail account.
  • Delete the message. 
Email Security Tips:
  • NEVER give out your password to anyone, especially in an email. Fordham IT and any other reputable service provider will NEVER ask for your password or personal information via email.
  • NEVER provide personal or sensitive information in an email.
  • Do not click on links in emails. Enter valid website addresses into a browser manually.
  • Do not respond to suspicious emails. If you receive questionable or suspicious emails, contact IT Customer Care and allow the University Information Security Office (UISO) to validate the legitimacy of these emails.
  • Be wary of attachments, especially any you weren't expecting. Send them to IT Customer Care and let the UISO scan them for you.
  • If an email looks fishy, it probably is a phishing email.
  • Do not be fooled by scare tactics threatening to cut off your email, expire your accounts, and so on. Go to the source (my.fordham, your bank, HR, etc.) and validate the claim, but do not rely on the information provided in the email.
Find out more about phishing and online security:
  • Search our SecureIT blog to see if we have already identified a suspected email as a scam or a legitimate email: fordhamsecureit.blogspot.com. 
  • IT security topics are available on our IT Security website: www.fordham.edu/SecureIT 
  • Remember, Fordham IT and Fordham University will NEVER ask you for your password. If you believe you have received a suspicious email or phone call, please contact IT Customer Care for help at (718) 817-3999 or HelpIT@fordham.edu.

US-CERT Technical Cyber Security Alerts

IT Security - The IT Security Industry's Web Resource