Author Archives: Chris Norris

SCAM Alert – “Sextortion” Scam Emails

ITS is aware of an influx of sextortion scam emails received by members of the Middlebury community. These are indeed scams, identified as such by online security sources (see below) and making the rounds on the Internet once again. Recent samples have been personalized with older passwords stolen from breaches of third-party websites, such as Linkedin, Adobe, etc..

Please forward any sextortion scam emails to phishing@middlebury.edu so that the sender addresses can be blocked!

For more information on these sorts of scams, see:

https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/comment-page-13/
Excerpt: “The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.”

These are indeed scams. Recent samples have been personalized with older passwords stolen from breaches of third-party websites, such as Linkedin, Adobe, etc..

Here is a resource to help you find out where an old password to a 3rd party site may have been exposed: https://haveibeenpwned.com is run by Troy Hunt, a globally recognized security expert.

Check your email address here: https://haveibeenpwned.com (use your_username@middlebury.edu and then scroll down to see services where your username may have been part of a breach)

Check your password here: https://haveibeenpwned.com/Passwords

Change that password anywhere you use it and this time, pick a different STRONG password for each service.

Again, please forward any sextortion scam emails to phishing@middlebury.edu so that the sender addresses can be blocked from bothering our community members!

SCAM Alert – Gift Cards

ITS is aware of an influx of Gift Card scam emails received by members of the Middlebury community. These are indeed scams, identified as such by the FTC and other sources (see below). This variant seems to be spoofing faculty/staff members, using external email addresses from service providers like aol.com 

https://www.consumer.ftc.gov/blog/2018/10/scammers-demand-gift-cards 

https://abc7chicago.com/finance/gift-card-scam-uses-bosses-email-addresses-when-phishing/4556080/ 

https://blog.knowbe4.com/scam-of-the-week-the-boss-needs-itunes-gift-cards-for-customers…-now

Please forward any Gift Card scam emails to phishing@middlebury.edu so that the sender addresses can be blocked! Also see the How To Report Scams info below the FTC article.

From: https://www.consumer.ftc.gov/blog/2018/10/scammers-demand-gift-cards 

“Gift cards are a great way to give a gift. But did you know they are also a scammer’s favorite way to steal money? According to the FTC’s new Data Spotlight, more scammers are demanding payment with a gift card than ever before – a whopping 270 percent increase since 2015.Gift cards and reload cards are the #1 payment method for imposter scams. More scammers are demanding payment with a gift card. The percentage of consumers who told the FTC they paid a scammer with a gift card has increased 270% since 2015. Reports to the FTC say scammers are telling people to buy gift cards at Walmart, Target, Walgreens, CVS and other retail shops. 42% of people who paid a scammer with a gift card used iTunes or Google Play. Federal Trade Commission. ftc.gov/complaint. ftc.gov/giftcards

Gift cards are for gifts, not for payments. If someone calls with urgent news or a convincing story and then pressures you to pay them by buying a gift card, like an iTunes or Google Play card, and then giving them the codes on the back of the card – stop. It’s a scam.

Gift cards are the number one payment method that imposters demand. They might pose as IRS officials and say you’re in trouble for not paying taxes; or a family member with an emergency; or a public utility company threatening to shut off your water; or even a servicemember selling something before deployment. Or they might call with great news – you’ve won a contest or a prize! But to get it, you need to pay fees with a gift card. Scammers will say anything to get your money. And they know how to play into your fears, hopes, or sympathies. They like gift cards because, once they’ve got the code on the back, the money is gone and almost impossible to trace. But knowing how these scams work can help you avoid them, and you can help even more by passing on the information to people you know.

If you paid a scammer with a gift card, report it as soon as possible. Call the card company and tell them the gift card was used in a scam. Here is contact information for some of the gift card companies that scammers use most often. Then, tell the FTC about it – or any other scam – at ftc.gov/complaint. Your reports may help law enforcement agencies launch investigations that could stop imposters and other fraudsters in their tracks.”

How To Report Scams

Amazon

  • Call 1 (888) 280-4331
  • Learn about about Amazon gift card scams here.

Google Play

  • Call 1 (855) 466-4438
  • Report gift card scams online here.
  • Learn about Google Play gift card scams here.

iTunes

  • Call 1 (800) 275-2273 then press “6” for other, then say “operator” to be connected to a live representative.
  • Learn about iTunes gift card scams and how to report them here.

Steam

  • If you have a Steam account, you can report gift card scams online here.
  • Learn about Steam gift card scams here.

MoneyPak

  • Call 1 (866) 795-7969
  • Report a MoneyPak card scam online here.

Information Security Alert: New Phishing Technique Being Exploited

Ref: https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/

What you need to know

A new highly effective phishing technique targeting Gmail and other services has been gaining popularity during the past year among attackers. Over the past few weeks there have been reports of experienced technical users being hit by this. This attack is currently being used to target Gmail customers and is also targeting other online services.

[Basically, the location bar of your web browser is used to trick you into disclosing your account credentials by displaying an actual login page’s URL that is prefaced by something sneaky.]

How to protect yourself against this type of phishing attack

You have always been told: “Check the location bar in your browser to make sure you are on the correct website before signing in.” To protect yourself against this new phishing technique, you need to change what you are checking in the location bar. Read more…

[Please read the article posted on WordFence.com for the complete story. Also note that while Middlebury has a Google Apps for Education (or G-Suite) instance, our sign-in page is a Middlebury-branded and not a Google-branded. Still, this is important info for protecting your personal Gmail account and other services that this technique may try to exploit.]

 

InfoSec Alert: Fake “Microsoft Tech Support” Telephone Calls

Please note,

Several members of the Middlebury community have recently reported receiving fake “Microsoft Tech Support” telephone calls. These calls are scams. Microsoft does not make unsolicited phone calls to help you fix your computer.

If you receive a call from someone claiming to be from “Microsoft Technical Support” (or a similar sounding organization), hang up. The con artists on the other end of the line are trying to trick you into installing unwanted and potentially malicious software on your computer or disclosing your account credentials.

Again, Microsoft’s support organization does not initiate contact with customers. If you receive a call from someone claiming to be from Windows Support or Microsoft Tech support, just hang up on the call.

For more information on how to avoid telephone support scams, please see
Microsoft Safety & Security Center: Avoiding technical support scams.

@MiddInfoSec Phishing Alert: don’t fall for “FW: VERIFY” scam email

Be on the alert for a suspicious email purportedly sent from an internal sender with the subject line “FW: VERIFY”. This is a confirmed phishing message, designed to trick you into divulging your username and password. Do not click on the links in the message or reply to the message. If you find a copy of the message in your inbox, please delete it. If you find a copy of this message in your spam quarantine, please ignore it and do not release it. The message will be deleted from your quarantine automatically in the next few days.

For more information about phishing attacks, please visit http://go.middlebury.edu/phishing

For more information about the spam quarantine, please visit http://go.middlebury.edu/spam

@MiddInfoSec Phishing Alert – “To All Faculty/Staff” messages are confirmed phishing attacks.

Be on the alert for suspicious emails purportedly sent from tom.carrick@na.exide.com” with the subject line “To All Faculty/Staff“. These are confirmed phishing messages, designed to trick you into disclosing your Middlebury credentials. Do not click on the links in the message or reply to the message. If you find a copy of the message in your inbox, please delete it. If you find a copy of this message in your spam quarantine, please ignore it and do not release it. The message will be deleted from your quarantine automatically in the next few days.

For more information about phishing attacks, please visit http://go.middlebury.ed/phishing

For more information about the spam quarantine, please visit http://go.middlebury.ed/spam

@MiddInfoSec Phishing Alert – “Security Alert!!” and “Campus Security Announcement!” messages are confirmed phishing attacks.

Be on the alert for suspicious emails purportedly sent from “juan.lopez@mail.mcgill.ca” with the subject lines “Security Alert!!“ and “Campus Security Announcement!”. These are confirmed phishing messages, designed to trick you into disclosing your Middlebury credentials. Do not click on the links in the message or reply to the message. If you find a copy of the message in your inbox, please delete it. If you find a copy of this message in your spam quarantine, please ignore it and do not release it. The message will be deleted from your quarantine automatically in the next few days.

For more information about phishing attacks, please visit http://go.middlebury.ed/phishing

For more information about the spam quarantine, please visit http://go.middlebury.ed/spam

@MiddInfoSec Phishing Alert: don’t fall for “UPDATE YOUR ACCOUNT” or “UPDATE YOUR MAIL BOX” cam email

Be on the alert for a suspicious email purportedly sent with the subject line “UPDATE YOUR ACCOUNT” or “UPDATE YOUR MAIL BOX”. This is a confirmed phishing message, designed to trick you into divulging your username and password. Do not click on the links in the message or reply to the message. If you find a copy of the message in your inbox, please delete it. If you find a copy of this message in your spam quarantine, please ignore it and do not release it. The message will be deleted from your quarantine automatically in the next few days.

For more information about phishing attacks, please visit http://go.middlebury.edu/phishing.

For more information about the spam quarantine, please visit http://go.middlebury.edu/spam.

 

Example Message:

20161122updateyouraccount