Category Archives: Uncategorized

Malicious email alert: UW acct phishing

Yet another phishing email. This one gets credit for having an interesting sounding web address in any case- techembryo.com. You can see the web address by hovering your mouse (don’t click) over the link below that says View Details.

This one has a plausible sounding sender address, but we can’t rely on sender address for proof of legitimacy because sender address can be easily “spoofed.” The only way to tell if an email is legit is to hover over the link and see where it really goes.

Subject: IT HelpDesk

Date: Thu, 4 Aug 2016 09:25:17 -0500

From: University of Washington <helpdesk@uw.edu>

You have one new message from Mercer IT HelpDesk regarding your mail account.

View Details

University of Washington

Malicious email alert: UW acct phishing email

Another phishing email targeting UW email acct.

It initially appears to contain a link called “Click on show images to read secured message” (see image 1 below). In some email applications, clicking the link will take you directly to a malicious website. In other applications, it will turn into an image (see image 2 below), which is itself a link. If you then click anywhere on the image, it will go to a malicious website.

phish1

phish2

Another thing that is notable about this email is that the link includes washington.edu and uw.edu. However, it does not go to a washington.edu or uw.edu website.

Let’s break this web address down into its components: domain, directory, and webpage.

link

Of the 3 components, the one you need to check is the domain. In this example, we can see it is NOT a washington.edu or uw.edu domain and is therefore not a legitimate UW website.

The directory and webpage components do contain washington.edu and uw.edu, but this does not matter. These components can be named anything.

 

Malicious email alert: more UW email phishing attempts

Another pair of phishing emails targeted at UW email:

From: Linscott, Brian
Sent: Wednesday, June 8, 2016 8:21 AM
Subject: Helpdesk Update

Your e-mail account was LOGIN today by Unknown IP address Unknown IP 232.22.88 233,click on the Administrator link below to validate your e-mail account or your account will be temporary block for sending more messages.

Click Link To Validate Your Account

Sincerely,

IT Department

 

 

From: University of Washington <taboao@cloud32.hdrserver.com.br>
Subject: Problem with your email account
Date: June 6, 2016 12:25:53 PM PDT

Dear User,

Member Services identified a problem with your email account. To correct this issue, please click here to resolve.

Regards,

© 2016 University of Washington | Seattle, WA