Information Security Blog
To receive notification about new blog entries, follow SoM_ISO on Twitter
Trying to Scare You Into Clicking That Link
I received this email today. According to the message, my computer is infected with some type of virus. But I'm not worried, because I know it can't be true: I use Sophos anti-virus on all of my computers. I, like you, can get a free copy of Sophos from the ITS website (https://itservices.stanford.edu/service/ess/pc/docs/sophos), and I can install it on all of the computers that I use for work (both at work and at home). It's a great tool, and using anti-virus helps make sure that you don't need to worry about viruses and malware, and of course, emails that try to scare you into thinking that your computer is infected...
==================================================================
Subject:
[irt-security] Your mailbox has been detected of DGXT Virus!
From:
"Mail Admin"
Date:
Fri, 06 Jan 2012 18:45:54 +0300
To:
undisclosed-recipients:;
Our WebMail automated systems scan shows that your mailbox is been infected by some suspicious DGXT Virus, the DGXT Virus is causing conflict between some of our web users.Please to stop this action you will have to Click the Url to remove and revalidate your mailbox.
Click or copy http://www.ostisb.org/secure/update/acc.htm to remove threat.
Note that none of your files will be removed or lost during this operation.
Thank you,
Technical Helpdesk Service.
Mailbox Over Quota?
This is a great way for a phisher to try to get your attention: who doesn't worry about running out of mailbox space? As you might have guessed, this is a scam, where the sender is trying to lure you into clicking on the link. But by now you know never to click on unknown links.... And if you're uncertain about your mailbox quota, you can always look at your statistics at http://stanfordyou.stanford.edu and see how much of your mailbox quota you've already used. OR if you think you need an increase in your mailbox quota (size), contact ITS (5-44357 or 5HELP), your local support person, or your DFA for assistance. Additionally, you are always welcome to contact IRT Information Security Services about this or any information security issue you may have (irt-security@lists.stanford.edu).
============================================================
X-Originating-IP: [116.203.50.120]
From: UPDATE YOUR ACCOUNT
Subject: Upgrade Your Webmail Acoount New
Date: Tue, 17 Jan 2012 18:41:42 +0000
X-OriginalArrivalTime: 17 Jan 2012 18:41:42.0925 (UTC) FILETIME=[A842DBD0:01CCD547]
To: undisclosed-recipients:;
Your mailbox is almost full 20GB to 23GB Please Click the Link Below
To Validate Your Mailbox And Increase Your
Quota. https://docs.google.com/spreadsheet/viewform?hl=en_US&formkey=dDRxOVpmQXRPZTNVb0gxMzRtOVFoQlE6MQ#gid=0
Seriously, A Wire Transfer?
You know you haven't sent a wire transfer to anyone (and maybe you've never sent a wire transfer ever), and yet, you've received an email stating that it wasn't successful. It's another phishing scam to try to get you to click on a link that will probably download malware onto your computer. Like all other phishing scams, just ignore it.
A copy of the email is included below.
_____________________________________________________
Subject: Wire transfer ID 3225457876954623496
From:
Date: Wed, 29 Jun 2011 07:03:35 -0700 (PDT)
To:
The outgoing Wire fund transfer that you placed one month ago, was not processed by an intermediary or beneficiary bank.
Please click here to view report
We'd Never Send This To You
The email below has been circulating through Stanford. We would NEVER send you an email like this. It's wrong in so many ways.....
- We don't send out threatening emails
- We know how to construct properly written sentences
- We are here to help you, not scare you
- Any email representing Stanford would be sent from a Stanford email address (this one was sent from aaddminoff@qatar.io)
- We would ask you to work with your IT support person if there was a problem, or contact us directly (5-8000 or irt-security@lists.stanford.edu)
When you do receive this type of email, please let us know so that we can warn others about it. If you're unsure about the validity of an email, contact us before you take any action. We're here to help you.
==============================================
From: Stanford Admin Center
Date: March 16, 2011 4:08:07 AM PDT
To:
Subject: Dear Account User Security Alert!!!!
Reply-To: aaddminoff@qatar.io
Dear Account User:
It has come to our notice that your email has not passed the verification/Update process that we are presently working on.
We the web-Admin of Standford University are currently upgrading our data base and e-mail account center,thereby deleting all Old mail email account to create more space for new accounts.To prevent your account from closing you will have to update it so that we will know that it's a presently used account. To complete your account re-confirmation, you must reply to this email immediately and enter your account details as requested below.
***********************************************
Email User-name :.............
EMAIL Password :..............
Date of Birth : ...........
Country or Territory :.......
***********************************************
****IMPORTANT :****
This updating is compulsory to all Standford University user as a result of our recent server changes. If you fail to update your email address you will soon be unable to receive/send mails.Also your email will not be equipped with the latest anti-virus system on our new servers.This will make your email and PC
vulnerable to virus attacks from the internet.
**** HOW TO UPDATE***
To update simply reply the above to upgrading admin as appropriate. Failure to do so immediately will lead to SUSPENSION OF YOUR ACCOUNT.
Thanks for your co-operation,
Mail Administrator.
Standford University
Debunking Some Common Cyber Security Myths
US-CERT Cyber Security Tip ST06-002
Debunking Some Common Myths
There are some common myths that may influence your online security
practices. Knowing the truth will allow you to make better decisions about
how to protect yourself.
How are these myths established?
There is no one cause for these myths. They may have been formed because of
a lack of information, an assumption, knowledge of a specific case that was
then generalized, or some other source. As with any myth, they are passed
from one individual to another, usually because they seem legitimate enough
to be true.
Why is it important to know the truth?
While believing these myths may not present a direct threat, they may cause
you to be more lax about your security habits. If you are not diligent about
protecting yourself, you may be more likely to become a victim of an attack.
What are some common myths, and what is the truth behind them?
* Myth: Anti-virus software and firewalls are 100% effective.
Truth: Anti-virus software and firewalls are important elements to
protecting your information (see Understanding Anti-Virus Software and
Understanding Firewalls for more information). However, neither of these
elements are guaranteed to protect you from an attack. Combining these
technologies with good security habits is the best way to reduce your
risk.
* Myth: Once software is installed on your computer, you do not have to
worry about it anymore.
Truth: Vendors may release updated versions of software to address
problems or fix vulnerabilities (see Understanding Patches for more
information). You should install the updates as soon as possible; some
software even offers the option to obtain updates automatically. Making
sure that you have the latest virus definitions for your anti-virus
software is especially important.
* Myth: There is nothing important on your machine, so you do not need to
protect it.
Truth: Your opinion about what is important may differ from an
attacker's opinion. If you have personal or financial data on your
computer, attackers may be able to collect it and use it for their own
financial gain. Even if you do not store that kind of information on
your computer, an attacker who can gain control of your computer may be
able to use it in attacks against other people (see Understanding
Denial-of-Service Attacks and Understanding Hidden Threats: Rootkits and
Botnets for more information).
* Myth: Attackers only target people with money.
Truth: Anyone can become a victim of identity theft. Attackers look for
the biggest reward for the least amount of effort, so they typically
target databases that store information about many people. If your
information happens to be in the database, it could be collected and
used for malicious purposes. It is important to pay attention to your
credit information so that you can minimize any potential damage (see
Preventing and Responding to Identity Theft for more information).
* Myth: When computers slow down, it means that they are old and should be
replaced.
Truth: It is possible that running newer or larger software programs on
an older computer could lead to slow performance, but you may just need
to replace or upgrade a particular component (memory, operating system,
CD or DVD drive, etc.). Another possibility is that there are other
processes or programs running in the background. If your computer has
suddenly become slower, it may be compromised by malware or spyware, or
you may be experiencing a denial-of-service attack (see Recognizing and
Avoiding Spyware and Understanding Denial-of-Service Attacks for more
information).
Here's Another One...
No, the helpdesk did not send you an email about your account. No, you should not provide your login credentials. Once again, there's a phishing scam circulating, and it could seem to be valid.
Please remember, STANFORD WILL NEVER ASK YOU FOR YOUR PASSWORD. If you are asked and you're still unsure, regardless of who it is, check with Information Security Services first. We can be reached by email (irt-security@stanford.edu) or through the Help Desk (5-8000 option 4).
Rule of thumb: WHEN IN DOUBT, DON'T!
The email is posted below.
===============================================
From: indentco@brain.net.pk
Sent: Friday, February 4, 2011 7:21:36 AM
Subject: Importance notice from the helpdesk
EMAIL ACCOUNT UPGRADE
Your E-mail box has reached its maximum limit of 20 GB of storage and
Your account will be disabled if you do not update
now.
stanford.edu To upgrade your account, please click
the link below and follow the instructions to upgrade to more
storage space.
http://quadlightjobs.com/phpform/use/webmail/form1.html
Your account will remain active after you have confirmed your account
successfully.
stanford.edu | Auburn, Alabama 36849
© Copyright 2011 Regulation
A Reminder about the Importance of Passwords and Encryption
Password, PIN codes, and security questions may feel like time-wasting nuisances, but that couldn't be further from the truth. These vital nuggets of secret information, when paired with encryption technology, keep patient and other restricted information safe. Without these protections in place, a lost or stolen device leads to an immense amount of time spent investigating, reviewing files, and notifying affected individuals - much more time than would be spent entering passwords.
Encryption and passwords go hand in hand. One without the other provides no protection. And remember, giving out your password is just like removing it. Never share your password with anyone, even if they appear to work for the technology group. The various Stanford technology groups will never ask you to reveal your passwords.
These same rules apply to smartphones (Blackberry, iPhone, Android, etc.) and tablets (iPad). Only devices that are encrypted and password-protected can be used to access or store patient or other restricted information (see http://securecomputing.stanford.edu/dataclass_chart.html for more information about what constitutes "restricted" information). The Stanford email system frequently contains restricted information and consequently, should only be accessed on encrypted and password-protected devices. At this time, only Blackberry, recent iPhones (3GS and 4) and iPad have encryption. Smartphones and tablets without encryption should have passwords in place and must only access campus email and calendar through mobile webmail (https://webmail.stanford.edu ), which doesn't download information onto the device.
Remember, failing to properly protect your devices and passwords places you, the institution, patients, and research subjects at risk.
More information about securing your devices can be found on the Information Security Services website (http://irtsecurity.stanford.edu/).
Phishing Scam Targets Stanford
There's a new phishing scam being mailed to Stanford users - and if you don't read it carefully, you'll think it's legitimate! It looks like it's from HelpSU, you know, the tool we all use... But look carefully: the Mailto: is not a Stanford address, the Subject line is misspelled. If you continue reading the email, you'll notice lots of other mistakes as well.
But most of all -- STANFORD WILL NEVER ASK YOU TO PROVIDE YOUR SUNETID AND PASSWORD -- NOT EVER!
Any email that asks you for your userID/SUnetID and password is a phishing scam. The objective is always to get you to provide your login credentials so that someone else can access your account, whatever that account might be - work email, personal email, or even a bank account. Just remember: NEVER GIVE OUT YOUR PASSWORD, EVER. Regardless of what someone might tell you, particularly in an email, there is no valid reason ever why you should ever give out your password.
If you are still unsure when you receive a request for your password, please check with IRT Information Security Services (irt-security@lists.stanford.edu) before you do anything. They will gladly respond to your question and help you.
A good rule of thumb is: When in doubt, don't!
If it doesn't sound legitimate, don't do it!
Below is the phishing scan email that is currently circulating:
===================================================
-----Original Message-----
From: HelpSU [mailto:helpdesk001@w.cn]
Sent: Friday, January 14, 2011 2:39 AM
To: undisclosed-recipients:
Subject: Stanford Universitya Notice/News
This notice is to inform you that an ERROR have been
detected in your SU WebMail account, this ERROR was caused
by congestion and SPAM emails. You have been contacted in
order for you to confirm your account and avoid losing it.
Kindly confirm your account by sending the requested
information below.
ITS Help Form
* SUNet ID:-
* Password:-
* Phone Number:-
This notice is from US Information Technology services.
Sign,
Information Technology services
Stanford University
450 Serra Mall
Stanford, CA 94305
© Stanford University. All Rights Reserved.
No, You Don't Have a Virus
You may have recently received an email with the subject line: Virus Detected
This is another phishing scam, trying to get you to click on the link at the bottom of the email. Below is the email that you may have received.
A good practice is to always run anti-virus software, which is available at no charge to everyone at Stanford. You can easily download your own copy from the Essential Stanford Software site (ess.stanford.edu). You will need to log in to the site using your Stanford login credentials.
If you suspect that your computer really is infected, contact the IRT Service Desk at 5-8000 and they will gladly assist you.
And if you have any questions or concerns regarding this phishing scam or any other information security issue, you should contact IRT Information Security Services at irt-security@lists.stanford.edu or through the IRT Service Desk (5-8000). Someone will respond promptly to your email.
By the way.... if you read the email below carefully, you'll notice that the grammar is incorrect and the URL is not a Stanford URL...
======================================================
-----Original Message-----
From: IT Services [mailto:yangmus@singnet.com.sg]
Sent: Monday, January 10, 2011 11:52 AM
To: "info."@stanford.edu
Subject: Virus Detected
Virus Detected
A virus has been detected in your mail account and in other for you
not to lose your mail account,you are to click on the link below to scan
to remove the virus from your mail account.Failure to do this will lose
his or her mail account.
http://itservicestanford.webs.com/contactus.htm
Sign
Management
Never Give Out Your Password!
You may have received an email stating that there are issues with your mailbox, and that in order to 'straighten things out,' you should provide your current login credentials, including your password. Stanford will NEVER ask you to provide your password. As a rule of thumb, ANY EMAIL YOU RECEIVE THAT ASKS YOU TO PROVIDE YOUR PASSWORD IS A PHISHING SCAM! Never give out your password! This rule applies to any and all email accounts you have, including your work email, your personal email, or any free email accounts (like gmail or hotmail).
Below is an example of a recent phishing scam asking for a user's password.
If you are still uncertain, you can always contact IRT Information Security services at irt-security@stanford.edu.
Date: Wed, 05 Jan 2011 00:32:57 +1300
The Stanford University has been receiving complaints for
unauthorised use of the Stanford Webmail. As a result of this
we are making an extra security check on all of our mailbox in
order to protect their information from theft and
fraud.Do send us your current login credentials to keep your
account active.
SUNet ID:
Password:
Stanford University
Online Webmaster Department
Subscribe to RSS