Fordham Information Technology - Secure IT: May 2009

Sunday, May 31, 2009

Account Verification Update- Phishing Email Sent to Fordham Community on 5/31/09

This is another phishing email that has been reported. This message was received on or about May 31, 2009. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact the University Help Desk directly at 718 817-3999 or via email: helpdesk@fordham.edu.

cchapman@vcu.edu>

Date: 05/31/2009 03:40PM

Subject: Important: Account Verification Update !!!

Your mailbox quota has been exceeded the storage limit which is 20GB as set by youradministrator, You are currently running on 20.9GB. You may not be able to send or receive new mails until you re-validate your mailbox. To re-activate your account please click the link below

http://www.mai*****direct.org/_vti_ml_upd***/secu**/update%20
Thanks and we are sorry for the inconveniences. Local host


Wednesday, May 13, 2009

Mail System Error - Returned Mail -Phishing Email Sent to Fordham Community on 6/13/2009

This is another phishing email that has been reported. This message was received on or about June 13th, 2009. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact the University Help Desk directly at 718 817-3999 or via email: helpdesk@fordham.edu
Date: Sat, 13 Jun 2009 14:11:21 +0100
From: "Returned mail" <MAILER-DAEMON@fordham.edu>
To: lally@fordham.edu
Subject: Mail System Error - Returned Mail "Dear user of fordham.edu, Your e-mail account has been used to send a huge amount of unsolicited email messages during this week. We suspect that your computer had been infected by a recent virus and now contains a hidden proxy server. Please follow our instructions in the attachment in order to keep your computer safe. Sincerely yours, The fordham.edu support team. Attachments:application/octet-stream"

Tuesday, May 12, 2009

Your Mailbox has been de-activated-Phishing Email Sent to Fordham Community on 05/12/2009

This is to inform you that your Mailbox has been de-activated by your System Administrator due to an unusual activity detected in your mailbox. Hence, you may not be able to receive new mail until your mailbox is re-activated. You are to contact your System Administrator on the email address provided below with your Username and Password for them to re-activate your mailbox.
This is another phishing email that has been reported. This message was received on or about May 12th, 2009. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact the University Help Desk directly at 718 817-3999 or via email:
helpdesk@fordham.edu.


This is to inform you that your Mailbox has been de-activated by your System Administrator due to an unusual activity detected in your mailbox. Hence, you may not be able to receive new mail until your mailbox is re-activated. You are to contact your System Administrator on the email address provided below with your Username and Password for them to re-activate your mailbox.
System Administrator
E-mail:
websyst@administrativos.com
If your mailbox remains de-activated for an extended period of time, it may result in further limitations or eventual closure of your mailbox.
The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained herein by any other person is not authorized. This is to inform you that your Mailbox has been de-activated by your System Administrator due to an unusual activity detected in your mailbox. Hence, you may not be able to receive new mail until your mailbox is re-activated. You are to contact your System Administrator on the email address provided below with your Username and Password for them to re-activate your mailbox.

Wednesday, May 6, 2009

Phishing — bait or prey?

"Phishers" send spam or pop-up messages claiming to be from a business or organization that you might deal with for example, an Internet service provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to "update" or "validate" your account information. It might threaten some dire consequence if you don't respond. The message directs you to a website that looks just like a legitimate organization's, but isn't. What is the purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.

Don't take the bait: don't open unsolicited or unknown email messages; don't open attachments from people you don't know or don't expect; and never reply to or click on links in email or pop-ups that ask for personal information. Legitimate companies don't ask for this information via email. If you are directed to a website to update your information, verify that the site is legitimate by calling the company directly, using contact information from your account statements. Or open a new browser window and type the URL into the address field, watching that the actual URL of the site you visit doesn't change and is still the one you intended to visit. Forward spam that is phishing for information to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.

To ensure you're not being victimized and to detect unauthorized purchases, use the same practices as you do in the offline world. Check your credit card bill at least every month, and consider using services that inform you if someone has requested credit in your name.

Know who you're dealing with online.

And know what you're getting into. There are dishonest people in the bricks and mortar world and on the Internet. But online, you can't judge an operator's trustworthiness with a gut-affirming look in the eye. It's remarkably simple for online scammers to impersonate a legitimate business, so you need to know whom you're dealing with. If you're shopping online, check out the seller before you buy. A legitimate business or individual seller should give you a physical address and a working telephone number at which they can be contacted in case you have problems.


US-CERT Technical Cyber Security Alerts

IT Security - The IT Security Industry's Web Resource