Fordham Information Technology - Secure IT: June 2010

Tuesday, June 29, 2010

Reset Your Fordham.edu Password - Phishing Email Sent to the Fordham Community on 6/29/2010

This is another phishing email that has been reported. This message was received on or about June 29th, 2010. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact the University Help Desk directly at 718 817-3999 or via email: helpdesk@fordham.edu.


(Please do not click on the links when they appear in the email, they will redirect you to Malware sites).

Subject: Reset Your Fordham.edu Password

Hello, user@fordham.edu.

We received your request to reset your fordham.edu password. To confirm your request and reset your password, follow the instructions below. Confirming your request helps prevent unauthorized access to your account.

If you didn't request that your password be reset, please follow the instructions below to cancel your request.
CONFIRM REQUEST AND RESET PASSWORD
Click on the following web address:

htt*s://fordham.edu/Ema***age.s**?emai**d=mail/?sh**=1#inbox/12983ccaa8732d93

CANCEL PASSWORD RESET

Click on the following web address:

htt*s://fordham.edu/Em****age.srf?emai**d=mail/?shva=1#in***/12983cc***732d944



Thank you,

fordham.edu

NOTE: Please do not reply to this message, which was sent from an unmonitored e-mail address. Mail sent to this address cannot be answered.

Confirm Your Email Address - Phishing Email Sent to the Fordham Community on 6/29/2010


This is another phishing email that has been reported. This message was received on or about June 29th, 2010. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact the University Help Desk directly at 718 817-3999 or via email: helpdesk@fordham.edu.


Hello, user@fordham.edu.

Thank you for signing up for a fordham.edu. Please follow the instructions below to confirm that you signed up for this account, or to cancel the account if you did not sign up.

CONFIRM ACCOUNT
To help prevent unauthorized account creation, we need you to confirm your e-mail address. We will use this e-mail address to send you important messages about your account. Also, some fordham.edu sites and services may require a confirmed e-mail address.

Please confirm your email by visiting the URL

CANCEL ACCOUNT

If you didn't sign up for the account with this e-mail address and want to cancel the account, select and copy the following link. Open a browser and paste the link in the address bar. Press Enter or Return on your keyboard and follow the instructions that display.

Cancel your email by visiting the URL

Thank you,

fordham.edu Customer Support

NOTE:
Please do not reply to this message, which was sent from an unmonitored e-mail
address. Mail sent to this address cannot be answered.

UPS Invoice NR7493425 - Phishing Email Sent to the Fordham Community on 6/29/2010.

This is another phishing email that has been reported. This message was received on or about June 29th, 2010. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact the University Help Desk directly at 718 817-3999 or via email: helpdesk@fordham.edu.

To: user@fordham.edu
From: "United Parcel Service of America, Malca Hoo" bpmidd@ups.com
Subject:UPS INVOICE NR7493425.


Supreme Court: Handgun Ban Unconstitutional Fired NY banker's suit, and suits, raise eyebrows Water Trickles Back into Village, Thanks to Solar Desalination Top court extends gun rights to states, cities

Monday, June 28, 2010

UPS INVOICE NR9302106 - Phishing Email Sent to the Fordham Community on 6/28/2010.

This is another phishing email that has been reported. This message was received on or about June 28th, 2010. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact the University Help Desk directly at 718 817-3999 or via email: helpdesk@fordham.edu.



To: user@fordham.edu
From:"UPS Manager, Elnora Byk" hyrdrochloric@ups.com
cc

Subject: UPS INVOICE NR9302106.

(Zip file attached to the original email. File was not included in this post for user safety.)


Ex-FEMA Chief May Help BP Weather Spill Disaster Japan jobless rate rises, household spending falls Pentagon launches affordability push for weapons Video: The Showbuzz: Knight and Day



Fw: UPS INVOICE NR4007068 - Phishing Email Sent to Fordham Community on 6/28/2010


This is another phishing email that has been reported. This message was received on or about June 28th, 2010. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact the University Help Desk directly at 718 817-3999 or via email: helpdesk@fordham.edu.


To: user@fordham.edu

From: "UPS Support, Javier Newand"

Date: 06/28/2010 05:15PM

Subject: UPS INVOICE NR4007068.

Dear Customer,


We failed to deliver post sent on the 28th of April in time because the recipient's address is wrong. Please print out the invoice copy attached and collect the package at our department.

UPS International

Invoice_N0043147.zip (Attachment removed for your safety).

Please Confirm Your Message- Phishing Email sent to the Fordham Community on 6/28/2010

This is another phishing email that has been reported. This message was received on or about June 28th, 2010. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact the University Help Desk directly at 718 817-3999 or via email: helpdesk@fordham.edu.

Subject:Please Confirm Your Message

This message was created automatically by mail delivery software (TMDA).

To release your message for delivery, please click on the following link and confirm message

h**ps://fordham.edu/confirm/launch?.gx=1&.r**d=ck8q9en84ere5&.intl=us

This confirmation verifies that your message is legitimate and not
junk-mail. You should only have to confirm your address once.

If you do not respond to this confirmation request within 14 days,
your message will not be delivered.

Regards,
fordham.edu Account Services

Wednesday, June 9, 2010

Kindly Open the Attached File and Confirm Your Winning! (Congratulation) - Spam Email Sent to the Fordham Community on 6/9/2010

This is another spam email that has been reported. This message was received on or about June 9th, 2010. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact the University Help Desk directly at 718 817-3999 or via email: helpdesk@fordham.edu.

(Please note that the original email has a pdf file attached, file was not attached for user safety)


To: undisclosed recipients: ;
From: Coca-Cola Company
Date: 06/09/2010 10:43AM
Subject: KINDLY OPEN THE ATTACHED FILE AND CONFIRM YOUR WINNING! (CONGRATULATION).

Wednesday, June 2, 2010

Don't be a Billy

When you begin college, you are probably on your own for the first time. You are taking on new responsibilities, making your own decisions, and becoming part of the campus community. There is an important role that you can play in your Fordham's cybersecurity efforts that combines these elements of responsibility, decision-making, and community.

http://www.youtube.com/watch?v=nPR131wMKEo

Tuesday, June 1, 2010

Beware of Tabnapping

Most Internet users know to watch for the telltale signs of a traditional phishing attack: An e-mail that asks you to click on a link and enter your e-mail or banking credentials at the resulting Web site. But a new phishing concept that exploits user inattention and trust in browser tabs is likely to fool even the most security-conscious Web surfers.

As Mozilla Firefox creative lead Aza Raskin describes it, the attack is as elegant as it is simple: A user has multiple tabs open, and surfs to a site that uses special javacript code to silently alter the contents of a tabbed page along with the information displayed on the tab itself, so that when the user switches back to that tab it appears to be the login page for a site the user normally visits.

See the video here:
http://vimeo.com/12003099

US-CERT Technical Cyber Security Alerts

IT Security - The IT Security Industry's Web Resource