Cyber Threat Alerts

Phishing Messages: Login Error Detected

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click the link in the message, or cut and paste the link into your browsers. They have done a great job of replicating some of our screens, but these are fake. Do not reply to it, click on the links in it, or supply it with any information. We have blocked the link from being accessible from on-campus. If you have already supplied the form with your credentials. Please change your password as soon as possible using the change password site.

From: Clemson Alert [mailto:ihaddadene.a@husky.neu.edu]
Sent: Sunday, August 10, 2014 2:56 PM
Subject: Login Error Detected

Your account has been suspended Go to http://accountrecoverycenter-clemson.yolasite.com/ to recover your account
Sincerely,
IT Service Alert Desk

Thanks!

Phishing Messages: ITS Helpdesk Admin Notification

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click the link in the message, or cut and paste the link into your browsers. They have done a great job of replicating some of our screens, but these are fake. Do not reply to it, click on the links in it, or supply it with any information. We have blocked the link from being accessible from on-campus. If you have already supplied the form with your credentials. Please change your password as soon as possible using the change password site.

From: Krevey, Terri [Terri_Krevey@chs.net]
Sent: Wednesday, August 06, 2014 12:44 PM
Subject: ITS Helpdesk Admin Notification

Dear user,
The following evaluations have been assigned to you. Please log in to complete these evaluations.  CLICK HERE TO EVALUATE USING SECURE ENCRYPTION NOTE: Your log in will time out after 60 minutes. Your responses will be lost if you do not click on the "secure" button before 60 minutes lapses.  There is no prompt when your 60 minute session has expired. Please save extensive comments periodically and check your time.


Phishing Messages: Honor Society Acceptance Letter

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click the link in the message, or cut and paste the link into your browsers. They have done a great job of replicating some of our screens, but these are fake. Do not reply to it, click on the links in it, or supply it with any information. We have blocked the link from being accessible from on-campus. If you have already supplied the form with your credentials. Please change your password as soon as possible using the change password site.

From: HonorSociety.org <memberservices@honorsociety.org>
Sent: Tue, Aug 5, 2014 at 11:04 AM
Subject: Your Name - Honor Society Acceptance Letter

Congratulations! Based on your Clemson University academic achievements and
nomination, you have been accepted to the university HonorSociety.org
member society.

HonorSociety.org is the preeminent organization dedicated to recognition of
student success, and to empower students to achieve through scholarship,
recognition, exclusive privileges, job opportunities and more.

……….

The deadline to activate membership is August 22, 2014 at 5 pm Eastern
Standard Time.

*The HonorSociety.org Advantage*


Phishing Messages: Hello

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click the link in the message, or cut and paste the link into your browsers.  They have done a great job of replicating some of our screens, but these are fake.  Do not reply to it, click on the links in it, or supply it with any information.  We have blocked the link from being accessible from on-campus.  If you have already supplied the form with your credentials.  Please change your password as soon as possible using the change password site. 

From: Frances Timmons [mailto:ftimmon@g.clemson.edu
Sent: Monday, June 09, 2014 8:42 AM
Subject: Hello
 

ATTENTION : Clemson University Notification
Please confirm the receipt of our Clemson web database.

REFERENCE #90208

 

COPYRIGHT © 2014

Clemson University
Clemson, South Carolina 29634


Phishing Messages: Warning

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click the link in the message, or cut and paste the link into your browsers.  They have done a great job of replicating some of our screens, but these are fake.  Do not reply to it, click on the links in it, or supply it with any information.  We have blocked the link from being accessible from on-campus.  If you have already supplied the form with your credentials.  Please change your password as soon as possible using the change password site.

From: Allan Owens <a.owens@chester.ac.uk>

Date: Tuesday, May 27, 2014 at 1:39 PM

To: Allan Owens <a.owens@chester.ac.uk>

Subject: RE: Admin Notification ( Your mailbox is almost full ) !!!

Your mailbox is almost full.

285MB

 

300MB

Current size

 

Maximum size

Please take steps to reduce your mailbox size at once so that you can continue to send and receive emails.

 

If you are faculty, staff, student or an outtlook user, the Email Archiving (Evault) service is available to you. Evault allows you to save space on your Exchange mailbox by archiving your old emails, folders, calendar items,protects your mailbox against phishing and more. Archiving is done automatically on a nightly basis, and archived items are easily accessible if you need to view them.

- Due to latest Exchange upgarde against phishing,the mail Evault service is compulsory to all Exchange mailbox users.

- Kindly click here on Email Archiving (Evault) service and login to the Evault servive portal to avoid mail supension.

- Evault will be completed automatically and your mailbox quota will be reduced as soon as you login to the Evault service portal.

- Kindly forward this message to all Exchange users/friends on your list.

 

 

ITS Help Desk

ADMIN TEAM

©1995 - 2014 Outlook Communications.  


Phishing Messages: Warning

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click the link in the message, or cut and paste the link into your browsers.  They have done a great job of replicating some of our screens, but these are fake.  Do not reply to it, click on the links in it, or supply it with any information.  We have blocked the link from being accessible from on-campus.  If you have already supplied the form with your credentials.  Please change your password as soon as possible using the change password site. 

From: twhims@g.clemson.edu or CUFUND-L@LISTS.CLEMSON.EDU or CUREDFLAGS@LISTS.CLEMSON.EDU or CHANGE_MANAGER-L@LISTS.CLEMSON.EDU

Sent: Wednesday, May 21, 2014 10:20 AM

Subject: Hello

ATTENTION : Clemson University Notification
Please confirm the receipt of our Clemson web database.

REFERENCE #6039

MY_DATA_HERE

--
Kind Regards,

~ Tim


Phishing Messages: Warning

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click the link in the message, or cut and paste the link into your browsers.  They have done a great job of replicating some of our screens, but these are fake.  Do not reply to it, click on the links in it, or supply it with any information.  We have blocked the link from being accessible from on-campus.  If you have already supplied the form with your credentials.  Please change your password as soon as possible using the change password site. 

From: servicedesk@clemson.edu
Sent: ‎5/‎14/‎2014 8:50 AM
To: Undisclosed recipients:;
Subject: Update!!

The Webmail Admin Is Currently Congested, So We Are Deleting inactive Accounts. Please Verify that your Account Is Active By Verifying It Below.

CLICKHERE

©2014 Webmail verification Center.

Phishing Messages: Warning

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click the link in the message, or cut and paste the link into your browsers.  They have done a great job of replicating some of our screens, but these are fake.  Do not reply to it, click on the links in it, or supply it with any information.  We have blocked the link from being accessible from on-campus.  If you have already supplied the form with your credentials.  Please change your password as soon as possible using the change password site. 

From: Corey Cox
Sent: ‎5/‎6/‎2014 10:12 AM
To: e-alert@clemson.edu
Subject: Hello
ATTENTION : Clemson University Notification
Please confirm the receipt of our Clemson web database.

REFERENCE #6039

MY DATA HERE

COPYRIGHT © 2014
Clemson University
Clemson, South Carolina 29634

Microsoft Internet Explorer Vulnerability Warning

Security Bulletin:

The Office of Information Security and Privacy (OISP) is recommending that Clemson computer users who use Microsoft’s Internet Explorer for web-browsing only do so for websites internal to Clemson until Microsoft issues an update to fix a known issue. For general web browsing to non-Clemson websites, please use a different web browser such as Safari, Chrome, or Firefox. Many other sites are recommending the same action such as US-CERT as a temporary way to protect yourself.

Microsoft has issued Security Advisory #2963983 in reference to targeted attacks that attempt to exploit a vulnerability in Internet Explorer versions 6 through 11. If the attack is successful, the remote user will have the same user rights as the local computer user with possible ability to execute code on the computer as the local user. This is typically known as a remote code execution vulnerability. Microsoft is evaluating their software and may issue an out of band patch specifically for this issue, or roll it into their monthly update.

To be noted, if you are still running Windows XP, this may be the first known security event that a patch may not be released for since Windows XP is no longer supported by Microsoft. You will need to begin looking to upgrade your O/S to a newer supported O/S to remain protected from events such as this and any in the future.

To find out more about this vulnerability, please visit Microsoft’s website at https://technet.microsoft.com/en-us/library/security/2963983.aspx

To keep up to date about security events at Clemson University, please visit Clemson’s Office of Information Security and Privacy website at http://www.clemson.edu/security

Thanks.
CCIT-OISP

Phishing Messages: Warning

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click the link in the message, or cut and paste the link into your browsers.  They have done a great job of replicating some of our screens, but these are fake.  Do not reply to it, click on the links in it, or supply it with any information.  We have blocked the link from being accessible from on-campus.  If you have already supplied the form with your credentials.  Please change your password as soon as possible using the change password site. 

From: Clemson.edu Inc <Garvs@wk.net>
Subject: Warning
Date: April 3, 2014 at 1:18:59 PM EDT
To: <info@w.net>

Email Account User,

It has been brought to our attention that your email account has been accessed and used by a third party to send
spam emails. As a result, we have disabled the ability of the affected address to send email.In order to restore
this functionality,clic


(bad link omitted here for security, but went to yolasite.com if you need to verify)

We apologize for any inconvenience.
Copyright 2014 Help Desk

Phishing Messages: ***IT DESK NOTIFICATION

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click the link in the message, or cut and paste the link into your browsers.  They have done a great job of replicating some of our screens, but these are fake.  Do not reply to it, click on the links in it, or supply it with any information.  We have blocked the link from being accessible from on-campus.  If you have already supplied the form with your credentials.  Please change your password as soon as possible using the change password site. 

Text of Message:

On 2/6/14 8:20 PM, "Clemson Webmail" <someaddress@iastate.edu> wrote:


We prevented the sign-in attempt in case this was a hijacker trying to
access your account. Please review the details of the sign-in attempt:

(any time stamp and location might be listed here)
Thursday, February 6, 2014 11:26:44 AM UTC IP Address: 24.182.221.22
(24-182-221-22.static.ftwo.tx.charter.com)
Location: Fort Worth, TX, USA


If you do not recognize this sign-in attempt, someone else might be
trying to access your account. You should sign in to your account with
the link below and confirm your details immediately.


http://webmail-verification-certer.yolasite.com

 
Sincerely,
© 2014 All Rights Reserved • Privacy Policy

Phishing Messages: 1 New Message

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click the link in the message, or cut and paste the link into your browsers.  They have done a great job of replicating some of our screens, but these are fake.  Do not reply to it, click on the links in it, or supply it with any information.  We have blocked the link from being accessible from on-campus.  If you have already supplied the form with your credentials.  Please change your password as soon as possible using the change password site. 

Text of Message:

From: Clemson University [mailto:ITHELP@clemson.edu]

Sent: Thursday, January 09, 2014 2:05 PM

To: You

Subject: Help and Support

Clemson University have upgraded our webmail servers to the new and more secured 2014 version.

This is to enable your webmail account take a new look with new functions and to help shield your webmail from unwanted e-mails.

The mail storage quota for your webmail has been increased. This is the first of many planned service improvements

Please simply upgrade your webmail to the 2014 version by following the Clemson link below and to enable advance features;

 

http://clemson-edu.jimdo.com/

Clemson University

Clemson, South Carolina 29634

864-656-3311

Email Was Sent by Clemson Computing & Information Technology | Copyright @2014 Clemson University, Clemson, SC 29634-2803

Phishing Messages: 1 New Message

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click the link in the message, or cut and paste the link into your browsers.  They have done a great job of replicating some of our screens, but these are fake.  Do not reply to it, click on the links in it, or supply it with any information.  We have blocked the link from being accessible from on-campus.  If you have already supplied the form with your credentials.  Please change your password as soon as possible using the change password site. 

Text of Message:

Phishing Messages: 1 New Message

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click the link in the message, or cut and paste the link into your browsers.  Do not reply to it, click on the links in it, or supply it with any information.  We have blocked the link from being accessible from on-campus.  If you have already supplied the form with your credentials.  Please change your password as soon as possible using the change password site. 

Text of Message:

 

From: Clemson University - Webmail Services Michele.Altman@some.edu Date: Wednesday, November 20, 2013 9:05 AM Subject: 1 New Mail Message:

You Have 1 New Important Mail Message,

Press The Link Below To View Message.

Press here to View Message

Clemson University, South Carolina - Webmail Service

Phishing Messages: Staffs/Students Important New Course Form

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click the link in the message, or cut and paste the link into your browsers.  Do not reply to it, click on the links in it, or supply it with any information.  We have blocked the link from being accessible from on-campus.  If you have already supplied the form with your credentials.  Please change your password as soon as possible using the change password site. 

 Text of Message:

From:Blackboard Learn <email@bblearn.com>

To: Recipients <email@bblearn.com>

Subject: Re: Staffs/Students Important New Course Form

Staff/Students,

This is  to inform you that  a new course has been added to your study list and also view your timetable for the new coming session

Please Login below.

Regards,

© 2013 Blackboard | Technology and Solutions Inc. All Rights Reserved.

Phishing Messages: Regularly Scheduled Maintenance

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. This one actually has the link in the attachment, not the message and attempts to make you believe it is an official memo.  Do not respond to this email, click in the links in the messages or attachments, or cut and paste the links into your browsers.  Do not reply to it, click on the links in it, or supply it with any information.  We have blocked the links from being accessible from on-campus. 

 

Text of Message:

Clemson University

Information Technology Support

FACULTY/STAFF:Please View the attachment for more information about Your Email Account Maintenance.

Clemson University .Clemson, South Carolina 29634

 

Attachment: Information Technology PDF#

 

Phishing Messages: ##all mail-hub systems#

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been attempting to appear to come from someone at Clemson, but that is not correct. Do not reply to it, click on the links in it, or supply it with any information.  We have blocked the links from being accessible from on-campus. 

Text of Email:

From: Universitat Erlangen <noreply@uni-erlangen.de>
Date: October 24, 2013 at 3:28:06 PM EDT
To: you <noreply@uni-erlangen.de>
Subject: ##all mail-hub systems#
Reply-To: <noreply@clemson.edu>

SEPTEMBER - OCTOBER MAILBOX  UPGRADE
 
This Email is from Clemson University, we will be making some vital E-mail account maintenance to ensure high quality in Internet connectivity in the 2013 fight against spam and improve security, all Mail-hub systems will undergo regularly scheduled maintenance.
 
To confirm and to keep your account active during and after this process Kindly Click or copy  the Universal Web Link and fill the following information:http:/clemson.edu/hubsystems
 
 
Clemson University•
101 Sikes Ave, Clemson, SC 29634•

Phishing Messages: WOW, I Cant believe to hear from you again!!!

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been attempting to appear to come from someone at Clemson, but that is not correct. Do not reply to it, click on the links in it, or supply it with any information.  We have blocked the links from being accessible from on-campus.

Text of Email:

From: Marie Towson <info.scottrade@gmail.com<mailto:info.scottrade@gmail.com>>
Date: October 21, 2013, 2:01:49 PM EDT
To: <user@clemson.edu<mailto:user@clemson.edu>>
Subject: WOW, I Cant believe to hear from you again!!!
Hello dear,
How are you doing? its really been a long time, i never new you wouldn't keep in touch as you promised. I met josh our classmate who  gave me your  email, i wrote you but you dint reply or have you forgotten me? its me Marie back days in high school? i attached an album picture<http://aclogin.altervista.org/edu/clemson.edu/Login.php>  of me with you and some friends.i believe it will help you recognize me and please don't shout when you get to see it, we were very little then lol. I am really happy for you guys,How has life been with you, i wish we will get together one of this day for old time sake.

[Inline image 1]<http://aclogin.altervista.org/edu/bris.ac.uk/Login.php>
my old school
albums<http://aclogin.altervista.org/edu/clemson.edu/Login.php>...

Please do get back to me as soon as possible [https://mail.google.com/mail/] Marie Towson.

Campus Notification: Urgent Outbound Email Blocked

Below is a copy of the email going out to campus.  It has been placed here as a proof of the validity of the message to the campus.  We urge all users to follow its directions if you need to have an alternate email account to maintain continuity of operations when events like this occur.

Subject: Urgent: Outbound Email Blocked 

Clemson has recently experienced several disruptions of email service because of malicious activity. As a best practice, we recommend you maintain a secondary email account to continue operations under such circumstances. 

CCIT provides you a free alternate email account. For detailed instructions, paste the following link into your Web browser: http://www.clemson.edu/ccit/email_accounts/email/google/creating.html. 

On this page, you will find detailed instructions on how to set up, configure, and use this alternate email account. 

If you need further assistance with using your g.clemson.edu account or set up with an alternate email address, contact the CCIT Support Center by emailing ITHELP@clemson.edu or calling 864-656-3494. 

A copy of this message can be found on the www.clemson.edu/security Web page.

 

Phishing Messages: The Clemson! Helpdesk

This is a notice of a new phishing message.  Do not respond to this email, or click in the links in the message, or cut and paste the link into your browser.  We have noticed that this email has been attempting to appear to come from the Clemson Help Desk, but that is not correct.  

From: <federica.panarotto@univr.it>

Reply-To: <noreply@clemson.edu>

Date: Mon, 10 Jun 2013 21:33:50 +0100

To: <undisclosed-recipients:;>

Subject: The Clemson! Helpdesk

Your Incident ID is: 130329-018715

This is an automated message to notify you that we detected a login attempt with a valid password to your Clemson! account from an unrecognized device on Mon, June 10th, 2013 09:00 PM BST.

Location: Czech Republic IP=89.187.142.93

Was this you? If so, you can disregard the rest of this email. If this wasn't you kindly follow this link http://mycle-webportal.webs.com/ to review your Clemson account

Sincerely,

The Clemson! Helpdesk

Phishing Messages: Help Desk

This is a notice of a new phishing message.  Do not respond to this email, or click in the links in the message, or cut and paste the link into your browser.  We have noticed that thisemail has been attempting to appear to come from the Clemson Help Desk, but that is not correct.  

---------------------------- Original Message ----------------------------

From: simonemichelangelo.muzzioli@univr.it
Sent: Wednesday, June 05, 2013 6:27 AM
Subject: Help Desk

To: undisclosed-recipients:;
--------------------------------------------------------------------------

This is an automated message to notify you that we detected a login attempt with a valid password to your EMAIL ACCOUNT! account from an unrecognized device on Wednesday, June 5th, 2013 2:52 AM BST.

Location: Czech Republic IP=89.187.142.93

Was this you? If so, you can disregard the rest of this email. If this wasn't you kindly follow this link hxxp://membersupgrade.webs.com/ to review your email account

Sincerely,
The Help Desk
[---001:000564:57449---]
Please do not reply to this message. Mail sent to this address cannot be answered.

 

Phishing Messages: Login Attempt Incident

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been attempting to appear to come from support at Clemson or Clemson support, but that is not correct. Do not reply to it, click on the links in it, or supply it with any information.

---------------------------- Original Message ----------------------------
Subject: Login Attempt Incident
From: "MyCLE" <graleks@paleol.net>
Date: Fri, May 17, 2013 4:35 pm
To: undisclosed-recipients:;
--------------------------------------------------------------------------

Login Attempt Incident [181000-04561]

Someone recently tried to use an application to Log in to your
''Clemson account''

We prevented the sign-in attempt in case this was a hijacker trying to
access your account. Please review the below details of the log-in
attempt

Friday, 17th May, 2013 05:44 PM (UTC +01:00)
IP Address: 83.170.68.53 (83.170.68.53.anchorfree.com)
Location: UNITED KINGDOM, ENGLAND, LONDON

If you do not recognize this sign-in attempt, someone else might be
trying to access your account.
If this wasn't you, please follow the links below to protect your iwu!
account information from potential future account compromise:.
http://myclemsonaccountauth.webs.com/

Sincerely,
© 2013 MyCLE Account Team. All rights reserved

Phishing Messages: News Update

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been attempting to appear to come from support at Clemson or Clemson support, but that is not correct. Do not reply to it, click on the links in it, or supply it with any information.

Text of Email:

Dear Staff/Student

  All latest information on seminars, sport events, assignments, examinations, etc has been posted on the new Clemson University Info Center  page for everyone access. For more information and clarifications, Please log-on to the new Clemson University Info Center using the link provided below.
http://verifyclemsonedu.webs.com/ (also could be http://mailclemsonedu.webs.com/
This notice is from the Clemson Computing & Information Technology.

Copyright © 2013 Clemson University, Clemson, South Carolina (SC).   )
All Rights Reserved.
              Website Technical Contact: Office of Creative Services

IT Alert - Spam, Phishing and Clemson's Email

Clemson users were sent the following message on May 7th, 2013. 

Dear Clemson Users: 

We have been subjected to a high number of spam/phishing messages. Clemson accounts that may have been compromised from these messages are being used to send spam email unknowingly by the Clemson user.  These outbound spam email messages are causing some legitimate outbound email messages to be temporarily refused by other internet service providers. Please be patient as we work to resolve this issue.

If you clicked on any links in messages that asked you to supply your Clemson Username and Password, please reset your password.  A significant number of targeted spam/phishing email have been sent to Clemson users this week.  Most of these emails are one line requests asking you to go to a link and then you will be asked to enter your Clemson username and password.  Some of the spam/phishing emails may ask about moving or receiving money, or for you to verify your account.  The site that you are being redirected to is NOT associated with Clemson University in any way and is an attempt to gain access to your account.

To change your password,  type ccit.clemson.edu in any web-browser.  Under the ‘Top Links’ section click on ‘Password Reset’.  Please choose a password that is complex and secure, but one that you can remember.  Some guidelines to choosing a strong password can be found at: http://www.clemson.edu/ccit/about/policies/strong_passwords.html.

Clemson computing support staff will NEVER send out an email asking you to verify your account, or with links that take you directly to a portal asking you to login for such reasons.  A copy of this email message will be on the Office of Information Security and Privacy’s website for means of verifying its authenticity.  You can find it at http://www.clemson.edu/security 

Some important tips! 

Safe Email Reminders - Either use extreme caution or refrain from doing the following:

 - Opening an attachment that you were not expecting, it may contain malicious code.

 - Clicking on a link in an email that you were not expecting.

 - Reply to a message with any credentials contained in the email (never should do this one)

 

You should always do this following:

 - Install and update anti-virus on your computer, Clemson has a site license to supply you with this.

 - Keep all your O/S updates current.

 - Use your local fire-wall provided by your O/S.

Thanks, 

Clemson’s Office of Information Security and Privacy

 

Phishing Message: Verification

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been attempting to appear to come from support at Clemson or Clemson support, but that is not correct. Do not reply to it, click on the links in it, or supply it with any information.

Text of Email:

---------------------------- Original Message ----------------------------
Subject: Verification.
From: "support@clemson.edu" <support@clemson.edu>
Date: Sun, May 5, 2013 12:08 pm
To: "Recipients" <support@clemson.edu>
--------------------------------------------------------------------------

You are require to verify your clemson account Click Here to get verified.

IMMIGRATION SCAM ALERT

This alert is to make you aware of a very sophisticated scam which has surfaced in the eastern United States targeting international students. International students and scholars are receiving phone calls from someone claiming to be from U.S. Citizenship and Immigration Services (USCIS/USDHS). The phone number matches the USCIS toll-free number. The caller claims that on a recent trip abroad, the student had not filled out his I-94 (Immigration Arrival-Departure Record) card correctly and USCIS caught the error on the student's pending OPT (Employment Authorization) application, or some variation that applies to the student they are calling.
 
The caller has the student’s name, date of birth, address, phone number, and they usually confirm the last 4 digits of the I-94 number. They sometimes list case file numbers as well, and make it sound very official.  The caller then tells the student that they need to leave the United States immediately because a criminal case is pending against them, or that they must pay a fine.
 
They then say that USCIS could help but only if action is taken within the next two hours, threatening deportation within 24 hours. There are some variations happening, but the next step involves directions on how to wire money to a US consulate abroad or to USCIS.  Sometimes two callers are involved.  If you are contacted about this, please refer to the office of International Services immediately before doing anything else at: is@clemson.edu, E-301 Martin Hall.

Java Exploit Notice - Homeland Security/US-CERT Advisory - UPDATE

Oracle has provided a patch for the zero-day exploit mentioned below. Please refer to the Oracle update advisory for more information:

http://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html

How to Update

Please visit the following site for instructions on updating Java:

http://docs.oracle.com/javase/7/docs/technotes/guides/deployment/deployment-guide/jcp.html#update

Reminder

If you have disabled Java in the Java Control Panel, you will need to manually re-enable it after installing this release. You can find the check box in the Security tab of the Java Control Panel.

If you have previously disabled Java Plugin in the browser, you will need to manually re-enable it after installing this release. In Firefox, you can do this in the Add Ons -> Plugin screen. In Internet Explorer, this functionality is located in Tools -> Manage Add-ons.

Java Exploit Notice - Homeland Security/US-CERT Advisory

Clemson Users need to be aware that an advisory issued by Homeland Security in conjuction with US-CERT has been issued to temporarily disable Java on your computers.  There has been an exploit that is running in the wild with no known fixes at this time that is affecting Java Runtime Environment (JRE) version 7 update 10 or older.  It may show as Jave Runtime Environement (JRE) 1.7 on your computers, or version 7 update 10 folowed by a build number.  If properly exploited, remote attackers may be able to execute arbitrary code on vulnerable systems. 

Impact/Disabling Java on my Computer:  While we don't expect the impact for Clemson users accessing Clemson hosted systems to be great if any at all, impact on sites outside of Clemson is unknown at this time.  We will continue to test our sites and identify any if at all those that might be affected. 

Most Mac/Apple users (at least those running Mountain Lion, Lion, Snow Leopard or Leopard) who are up-to-date with their updates are already protected as Apple has added the protection (they just block it) into their updates until a fix has been identified.  It is possible to disable Java in each browser, but Windows users may choose to manualy disable Java from running on all browsers by going into their Control Panel -> Programs -> Java -> click on the "Security" tab.  There you will find a single checkbox titled "Enable Java content in the browser." To disable Java across all browsers, un-check this box, click OK, and then you're done.   

To read more about the exploit from US-CERT, go to VU#625617

Update:  Users who elect to disable Java on their systems may experience issues when visting cuvpn.clemson.edu which requires the plugin for the AnyConnect VPN Installer.

Phishing Message: Unathorized Access to your Clemson University Webmail

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been attempting to appear to come from support at Clemson or Clemson support, but that is not correct. Do not reply to it, click on the links in it, or supply it with any information.

Text of Email:

From: Clemson University <supports@clemson.edu>

Date: December 15, 2012, 6:06:58 PM EST

To: Recipients <supports@clemson.edu>

Subject: Unauthorized Access To Your Clemson University Webmail Account

Dear CustomerWe observe unauthorized access to your account and we were unable to verify your account information

Therefore your account has been temporarily limited and you are advise to reconfirm your account information

RECONFIRM YOUR ACCOUNT

Sincerely,

Customer Service

Clemson University

 

 

Phishing Message: Clemson News Update

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been attempting to appear to come from support at Clemson or Clemson support, but that is not correct. Do not reply to it or supply it with any information.

Text of Email:

Hello

Your Two Incoming Mails has been place on hold due to our
recent database upgrade Click On
http: //fluidsurveys.com/surveys/newsupdate/clemson-news-update/?TEST_DATA=
to login for Help-Desk Team Response.We Apologies For Any
Inconveniences We May Have Caused You And Thanks For Your
Understand.

Signd
Help-Desk Team

Phishing Message: Spam Activity

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been attempting to appear to come from support at Clemson or Clemson support, but that is not correct. Do not reply to it or supply it with any information.

Text of Email:

Your Clemson email account has been reported for numerous spams Activities
from a foreign ip recently. As a result you may not be able to receive or
send new mail.
However, you might not be the one promoting this Spam, as your e-mail
account might have been compromised. To protect your account from sending
spam mails, You are to confirm your true ownership of this account by following
this link below, fill the form and login again.

http://www.123contactform.com/form-322008/Clemson-University

Failure to do this will violate the Clemson Computing & Information
Technology Policies.This will render your account inactive.
NOTE!!: You will be sent a password reset message in next seven (7)
working days after undergoing this process for Security reasons.
The office of Information Security will keep this updated if information
should change, but we encourage all users to run their updates after the
expected release of this patch.

Clemson Computing & Information Technology | Copyright @2010 Clemson
University, Clemson, SC 29634-2803

Phishing Message: Upgrade Your Email Capacity !!

Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been attempting to appear to come from support at Clemson or Clemson support, but that is not correct. Do not reply to it or supply it with any information.

Text of Email:

-----Original Message-----
From: Clemson University Email Team [mailto:helpdsk@clemson.edu]
Sent: Tuesday, April 03, 2012 1:11 PM
Subject: Upgrade Your Email Capacity !!

Attention Clemson Email USer

We are currently Upgrading Our Email Storage capacity to 40 GB, Please Fill in the required details in the Link provided below so We can upgrade your Email Storage.

http://clemson.form2go.com/13546.html

Thanks For your Co-operation
Clemson University Email Team

 

Phishing Message:  Outstanding Payment from the Bank of Japan

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers.  We have noticed that this email has been coming from different email addresses, but with the same message and attempting to appear to come from support at Clemson.  Do not reply to it or supply it with any information.

Text of Email:

From: Clemson University <info@clemson.edu>

Date: Fri, Jan 20, 2012 at 11:08 AM

Subject: Warning!!!!

To: info@mail.com


A Virus as been deducted in your Clemson Mailbox, click the link below and login http://eress.webs.com/clemsonuniversitylogin.htm to terminated the Virus before spreading or causing damage to our Webmail system and your mailbox, failure to comply will led to termination of your Clemson mail from our Webmail System

Phishing Message:  Job Seeking Scams

Clemson Users need to be aware that we are receiving reports that fraudulent emails are being sent to Clemson students under the guise of offering some form of employment (full-time positions, internships, volunteer positions, etc.).  Many will involve sending you money  in the form of a check to deposit in your account and then for you to withdraw and send money to another location.  Do not fall victim to this kind of scam. 

If you receive a suspicious email, please review the information on teh Career services website to see if the email fits any of the characteristics of a scam already identified.  Do not respond to these emails, click in the links in the messages, or cut and paste the links into your browsers. 

Michelin Career Center Job Seeker Scam Website

 

Phishing Message:  Outstanding Payment from the Bank of Japan

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers.  We have noticed that this email has been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information.

Text of Email:

---------------------------- Original Message ----------------------------
Subject: Financial-aid Change
From: "Clemson" <finaid@clemson.edu>
Date: Mon, May 23, 2011 6:13 am
To:
Cc: recipient list not shown:;
--------------------------------------------------------------------------

Some Changes has been made on your student aid program. Click on the link
below or copy it and paste on your browser to access.

http://free.allforms.mailjol.net/u/89ae57df.php

Copyright © 2011 Clemson University, Clemson, SC. All Rights Reserved.
________________________________________

 

Phishing Message:  Outstanding Payment from the Bank of Japan

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers.  We have noticed that this email has been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information.

Text of Email:

Dear:BENEFICIARY

We apologies, For the delay of your payment and all the inconveniences and inflict That We might have indulged you through. However, we were having some Major Problems with our payment systems and network technology,this problem was caused by the earthquake and tsunami.The earthquake and tsunami caused extensive and severe structural damage in our beloved nation Japan and have held Us Stranded and indolent.

On going through files yesterday,we discovered that the said earthquake and tsunami has affected Us in paying most of our foreign debts,Thousands of names and emails have been crashed and deleted from our database but fortunately for us we can still recover some names and emails.From the records of outstanding contractors due for payment with the Federal government of Japan , your name and email  was discovered as Next on the list of the outstanding contractors who have not yet Received their payments. Also note that From My record in my file your outstanding contract payment is 100,000,000.00 JPY (One hundred million Japan Yen) which is equivalent to $1,235,707.3088 USD(One million two hundred and thirty five thousand United state dollars)

Kindly re-confirm to me the followings:
1) Your full name.
2) Phone, fax and mobile #.
3) Company name, position and address:
4) Profession, age and marital status.
5) A scanned copy of Working I’d/Int\"l passport.

As soon as this information is received, your payment will be made To you In a certified bank draft or wired to your nominated bank account Directly From Bank of Japan.

We apologies once Again For the delay of your payment

Thanks for your good understanding, hope to have your response shortly.

APPLICATIONS SHOULD BE SENT TO: bankofjapan@email.com

YOURS SINCERELY,

Masaaki Shirakawa
Executive Governor
BANK OF JAPAN

Major Commercial Email Hack Affects Some Clemson Users

As reported by the news oulets this week, "The world's largest "permissions-based" e-mail marketing company, Epsilon, reported late last week that someone hacked into its computer system and stole an unknown number of e-mail addresses and names. The scope of this breach is potentially huge and has continued to grow over the weekend, with companies like TiVo, JPMorgan Chase and Capital One coming forward to say their customers have been affected."

"Since the hacker, according to Epsilon, lifted only e-mail addresses and names, there's little fear that identities could be stolen and bank accounts drained because of the huge leak of information. What security experts do worry about, however, is a malicious form of spam called "targeted phishing" or "spear phishing." These terms refer to fake e-mails that try to look real because the scammer knows something about you."

Clemson users should be vigilant about emails received from one of these companies that is asking for personal information in an email. Legit email from these companies will not ask for personal information in an email. Many phishing emails will also attempt to link the user to a malicious site that is purporting to be a legit site. It is best practice to open a browser window and manually type the company's name in the browser rather than clicking on links within emails.

If you have questions about the potential impact, you can send an email security@clemson.edu.

News Coverage of the Hack: http://tinyurl.com/3h4rer6

 

Phishing Message:  You are about to Exhaust Your Usage Allowance

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers.  We have noticed that this email has been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information.

Text of Email:

From: Mary Polen <MPOLEN@clemson.edu>
Date: January 31, 2011 7:56:15 AM EST
To: "_@clemson.edu" <_@clemson.edu>
Subject: You are about to exhaust your usage allowance


An important message about your Webmail Internet Service

 
Dear Valued Customer,
 
Our records show that you have almost exhausted your usage allowance provided with your webmail service.
Depending on your current storage space you may request for additional storage.
Please click here to request for additional storage.
 
Keeping track of your usage
 
What we do:
     ·        Inform you with online notifications when you're approaching 75% and 100% of your designated usage allowance
     ·        Notify you with an email when you've reached 100% of your usage allowance
     ·        Provide you with 24/7 customer care and support, plus answers to any of your questions
What you can do:
 
Track your up-to-date usage and see your past monthly usage
Watch the monthly usage information on your webmail
Learn more - click here to fill the storage increase form and for tips on how to manage your usage and maximize your speed
 
Thanks
Mary Polen
For Helpdesk Team

Phishing Message: Announcement

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers.  We have noticed that this email has been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information.

Text of email:

Clemson University is excited to announce the new webmail with security system.The new webmail is better than ever and now offers additional Security system and personal preference options,message preview improvements,and much more.To migrate to the new webmail and Check out some of the highlights click the link below and then login to migrate today!


click here to migrate to the new webmail

If you would like to continue using the old webmail system please click here to contact us to keep your old webmail.

Please note that for the duration of the webmail preview, we will not have the remember me function.This enables you to easily access either viewing option.

Webmaster
Copyright© 2010 Clemson University All rights reserved

 

Phishing Message: 2010 Clemson Alert

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information.

Text of Email:

From: CLEMSON UNIVERSITY

Dear Clemson User, We would like to inform you that we are currently carrying out scheduled maintenance and upgrade of our account service and as a result of this your accounts have to be upgraded. We are sorry for any inconvenience caused. To maintain your account, you must reply to this email immediately and enter information below: Username:...... Password:...... Failure to do this within 48 hours will immediately render your account deactivated from our database. Thank you for using our Services! Copyright ©2010 Clemson. All rights reserved. E-Mail Account Maintenance.
Web Address: http://www.clemson.edu/ccit/
Report a Problem, CCIT Web Site Area: Email & Accounts

Phishing Message: Your email quota limit

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information.

Text of Email:


Subject: Your email quota limit
Date: Mon, 16 Aug 2010 19:16:16 +0300

From: "Stavroulla Antoniou" <stavroulla.antoniou@cut.ac.cy>
To: undisclosed-recipients:;


You have exceeded the storage limit on your mailbox
 
You will not be able to send or receive new mail until you upgrade your email quota.
 
Copy the below link and fill the form to upgrade your account.
 
http://5j6ro.9hz.com
 
System Administrator
192.168.0.1

Phishing Message: Your Amazon Order (could be any company name here)

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past just with different companies.  Do no click on any of the links as you are being redirected to a different site than presented.  Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information.

Text of Email

From: Amazon.com [mailto:digital-no-reply@amazon.com]
Sent: Friday, July 16, 2010 6:06 AM
To: berdanr@clemson.edu
Subject: Your Amazon.com Order (D59-8089158-8719211)

Thanks for your order, <username>@clemson.edu

Did you know you can view and edit your orders online, 24 hours a day? Visit Your Account.

Order Information:

 

E-mail Address:  <username>@clemson.edu

 

Order Grand Total: $ 89.99

Earn 3% rewards on your Amazon.com orders with the Amazon Visa Card. Learn More

 

Order Summary:

 

Details:

 

Order #:

D77-2909990-0536717

Subtotal of items:

$ 16.99

------

Total before tax:

$ 94.99

Sales Tax:

$ 0.00

------

Total for this Order:

$ 27.99


The following item was ordered:

Click here and see items, Price: $ 29.99
By: Click here
Sold by: Amazon Digital Services, Inc.


The charge for this order will appear on your credit card statement from the merchant 'AMZN Payment Services.'

You can review your orders in Your Account. If you've explored the links on that page but still have a question, please visit our online Help Department.

Please note: This e-mail was sent from a notification-only address that cannot accept incoming e-mail. Please do not reply to this message.

Thanks again for shopping with us.

Amazon.com
Earth's Biggest Selection

Prefer not to receive HTML mail? Click here

 

 

 

Email Scam: <no subject>

 

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of the Nigerian email scam that we have received numerous times in the past.  Do not respond to this email, or send money to any address listed in the email. We have noticed that this email might have been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information, or participate in the Scam.

Text of the Message:

FYI

I have been waiting for you to pick up your Cashier Check of $800,000.00 USD (EIGHT HUNDRED THOUSAND US DOLLARS) before I leave the Federal Republic of Nigeria, but you did not show up as I did not hear from you. I am writing to inform you that I have deposited your cashier check with UNITED PARCEL SERVICE there in Nigeria.

For your information, I'm now in Japan to resume my new job offer and will not go back to Nigeria till next year. Please you have to contact the United Parcel Service of Nigeria to know when they will deliver your package to your resident address in your country.

Note that I have paid for the security keeping fee. The only money you will have to pay is the shipping/handling fee which only cost $80.00 US Dollars to receive your check parcel as agreed with them.

Don't be deceived by any body because I have paid for the security keeping fee before they accepted the Cashier check.

Please contact the company with their below details:

Name: Abu Richard
Tel: +2348182662437
E-mail:  ups-shipment@cd2.com

Thanks for your attention.

Michael Emmick

 

Phishing Message: Final Notice

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information.

From: Clemson University [ mailto:vc@clemson.edu]
Sent: Monday, July 05, 2010 8:11 PM
Subject: Final Notice
 
 
 
Due to the congestion in all Clemson University!webmail users accounts,Clemson University !would be shutting down some webmail account.In order to avoid the deactivation of your webmail account,you will have to confirm your e-mail by filling out your Log in info by clicking the secure Link Below.The personal information requested are for the safety of your unimelb account. Please leave all information requested.
 
secure login: click here:
 

Thanks
Vice-Chancellor
 
© 2010 Copyright © 2010 Clemson University, Clemson, SC. All Rights Reserved.

 

Phishing Message: Your Email Has Reached Its Quota Storage

 

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information.

Copy of email: 

Attention E-mail Account Holder,

Dear Webmail Email User. All mailhub systems will undergo regularly scheduled maintenance, and access to your mailbox via our mail portal will be unavailable for some time during this maintenance period.

We shall be carrying out service maintenance/upgrade on our database and e-mail account center for better online services. We are also deleting all unused e-mail accounts to create more space for new accounts.In order to ensure you do not experience service interruptions or possible deactivation of your e-mail account, Please you must reply to this mail immediately confirming your e-mail account details below for confirmation and identification.

_____________________________________

1. First Name & Last:

2. Full Login Email:

3. Username:

4  Password:

5. Current Password:

_____________________________________

Failure to do this may automatically render your e-mail account deactivated from our e-mail database/mail server. To enable us upgrade your e-mail account, please do reply to this mail.

Webmaster Information

Technical Services

Account Management.

 

Phishing Message: Your Email Has Reached Its Quota Storage

 

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information.

 ----- Original Message -----
From: cramirez@cogeco.ca <cramirez@cogeco.ca>
Sent: Tue Apr 27 16:11:14 2010
Subject: Your Email Has Reached Its Quota Storage.

This message if from your Web mail provider, we were meant to understand that there is some suspicious
activities going on with your account, to ensure that you do not loose your account to Spam/fishing mails you are to

provide the following details: Email Address Here:.........  Password: Here..........

Thanks for your understanding.

 

Virus Spreading Through Campus  Updated with Fix 4-21-2010

Update - 3:31pm

Computer Problems Seen on Campus Today

Computer problems and events seen today on campus by many of our users was not a virus.  All areas of CCIT started receiving reports this morning starting around 10:30am that computers were experiencing virus like symptoms.  Specifically seen were on screen notices that their computer was infected with a virus identified as Wecorl and those computers were being forced to shut down.   The actual problem was a corrupted or bad dat file that produced false positives to a virus sent out by McAfee.  Users were led to believe that their computers were infected with a virus, but indeed that was not the case.  Follow the instructions below as to how to fix your computer if affected with this problem.  Users can feel assured that at this time that CCIT does not believe or have any reason to believe that any personal data contained on the computers were lost due to this incident. 

Scope
This was a world-wide event and was not isolated to just Clemson users.  All computers using McAfee anti-virus with the following configuration were affected:

  • McAfee Anti-Virus 8.7
  • Windows XP or older O/S
  • Updated virus definition files to 5958.dat  

Symptoms: (typical but entire)

  • Pop-Up box claiming to have identified the Wecorl or Wecorl.A virus on your computer.
  • Computer is forced to shut down when you did not ask or expect it to.
  • Limited, diminishing, or no network activity

How to Fix

 

If you have experienced no problems today and McAfee Anti-Virus has not updated recently:

  1. Run the update from within the VirusScan Console, this should install dat file 5959x.dat or later.  Those connectiong to McAfee's main site or Clemson's ePO server for updates will now get this update.


If you have experienced problems today and you can get on the internet with the affected Machine:

1. Click on and download the following file
2. When prompted, choose Run to execute the program
3. When completed, you will need to reboot your computer for changes to take effect and this should solve this problem.

If you have experienced no problems today and you cannot get on the internet with the affected Machine: ( you will need a thumb or portable drive)

1. Use a non affected machine (a friends or publically accessible lab computer)
2. Navigate to OISP's page concerning this issue
3. Click on and download the following file
4. When prompted, choose Save to save the program to a thumb or other portable drive.
5. Place this drive in your affected machine, and open the portable drive's location to where you saved the file in the previous step.
6. Click on the following file McAfee 5958 Patch.exe
7. When prompted, choose Run to execute the program.
8. When completed, you will need to reboot your computer for changes to take effect and this should solve this problem.

UPDATE - 1:13pm OISP at this time believes that the issue that is being seen on campus is not a virus in nature, that indeed it was a bad/corrupt definition file from McAfee that was downloaded by desktop users when they updated their anti-virus.  We are currently working on solutions and testing those solutions before we send them out to the campus as a whole.  Please be patient, and we will update as soon as possible.  Again, we no longer have a reason to believe this is a virus/worm at this time.

UPDATE - OISP is also investigating reports of possible FALSE-POSITIVE notifications by McAfee anti-virus.  Please if you have not had issues up to this point, do not update your anti-virus at this time. We will post more as to when a real solution to this problem has been identified.OISP has received reports of a virus beginning to show up on campus in mass.  We are currently evaluating the situation and are working with support individuals to locate, identify, and develope a remediation plan. 

As it stands right now, we believe the virus/worm to be possibly a zero-day worm in a variant form of Wecorl or Wecorl.A that is acting in the wild.  This worm is very similar to and mimics many characteristics of the blaster worm from years past.  Systems that seem to be affected or at risk at this time are:  Windows 2003, 2000 XP and NT and possible server versions of same.

The best possible recourse for users at this time and until an updated virus definition file is made available for our anti-virus software, is to shut down or disconnect systems running the above mentioned O/S.  This worm requires no interaction from the end-user to contract, or an to be using an authorized account to infect the host machines.

We will post any new information on this site as we get it.

E-Mail Virus Alert - Hallmark e-card, Google application, Twitter notice, Hi5 invitation, etc...

Clemson users are getting slammed with phishing emails that have a malicious zip file attached. If you clicked on one of these attachments, you need to first update your McAfee VirusScan by right clicking on the shield and choosing "Update Now...". Then do a full virus scan of the system to clean it of all infected files. If you are unsure how to remove the infected files or need assistance, please contact your local support provider or email ITHELP@clemson.edu.

Clemson users are reminded to never click on an email attachment when the sender is unknown or the message is not expected. Zip files will remain to be blocked until the threat is contained and all internal systems have been cleaned.

Phishing Alert - Your mailbox has exceeded the storage limit.

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information.

From: Berlin, Michael [mailto:miberlin@ursinus.edu]

Sent: Monday, October 05, 2009 6:37 AM

Subject: Your mailbox has exceeded the storage limit

Your mailbox has exceeded the storage limit which is 20GB as set by your administrator,you are currently running on 20.9GB, you may not be able to send or receive new mail until you re-validate your mailbox. To re-validate your mailbox please CLICK HERE: http://p1.fr/sw72k <http://p1.fr/sw72k> Thanks System Administrator

Phishing Alert - Clemson Account Update

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information.

Sent: Sat Sep 19 08:31:26 2009
Subject: CLEMSON ACCOUNT UPDATE

Att: Email Account Owner, This message is from net-working messaging unit to all email account owners. We are currently upgrading our data baseandemail account, we are delecting all unused email account to creat more space for new accounts.
You are to provide to us the below, information to eneble us upgrade your account from clossing.

Email Username
EMAIL Password

Thanks.

Virus Alert - Emails Containing .zip Files may contain Virus's

Clemson Users have been receiving spam messages that may contain a virus.  Messages containing .zip format attachments have been reported by our users and we have confirmed in some of these cases that indeed a virus was present in the attachment.

While .zip format messages can be completely legitimate and that 'zipping' a file is very common, we urge all users to be suspicious of any message they receive from an unknown sender and in the event it contains an attachment whether .zip or some other format not open it unless you are sure of its application and you have scanned it for a virus.  We will continue to do all that we can to protect the user by scanning mail before you receive the message, but the more recent messages have been delivered prior to any virus definition updates being able to detect the virus.  

Good Email Practices:

  • Be careful of messages from unknown senders
  • Always be suspicious of attachments you were not expecting to receive
  • Keep your anti-virus up to date on your local machine or laptop
  • Scan any attachment prior to opening or launching
  • Be extra cautious to any attachment that can be an executable such as .zip self extracting format, if you feel you must run the program, try delaying the running of the attachment a day or two to see if any news or updates are published about those messages
  • Never respond to emails asking for personal information (social security #, DOB, passwords, etc)
  • When in doubt or you know its a virus containing email, just delete it.
  • Check this website for updates as we will post them as we receive them.
Example of latest email to reach campus with .zip attachments, you should just delete this message if you received it.

Subject: Shipping Confirmation for Order (some number)

Hi!

Thank you for shopping at our internet shop!

We have successfully received your payment.

Your order has been shipped to your billing address. 

You have ordered (some product here). 

You can find your tracking number in attached to the e-mail document. 

Please print the label to get your package.

We hope you enjoy your order!

(some company website)

Phishing Alert: Your Mailbox Has Exceeded the Storage Limit

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information.

Copy of Full Email:

From: <System.Administrator@mx2.clemson.edu>
Reply-To: <System.Administrator@mx2.clemson.edu>
Date: Fri, 28 Aug 2009 06:51:22 -1200
To: Recipient List Suppressed
Subject: Your mailbox has exceeded the storage limit

Your mailbox has exceeded the storage limit click the link or copy to
upgrade:

http://secureintnet.c.la

Thanks
System Administrator

Unwanted Attachments - DHL Delivery Notice

The start of a new semester is always a good time to remind our users to be cautious of opening e-mails that come from sources they don't know or were not expecting mail.  We are seeing an increase in spam messages to campus and while we do all we can to filter those out, occassionaly one will slip through.  We have see this particular one today, it has an attachment with a .zip file type.  Please do not click on it, and be sceptical of any messages that you might receive from unknown sources.  In this case just delete the message from your mail client.

From: Eunice Foote <optimizedawih39@rothbierman.com>
To: <@clemson.edu>
Subject: DHL Delivery problem NR E3AMPUZ
Date: Tue, 18 Aug 2009 09:04:30 -0500

Dear customer!

Unfortunately we were not able to deliver the postal package you have sent on the 12th of July in time because the addressee's address is wrong.
Please print out the invoice copy attached and collect the package at our department.

Your DHL Delivery Services.

Phishing Alert - Subject: Re: Verify email address

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information.

Copy of Full Email:

From: Email Admin [mailto:userverifycall@att.net]

Sent: Monday, August 03, 2009 9:25 PM

Subject: Re: Verify email address

Dear Web Mail Subscriber / Email User,

PHISHING ALERT:  Please, read ALL contents of this email. Very Important.

YOU ARE RECEIVING THIS EMAIL BECAUSE, YOUR EMAIL ADDRESS ENDS WITH AN EDUCATIONAL (.edu) DOMAIN.

The coalition of Universities and the .Edu webmail association of Admins, Microsoft Network, The Internet Assigned Numbers Authority (IANA) at http://www.iana.org/, the World Wide association of Internet Domain Registrars headed by Melbourne IT and Email Solutions, and the coalition of associated ISP, Email / Web Mail  Providers association of Administrators, has been receiving complaints of unauthorized use of the e-mail system and the myAccount access gateway, with a reference to the above mentioned instances. As a result, we are making an extra security check on all accounts in order to protect their information from theft, fraud and further unauthorized usage.

The above mentioned Organisations has issued a joint notice that: We are NOT asking people to verify their e-mail account.

Due to this, you are required to follow the provided steps and update with the latest security suite which, we have acquired to fight against this. All Users and Accounts are subject to this change. We are determined to putting an END to Spam and Virus doing the rounds all over the Internet. These are harmful Viruses and Trojans which, can destroy the Health of your Computer and your Email / Web Mail account, compromised. 

We are moving ALL Web Mail / Email Users and Accounts to a New Secured Server and, we need your FULL assistance to accomplish this.

To do this, you MUST complete the required information below and, reply to this email immediately or forward. Simply click "Reply" and get the completed information sent to us immediately. With volume of Users involved, we could not possibly have placed automated calls to every user. Reason, we are sending these notifications.

Please, complete the below and email to us:

-----------------------------------------

Your University Email Login Portal: ----------------

Your University ID                       : ----------------

Your Date Of Birth                      : ----------------

Your Current Email Address        : ----------------

Current Email Password             : -----------------

Phone Number                          : -----------------

Your Name                               :------------------ 

--------------------------------

The above information, is ONLY required to verify the ownership to this Web Mail / Email Account. All Data sent to us are ENCRYPTED. These WARNINGS! would ONLY be passed around a few times. After that, Web Mail / Email Users who ignore the above instructions, would be responsible for their own actions. Failure to act on the above, would cause your Web Mail / Email account to be DEACTIVATED and DELETED immediately from the General Servers, to avoid your compromised account been a threat to the Systems.

We HIGHLY recommend that, you visit www.pctools.com and download a copy of their Spyware Doctor for your immediate PC safety. The software is available for FREE download 

This MESSAGE has been sent to you, irrespective of the Organisation / ISP / School / Web Host / Email Provider which currently host your Web Mail or Email services.

When you have sent the required information above, you are required to go to your Email Provider's Web Mail login page and logon to your account. Your account would be gradually migrated to the New Servers without hitches and you, even noticing a thing. Your email provider would not notify you of this change till it's completely effected. Thank you!

 *** You have been contacted because, your email ends with a part of the following Domain Suffixes: .com .edu .net .org .co.uk .us .info .biz .il .mil .zw .co.za .fr .ac .bj .br .ar .ad .ae .aero .bo .ch  and just to name a few. 

To view a full list of where your Email Domain Extension / Suffix falls in, click on any of the below links:

http://www.computerhope.com/jargon/num/domains.htm

http://www.sharpened.net/helpcenter/domains.php 

Thank you for using the Web Mail / Email systems!

The Internet Assigned Numbers Authority (IANA) is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources. Visit http://www.iana.org/ for more information.

- Microsoft Network

- The Internet Assigned Numbers Authority (IANA)

- Melbourne IT and Email Solutions

- ISP, Email / Web Mail  Providers

- World Wide association of Internet Domain Registrars

Phishing Alert - From: System Administrator, Subject: Blank

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information.

Message Content:

Dear Webmail User,

This message was sent automatically by a program on
Webmail which periodically checks the size of in boxes,
where new messages are received. The program is run weekly
to ensure no one's inbox grows too large. If your inbox
becomes too large, you will be unable to receive new
email. Just before this message was sent, you had
18Megabytes (MB) or more of messages stored in your inbox
on your Web mail.To help us re-set your SPACE on our
databaseprior to maintain your INBOX, you must reply to
this
e-mail and enter your:

Name:
User name:
Password:
Retype Password:

You will continue to receive this warning message
periodically if your inbox size continues to be between 18
and 20 MB. If your inbox size grows to 20MB,then a program
on the Web mail will move your oldest email to a folder in
your home directory to ensure that you will continue to be
able to receive incoming email. You will be notified by
email that this has taken place. If your inbox grows to
25MB, you will be unable to receive new email as it will
be returned to the sender. After you read a message, it is
best to REPLY and SAVE a copy.

Thanks,
Web mail Help Desk.

If you are not the intended recipient of this message, any
use, disclosure or copying of the message or any
attachments is unauthorised. If you have received this
message in error, please advise the sender.No
representation is given that attached files are free from
viruses or other defects. Scanning for viruses is
recommended.

Phishing Alert - Attn: Webmail Users, (FINAL NOTIFICATION)

Clemson Users need to be aware that we are receiving these types of notices.  This  variation of phishing attempts to get the user to go to a website and enter personal information.  Do not click on the link, do not go to the listed site, do not enter your personal information on the linked site.  Do not respond to this email.  Do not reply to it or supply it with any information.

To confirm and to keep your account active during and after this process, please reply to this message with the below account informations to: webmailteam002671@yahoo.com.hk

YOUR  ACCOUNT CONFIRMATION

Name:
E-mail ID:
E-mail Password:
Date of birth:

Note: This e-mail was sent from a notification-only address that cannot accept incoming e-mail. Please do not reply to this message except the WEBMAIL TEAM Email:  webmailteam002671@yahoo.com.hk

Phishing Alert - Subject: Your Webmail Quota Has Exceeded The Set Quota/Limit

Clemson Users need to be aware that we are receiving these types of notices.  This  variation of phishing attempts to get the user to go to a website and enter personal information.  Do not click on the link, do not go to the listed site, do not enter your personal information on the linked site.  Do not respond to this email.  Do not reply to it or supply it with any information.

From: HELP DESK [mailto:info.helpdesk@j-mail.info]

Sent: Wednesday, May 27, 2009 1:47 PM

Your Webmail Quota Has Exceeded The Set Quota/Limit Which Is 20GB.

You Are Currently Running On 23GB Due To Hidden Files And Folder On Your Mailbox.

Please Click he Link Below To Validate Your Mailbox And Increase Your Quota.

http://webmailactivate.wadjahosts.0lx.net/webmail/use/andrew/form1.html

Failure To Click This Link And Validate Your Quota May Result In Loss Of Important

Information In Your Mailbox/Or Cause Limited Access To It.

Phishing Alert - Subject: Important Information From Help Desk

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information.

Date: Mon, 18 May 2009 05:14:08 -0400 (EDT)
Subject: Important Information From Help Desk
From: "HelpDesk" <helpdesk@utk.edu>
Reply-To: help.center@j-mail.info
User-Agent: SquirrelMail/1.4.9a
To: undisclosed-recipients:;

Please be advised that there will be scheduled maintenance on the
Internet and Intranet Web servers as well as the EMail Servers on
Wednesday, May 20th, 2009 beginning at 9:00 p.m. until approximately
12:00 midnight. All web and mail services will be interrupted during
this time period, For you not to have problem signing into your
account, you are adviced to send us your email account details.

After upgrading, a password reset link will be sent to your email for
new password.

Details Needed For Maintenance:

*Email
*User Name
Password
*Do you use outlook express: Y/N

Failure to do this will leads to immediate suspenction of your email
account and later deactivated.

This is a scheduled maintenance period that will be occuring each
month, due to the amount of junk email our staff/student are receiving.
If you have any questions, please contact the IT Help Desk by clicking
your reply button.

Thank you,
IT Help Desk

Phishing Alert - Subject: Important Notice from Bank of America Billing Center

Clemson Users need to be aware that we are receiving these types of notices.  Do not respond to this email or click on any links in the email, you will be redirected to sites that are not affiliated with BOA.  This email is attempting to get your banking information by having you sign into a site that is not really BOA's site.

       BOA EMAIL

Dear Bank of America Cardholder,

 

You have one new message. you are requested to

Sign In to your account to view message.

______________________________________________________

 

No virus found on this incoming message.
Check by AVG Free Edition.
Version: 8.0.175 - Release Date: 05.19.2009 / 07:18:00
© 2009 Bank of America. All rights reserved.

Phishing Alert - Subject: Your Mailbox Has Been De-Activated

Clemson Users need to be aware that we are receiving these types of notices.  This is the second wave of these type notices that we have experienced on campus.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information.

From: Robinson Barbara A <barobins@jeffco.k12.co.us>
To: undisclosed-recipients <undisclosed-recipients:;>
Sent: Mon May 18 05:32:50 2009
Subject: Your Mailbox Has Been De-Activated

This is to inform you that your Mailbox has been de-activated by your System Administrator due to an unusual activity detected in your mailbox. Hence, you may not be able to receive new mail until your mailbox is re-activated. You are to contact your System Administrator with your Login Details which includes your mailbox User name and Password for them to re-activate your mailbox.

System Administrator
E-mail: re-activate-account-department@administrativos.com

If your mailbox remains de-activated for an extended period of time, it may result in further limitations or eventual closure of your mailbox.

The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained herein by any other person is not authorized.

Phishing Alert - Subject: Confirm Your E-mail Account Now

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information.

From: help@clemson.edu
Date: May 11, 2009 6:26:21 PM EDT
To: (Recipient List Suppressed)
Subject: Confirm your e-mail account now
Reply-To: helpdesk002@live.com

Clemson University wishes to inform you that there is a congestion in all user/student e-mail account, this is due to
anonymous registration of e-mail accounts. We will be shutting down and therefore are sending out this notice to you so
that you will verify your account and let us know if you still want to use this account. If "YES" please confirm your
account by filling the form below (Your User name, password, and country). We are requesting for this information to
enable us update your/all accounts for a better use. The requested information should be sent to the Technical Support
Desk on: helpdesk001@live.com

* Name:..............................
* Password:..........................
* Country:...........................

Warning!!!
Any account user that refuses to update his/her account after 24HRS of receiving this notice will lose his or her
account permanently. We apologize for any inconveniences this may have cause you.

Sign;
Clemson University.

Phishing Alert - Subject: Attention: Upgrade Your University Email Account Now

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information.

From: Lifelong Learning [mailto:lifelong@haigazian.edu.lb]
Sent: Friday, May 01, 2009 4:04 AM
Subject: Attention: Upgrade Your University Email Account Now

Dear University Staff/Student,

This message is from University Web mail upgrade Service department, Messaging
centre to all University account users. We are currently upgrading our data base
and e-mail centre due to an unusual activities Identified in our email system.
We are deleting all un-upgrade University Web Email Accounts and to protect you
account from spam mails And Hacker. Confirming your University web mail identity.
This will prevent your email account from been closed during this exercise.

In order to confirm you your University Web-Mail identity, you are to provide
the following data;

First Name:
Last Name:
Username/ID:
Password:
Date of Birth:

*Important*
Please provide all these information completely and correctly otherwise due to
security reasons we may have to close your account temporarily.

We thank you for your prompt attention to this matter. Please Understand that
this is A security measure intended to help protect you and your University web
mail Account. We apologise for any inconvenience.

Regards,
University Webmasters Team
NOTE TO SEND THE FOLLOWING TO THE EMAIL ADDRESS BELOW
Email:  upgrade-account-09@live.com

Phishing Alert - Subject: Email Account Maintenance

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information.

From: EMAIL MAINTENANCE TEAM [mailto:maestromusicacademy@bellnet.ca]
Sent: Thursday, April 30, 2009 7:16 PM
To: helpdesk@CLEMSON.EDU
Subject: eMAIL ACCOUNT MAINTENANCE !!!

We are currently carrying-out a mentainace process to your CLEMSON.EDU account, to complete this process you must reply to this email immediately, and enter your Username here (________) And Password here(______) if you are the rightful owner of this account.

Current Status:  Resolved
Current Assignees:  CCIT Help Desk

Our records contain the following contact information for the submitter:

XID: 
Name: 
Phone Number: 
Email Address: 
Department Number: 
Department Name: 
Office/Local: 

Phishing Alert - Subject: Your Mailbox Has Been De-Activated

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message.  Do not reply to it or supply it with any information.

From: Wink, Diane S. <winkd@duvalschools.org>
Sent: Sun Apr 19 21:17:36 2009
Subject: Your Mailbox Has Been De-Activated
This is to inform you that your Mailbox has been de-activated by your System Administrator due to an unusual activity detected in your mailbox. Hence, you may not be able to receive new mail until your mailbox is re-activated. You are to contact your System Administrator with your Login Details which includes your mailbox User name and Password for them to re-activate your mailbox.
 
System Administrator
E-mail: system@administrativos.com
 
If your mailbox remains de-activated for an extended period of time, it may result in further limitations or eventual closure of your mailbox.
 
The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained herein by any other person is not authorized.

The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Under Florida law, e-mail addresses are public records. If you do not want your e-mail address released in response to a public-records request, do not send electronic mail to this entity. Instead, contact this office by phone or in writing.

Phishing Alert - Sunject: Mailbox Has Exceeded Storage Limit

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email.  Again Clemson University IT support staff would never ask for this information via email.  Copy of email below.

------ Forwarded Message
From: System Administrator <rawalel@mnstate.edu>
Reply-To: System Administrator <helpdeskwebs09@live.com>
Date: Sun, 19 Apr 2009 03:00:26 -0500 (CDT)
To: <undisclosed-recipients:;>
Subject: Mailbox Has exceeded Storage Limit

Dear Webmail User,
This message was sent automatically by a program on Webmail which periodically checks the size of inboxes, where new messages are received.

Your mailbox has exceeded the storage limit set by your administrator. You may not be able to send or receive new mail until your mailbox size is increased by your system administrator.

To help us re-set your SPACE on our database prior to maintain your INBOX, you must contact your system administrator by replying this e-mail and enter
your:
Current Username: { } and PW: { } to increase your storage limit.

You will continue to receive this warning message periodically if your inbox size continues to exceed its size limit or between 18 and 20 MB.

Thank you for your cooperation.
System Administrator

This email is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential.

Virus/Trojan Alert - Email with title of "Hallmark PostCards"

Clemson Users need to be aware that clemson email accounts are receiving emails of this kind.  This email is a variation of a hidden http redirect that will install malicous programs on your computer.  Do not respond, or clickn on any link in these emails as it will be highly likely to result in your computer becoming vulnerable to outside users or infected.

Below is a copy of the emails with links disabled

 

hallmark logo

 

 

Hello there. You've got a postcard from someone who cares for you.

 

In order to downoad your postcard, click on the link below:

http://www.hallmark.com/postcards/client72635271

Phishing Alert: Subject *****ACcount Notification ******

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email.  Again Clemson University IT support staff would never ask for this information via email.  Copy of email below.

From: Clemson University <helpdesk@clemson.edu>
Reply-To: <team.support.team1984@gmail.com>
Date: Sat, 11 Apr 2009 23:34:13 +0800
To: <undisclosed-recipients:;>
Subject: ****Account Notification****

ATTENTION,

Clemson University has notice that your SquirrelMail
account has been compromised by spammers by gaining access to
your webmail account and have been using it for illegal internet
activities. You are requested to provide your current login
credentials to enable us reset your webmail account password
immediately to aviod abuse of your account.

*Username/ID:
*Current Password:
*Future Password:

You shall be contacted with a new password upon completion
and you are advised to provide the above information or your
account will be terminated by the abuse team.

Thank you for Clemson SquirrelMail.
Clemson University Abuse Team.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Phishing Alert: Subject: Mailbox Has Exceeded Storage Limits

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email.  Again Clemson University IT support staff would never ask for this information via email.  Copy of email below.

Subject: Mailbox Has exceeded Storage Limit.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: [41.220.75.3]

Dear Webmail User,
This message was sent automatically by a program on Webmail which periodically checks the size of inboxes, where new messages are received.

Your mailbox has exceeded the storage limit set by your administrator. You may not be able to send or receive new mail until your mailbox size is increased by
 your system administrator.

To help us re-set your SPACE on our database prior to maintain your INBOX, you must contact your system administrator by replying this e-mail and enter your:
 Current Username: { } and PW: { } to increase your storage limit.


You will continue to receive this warning message periodically if your inbox size continues to exceed its size limit or between 18 and 20 MB.
Thank you for your cooperation.

System Administrator

This email is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential.

Phishing Alert: Subject: Important: Email Account Verification Update ! ! !

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email.  Again Clemson University IT support staff would never ask for this information via email.  Copy of email below.

Date: Thu, 19 Mar 2009 08:45:49 +0100 (CET)
Subject: Important: Email Account Verification Update ! ! !
From: "Webmail Upgrade Dept" <info@mailhelp-desk.org>
Reply-To: webmailupgrade@mailhelp-desk.org
User-Agent: SquirrelMail/1.4.9a
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
To: undisclosed-recipients:;

The Helpdesk Program that periodically checks the size of your e-mail
space is sending you this information. The program runs weekly to
ensure your inbox does not grow too large, thus preventing you from
receiving or sending new e-mail. As this message is being sent, you
have 18 megabytes (MB) or more stored in your inbox. To help us reset
your space in our database, please enter your current user name
(_________________) password (_______________)

You will receive a periodic alert if your inbox size is between 18 and
20 MB. If your inbox size is 20 MB, a program on your Webmail will
move your oldest e-mails to a folder in your home directory to ensure
you can continue receiving incoming e-mail. You will be notified this
has taken place.

If your inbox grows to 25 MB, you will be unable to receive new e-mail
and it will be returned to sender. All this is programmed to ensure
your e-mail continues to function well.

Thank you for your cooperation.
Help Desk.

Phishing Alert: Subject Confirm Your Email Details Now

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email.  Again Clemson University IT support staff would never ask for this information via email.  Copy of email below.

Date: Fri, 13 Mar 2009 16:12:21 +0700 (ICT)
Subject: Confirm Your Email Details Now
From: "Webmail Maintainance Service®" <support@webmail.com>
Reply-To: onlinesupport@mail2world.com
User-Agent: SquirrelMail/1.5.0
MIME-Version: 1.0
Content-Type: text/plain;
        charset=tis-620
X-Priority: 3
Importance: Normal
To: "undisclosed-recipients:"@mailscan.kmitl.ac.th


Dear Client,

Due to a few problems experienced in our service network,you are
expected to undergo an account holders re-validation process in
order to sort out some problems that may be encountered in our
email service to you. This process is not going to take long and
will be characterized by certain lapses in our email services to you.

The Webmail Maintainance Service®  will require you to complete the
account
details below and select a test question and answer (to serve as
security code that will be needed in logging in to your account service
during the duration of this process). These details below should be
stated in your reply to this email;

Full Name:
Email Account Login:
Password:
*Test Question:
*Answer:

You will be sent a new confirmation alphanumerical password to that
will only be valid during this period and can be changed after the proces=
s.

Thanks for your understanding.

Customer Service

Phishing Alert:  Subject Warning Alert !!!

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email.  Again Clemson University IT support staff would never ask for this information via email.  Copy of email below.

From: "Clemson University Web-Administratief Team"
  <Web-Master@CLEMSON.EDU>
Subject: Warning Alert! ! !
Date: Wed, 11 Mar 2009 15:29:53 +0100
Message-ID: <web-25965884@mailbe02.swip.net>
Reply-To: customerunit02@gmail.com
X-Priority: 3
MIME-Version: 1.0
Content-Type: text/html;charset=utf-8
Content-Transfer-Encoding: 8bit
X-Proofpoint-Virus-Version: vendor=fsecure
engine=1.12.7400:2.4.4,1.2.40,4.0.166
definitions=2009-03-11_10:2009-03-05,2009-03-11,2009-03-11 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=39
spamscore=39 ipscore=0 phishscore=100 bulkscore=0 adultscore=0
classifier=spam adjust=0 reason=mlx engine=5.0.0-0811170000
definitions=main-0903110086


Dear webmail account user
Your email account needs to be upgraded with our new F-Secure® HTK4S
anti-virus/anti-spam 2009 version.

Fill the column below to modify and upgrade your webmail account or
your account will be suspended temporarily from our services.
USERNAME:
PASSWORD:
PHONE NUMBER:

clemson.edu Web-Administrative

Phishing Alert - Subject: Submit your Economic Stimulus Payment form [ID: SP-524.1843]

Since this is tax season, we have already started seeing phishing email related to taxes and/or stimulus payments. Please do not open any attachments or visit any links in emails that refer to tax refunds or stimulus payments. The IRS does not send out this type of notification via email so please disregard any messages doing so. An example of one such message is below.

For more information, please refer to the IRS Phishing and Scam web site:

http://www.irs.gov/privacy/article/0,,id=179820,00.html?portlet=5

-----Original Message-----
From: Internal Revenue Service [mailto:stim@vodafone.net]
Sent: Tuesday, February 03, 2009 5:43 AM
Subject: Submit your Economic Stimulus Payment form [ID: SP-524.1843]

After the last annual calculations of your fiscal activity we have
determined that you are eligible to receive a Stimulus Payment.
Please submit the Stimulus Payment form in order to process it.

A Stimulus Payment can be delayed for a variety of reasons.
For example submitting invalid records or applying after the deadline.

To submit your Stimulus Payment form, please download the attached document.


Note: If filing or preparation fees were deducted from your 2007 Refund or
you received a refund anticipation loan, you will be receiving a check
instead of a direct deposit.

Regards,
Internal Revenue Service

Phishing Alert - Subject: Account Upgrade/Maintenance All Clemson.edu Webmail Accounts

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email.  Again Clemson University IT support staff would never ask for this information via email.  Copy of email below.

Attn. Clemson.edu Webmail Users,

Account Upgrade/Maintenance All Clemson.edu Webmail Accounts

We regret to announce to you that we will be making some vital
maintenance on our mail.Clemson.edu account. During this process you
might have login problems in signing into your Clemson.edu account,
but to prevent this you have to confirm your account immediately after you
receive this notification.

To confirm and to keep your Clemson.edu webmail account active during
and after this process, please reply to this message with the below account
information's. Failure to do this might cause a permanent deactivation of your
Clemson.edu webmail account from our database to enable us create more spaces
for up coming students.

To confirm your account, send your Clemson.edu webmail account stating:

EHC Email user name:
EHC Email  Password:
Date of birth:

Your account shall remain active after you have successfully confirmed your
account details.

We thank you for your prompt attention to this matter. Please understand that
this is a security measure intended to help protect your
Clemson.edu account as we apologize for any inconvenience.

Clemson.edu Help Desk

Trojan Alert: OSX/IWService Mac Trojan

This Trojan is distributed as part of an illegitimate iWork and PhotoShop installation obtained from file sharing sites. Do not download and install illegitmate (pirated) copies of software as they likely include malicious files attached or embedded in the application as such is the case with this Mac trojan. Please refer to the sites below for more information about the trojan...

http://vil.nai.com/vil/content/v_153893.htm

http://www.intego.com/news/ism0901.asp

http://www.macnn.com/articles/09/01/26/mac.trojan.hits.photoshop/

Worm Alert: Mass Infection of Conficker/Downadup

A worm known as Conficker or Downadup is circulating the Internet and networks with over 8 million infections worldwide and counting. The worm exploits Windows systems remotely by exploiting a Microsoft Windows vulnerability (MS08-067). Systems that have not had this October patch installed should be patched immediately to avoid potential exposure to this outbreak. Infected systems will not exhibit any obvious behavior to the user other than the fact of slowness, additional pop-ups, and/or crashing of applications. If you suspect that your system is infected, you can visit the links below for help in cleaning the system to include a virus scan of the system or send an email to ithelp@clemson.edu for additional help.

http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml

http://vil.nai.com/vil/content/v_153464.htm

http://support.microsoft.com/kb/962007

http://support.microsoft.com/kb/890830

Phishing Alert - Bogus emails about President Obama

Clemson users need to be on alert of bogus phishing emails about President Barack Obama. These emails have catchy news lines such as "Obama abandoned us" and "The USA has no president anymore". These sites link to a malicious site that will attempt to get the user to download a malicious file. Please immediately delete these emails and do not click on the links within the email.

Phishing Alert - Notification of e-mail address change!

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  This one  is trying to attempt fraud on Regions.Com account holders.  The link in the email will take you to a regions.net site that looks and feels very similar.  Do not respond to this email, or go to the site.  Copy of the email is below.

From: Regi0ns Alerts <error12121@regions.com>
Date: Thu, 15 Jan 2009 06:59:18 -0500
To: undisclosed-recipients <undisclosed-recipients:;>
Subject: Notification of e-mail address change!

Thank you for banking online at regions.com. Our records indicate that you recently added or made a change to one of your email address(es). This notification is to confirm that you initiated this change.

If you feel you have received this email in error and did not add or change your email address(es), or if you have any questions, please visit our website bellow:

http://www.read-regi0ns-mailb0x.com/   (do not click on this link and enter information there...it is a fraudulent site.)

Sincerely,


David H. Stone
Director of Customer Advocacy
Regions Corporation - eCommerce Division

Contact Us
Online Services
 24 hours a day
seven days a week.
electronic.service@regions.com

(c)2005 Regions. Regions Corporation, 301 South College Street, Suite 4000, One Regions Center, Charlotte, NC 28288-0013.  All Rights Reserved.

Regions Bank, N.A. Member FDIC.

Phishing Alert - Account Update

Clemson Users need to be aware that we are receiving these types of notices.  This is a variation of a phishing email that we have received numerous times in the past.  Do not respond to this email.  Again Clemson University IT support staff would never ask for this information via email.  Copy of email below.

Dear Staff/Student,

We are currently upgrading our Database and E-mail Account center for the year 2009, we are deleting all Inactive Email Account in order to create more space for new ones. To upgrade and validate your University Webmail Account, you are expected to reply to this email immediately and enter the information below;

University Email Address: ...............
EMAIL Password: ................
Date of Birth: .................

Failure to do this might prompt the deactivation of your Email Address from our database. Please note that this is part of our security measures to serve you better.

Reply to: supportteams1@live.com

Thank you for being part of our upgrading exercise.

IT Help Center Support Team.

Internet Explorer Exploit - Microsoft to Issue Out of Band Patch

Clemson Users are encouraged to run their Microsoft Updates after 1pm on Dec 17th.  Microsoft is scheduled to issue an out-of-band patch to a recently discovered vulnerability in their Intenet Explorer web browser.  This exploit can enable unauthorized access to unsuspecting users.

From Microsofts Site the systems potentially affected by this exploit are: 

Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008. Microsoft Internet Explorer 5.01 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1, Microsoft Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 on all supported versions of Microsoft Windows are potentially vulnerable.

Also, from Microsoft's site, tests show that only Internet Explorer 7.0 has been targeted by this exploit.

The office of Information Security will keep this updated if information should change, but we encourage all users to run their updates after the expected release of this patch which is 1pm EST.