Monthly Archives: April 2016

Malicious email alert: contact us

This one relies on curiosity. Aren’t you dying to know what’s in the attachment? I am too, but not enough to risk getting malware.

Fun fact: ECOSOC is the UN’s Economic and Social Council.

———- Forwarded message ———-
Date: Sat, 30 Apr 2016 01:27:40 +0900 (JST)
From: Ecosoc <webbg624@outlook.com>
Reply-To: Mr. Brain Robertson <brobertson.unfund@aol.com>
Subject: Contact Us

***See Attachment Letter for More Details***

Malicious email alert: mail acct quota

Another example of a personalized phishing email. Again, the spelling and grammar errors give it away.
From: “System Administrator”<admin@yhcxzx.net>
Subject: Upgrade Your Capacity Mail Box
Date: April 7, 2016 at 2:31:40 PM PDT

 

Hi ahartigh@uw.edu

You are about exceeding your free data volume.

Avoid mail subscrition suspention, and email retrival malfunction, by following below reference

ALLOCATE MORE DATA TO [ahartigh@uw.edu]

We will not be responsible for any subscrition suspention or email retrival malfunction if after this warning no response from you.

Mail Team

Malicious email alert: UW email?

Not sure what exactly this one is phishing for, but it references a mail server. This one is interesting because it uses a personalizing technique- there are 2 spots where the recipient’s email is listed. Thankfully, the spelling errors and vague language gave this one away despite its official looking disclaimer.

———- Forwarded message ———-
Date: Mon, 25 Apr 2016 17:54:21 +0200
From: Help Desk <csims@addisonparks.org>
To: kennyd@uw.edu
Subject: Updates to our terms of use and privacy statement

Email User kennyd@uw.edu,
In regards to the ongoing maintainance. Some of your important messages were queued on our mail server. Please View
Demo to view or download your pending messages.
Maintenance will be undergoing large improvement updates that will increase our security.
Please Note: To avoid any complication, it is madatory you follow the instructions above.
Thank you for your patience and cooperation,
–IT Support Team

THIS TRANSMISSION IS INTENDED AND RESTRICTED FOR USE BY kennyd@uw.edu; ONLY. IT MAY CONTAIN CONFIDENTIAL AND/OR
PRIVILEGED INFORMATION EXEMPT FROM DISCLOSURE UNDER FEDERAL OR STATE LAW. IN THE EVENT SOME OTHER PERSON OR ENTITY
RECEIVES THIS TRANSMISSION, SAID RECIPIENT IS HEREBY NOTIFIED THAT ANY DISSEMINATION, DISTRIBUTION, OR DUPLICATION
OF THIS TRANSMISSION OR ITS CONTENTS IS PROHIBITED. IF YOU SHOULD RECEIVE THIS TRANSMISSION IN ERROR, PLEASE DELETE
THE FILE FROM YOUR SYSTEM, AND DESTROY ANY HARD COPIES OF THIS TRANSMISSION. THANK YOU.

Malicious pop-up alert: fake malware infection notice

Several people have reported that they have had a very real-looking fake malware infection notice pop up on their computers while they are web browsing. It appears in the lower right corner and may even say that it is Microsoft Security Essentials. However, it says to call an 800 or 877 number for help, which is how we know it’s fake.

It may be accompanied by a fake “blue screen of death” page in the background. There have also been reports of it using sound to try to intimidate people into calling.

If you are concerned that your computer has been infected with malware, please contact your local IT staff right away. Contacts:

  • Labmed IT: labmedhelp@uw.edu, 206-598-6155
  • UW Medicine ITS: mcsos@uw.edu, 206-543-7012

Malicious email alert: UW acct phishing email

Another phishing email targeting UW NetID is making its rounds. See example below.

Remember to never click a link without first hovering your mouse over it to see where it goes. In this case, if you hover over the link, you will see that it goes to a non-UW web domain. Let’s take a closer look.

link

Example phishing email:

From: University of Washington <pwang@fsu.edu>
Date: April 28, 2016 at 1:49:08 AM PDT
To: Undisclosed recipients:;
Subject: Message from UW staff portal

 

You have new important message from the Staff portal

Click here to read

Thank you
University of Washington
All rights reserved.

Malicious email alert: UW email acct phish

Things to note about this malicious phishing email:

  • Causes a sense of alarm due to threat of account deactivation.
  • Provides a somewhat plausible error code.
  • Sender address is clearly not a UW address.
  • Link address is also clearly not UW.

———- Forwarded message ———-
Date: Tue, 19 Apr 2016 10:37:46 -0400 (EDT)
From: cherrii@wildblue.net
Subject: U Washington Mail Account Update

This is an automatic message from our servers; If you are receiving this message it means that your email address has been queued for deactivation. This was as a result of a continuous error received from this email address (code:505).

Please copy and paste or Click http://mailwsu-edu.jimdo.com/ to resolve this problem.

Note: Failure to resolve this problem by ignoring this message would result to the deactivation of your account.

We apologize for any inconvenience and appreciate your understanding.

Regards
U Washington Mail

Malicious email alert: the files you need for thursday

Who doesn’t have an upcoming meeting for which they may need files? This malicious email relies on the most human of traits, curiosity.

———- Forwarded message ———-
Date: Tue, 12 Apr 2016 18:16:07 -0400 (EDT)
From: Linda Jones <joneslinda2@comcast.net>
To: Linda Jones <joneslinda2@comcast.net>
Subject: the files you need for thursday

Here are your files for thursday docs.google.com/file/1v467k