Cyber Threat Alerts
Java Exploit Notice - Homeland Security/US-CERT Advisory - UPDATE
Oracle has provided a patch for the zero-day exploit mentioned below. Please refer to the Oracle update advisory for more information:
http://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html
How to Update
Please visit the following site for instructions on updating Java:
http://docs.oracle.com/javase/7/docs/technotes/guides/deployment/deployment-guide/jcp.html#update
Reminder
If you have disabled Java in the Java Control Panel, you will need to manually re-enable it after installing this release. You can find the check box in the Security tab of the Java Control Panel.
If you have previously disabled Java Plugin in the browser, you will need to manually re-enable it after installing this release. In Firefox, you can do this in the Add Ons -> Plugin screen. In Internet Explorer, this functionality is located in Tools -> Manage Add-ons.
Java Exploit Notice - Homeland Security/US-CERT Advisory
Clemson Users need to be aware that an advisory issued by Homeland Security in conjuction with US-CERT has been issued to temporarily disable Java on your computers. There has been an exploit that is running in the wild with no known fixes at this time that is affecting Java Runtime Environment (JRE) version 7 update 10 or older. It may show as Jave Runtime Environement (JRE) 1.7 on your computers, or version 7 update 10 folowed by a build number. If properly exploited, remote attackers may be able to execute arbitrary code on vulnerable systems.
Impact/Disabling Java on my Computer: While we don't expect the impact for Clemson users accessing Clemson hosted systems to be great if any at all, impact on sites outside of Clemson is unknown at this time. We will continue to test our sites and identify any if at all those that might be affected.
Most Mac/Apple users (at least those running Mountain Lion, Lion, Snow Leopard or Leopard) who are up-to-date with their updates are already protected as Apple has added the protection (they just block it) into their updates until a fix has been identified. It is possible to disable Java in each browser, but Windows users may choose to manualy disable Java from running on all browsers by going into their Control Panel -> Programs -> Java -> click on the "Security" tab. There you will find a single checkbox titled "Enable Java content in the browser." To disable Java across all browsers, un-check this box, click OK, and then you're done.
To read more about the exploit from US-CERT, go to VU#625617
Update: Users who elect to disable Java on their systems may experience issues when visting cuvpn.clemson.edu which requires the plugin for the AnyConnect VPN Installer.
Phishing Message: Unathorized Access to your Clemson University Webmail
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been attempting to appear to come from support at Clemson or Clemson support, but that is not correct. Do not reply to it, click on the links in it, or supply it with any information.
Text of Email:
From: Clemson University <supports@clemson.edu>
Date: December 15, 2012, 6:06:58 PM EST
To: Recipients <supports@clemson.edu>
Subject: Unauthorized Access To Your Clemson University Webmail Account
Dear CustomerWe observe unauthorized access to your account and we were unable to verify your account information
Therefore your account has been temporarily limited and you are advise to reconfirm your account information
RECONFIRM YOUR ACCOUNT
Sincerely,
Customer Service
Clemson University
Phishing Message: Clemson News Update
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been attempting to appear to come from support at Clemson or Clemson support, but that is not correct. Do not reply to it or supply it with any information.
Text of Email:
Hello
Your Two Incoming Mails has been place on hold due to our
recent database upgrade Click On
http: //fluidsurveys.com/surveys/newsupdate/clemson-news-update/?TEST_DATA=
to login for Help-Desk Team Response.We Apologies For Any
Inconveniences We May Have Caused You And Thanks For Your
Understand.
Signd
Help-Desk Team
Phishing Message: Spam Activity
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been attempting to appear to come from support at Clemson or Clemson support, but that is not correct. Do not reply to it or supply it with any information.
Text of Email:
Your Clemson email account has been reported for numerous spams Activities
from a foreign ip recently. As a result you may not be able to receive or
send new mail.
However, you might not be the one promoting this Spam, as your e-mail
account might have been compromised. To protect your account from sending
spam mails, You are to confirm your true ownership of this account by following
this link below, fill the form and login again.
http://www.123contactform.com/form-322008/Clemson-University
Failure to do this will violate the Clemson Computing & Information
Technology Policies.This will render your account inactive.
NOTE!!: You will be sent a password reset message in next seven (7)
working days after undergoing this process for Security reasons.
The office of Information Security will keep this updated if information
should change, but we encourage all users to run their updates after the
expected release of this patch.
Clemson Computing & Information Technology | Copyright @2010 Clemson
University, Clemson, SC 29634-2803
Phishing Message: Upgrade Your Email Capacity !!
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been attempting to appear to come from support at Clemson or Clemson support, but that is not correct. Do not reply to it or supply it with any information.
Text of Email:
-----Original Message-----
From: Clemson University Email Team [mailto:helpdsk@clemson.edu]
Sent: Tuesday, April 03, 2012 1:11 PM
Subject: Upgrade Your Email Capacity !!
Attention Clemson Email USer
We are currently Upgrading Our Email Storage capacity to 40 GB, Please Fill in the required details in the Link provided below so We can upgrade your Email Storage.
http://clemson.form2go.com/13546.html
Thanks For your Co-operation
Clemson University Email Team
Phishing Message: Outstanding Payment from the Bank of Japan
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been coming from different email addresses, but with the same message and attempting to appear to come from support at Clemson. Do not reply to it or supply it with any information.
Text of Email:
From: Clemson University <info@clemson.edu>
Date: Fri, Jan 20, 2012 at 11:08 AM
Subject: Warning!!!!
To: info@mail.com
A Virus as been deducted in your Clemson Mailbox, click the link below and login http://eress.webs.com/clemsonuniversitylogin.htm to terminated the Virus before spreading or causing damage to our Webmail system and your mailbox, failure to comply will led to termination of your Clemson mail from our Webmail System
Phishing Message: Job Seeking Scams
Clemson Users need to be aware that we are receiving reports that fraudulent emails are being sent to Clemson students under the guise of offering some form of employment (full-time positions, internships, volunteer positions, etc.). Many will involve sending you money in the form of a check to deposit in your account and then for you to withdraw and send money to another location. Do not fall victim to this kind of scam.
If you receive a suspicious email, please review the information on teh Career services website to see if the email fits any of the characteristics of a scam already identified. Do not respond to these emails, click in the links in the messages, or cut and paste the links into your browsers.
Michelin Career Center Job Seeker Scam Website
Phishing Message: Outstanding Payment from the Bank of Japan
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information.
Text of Email:
---------------------------- Original Message ----------------------------
Subject: Financial-aid Change
From: "Clemson" <finaid@clemson.edu>
Date: Mon, May 23, 2011 6:13 am
To:
Cc: recipient list not shown:;
--------------------------------------------------------------------------
Some Changes has been made on your student aid program. Click on the link
below or copy it and paste on your browser to access.
http://free.allforms.mailjol.net/u/89ae57df.php
Copyright © 2011 Clemson University, Clemson, SC. All Rights Reserved.
________________________________________
Phishing Message: Outstanding Payment from the Bank of Japan
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information.
Text of Email:
Dear:BENEFICIARY
We apologies, For the delay of your payment and all the inconveniences and inflict That We might have indulged you through. However, we were having some Major Problems with our payment systems and network technology,this problem was caused by the earthquake and tsunami.The earthquake and tsunami caused extensive and severe structural damage in our beloved nation Japan and have held Us Stranded and indolent.
On going through files yesterday,we discovered that the said earthquake and tsunami has affected Us in paying most of our foreign debts,Thousands of names and emails have been crashed and deleted from our database but fortunately for us we can still recover some names and emails.From the records of outstanding contractors due for payment with the Federal government of Japan , your name and email was discovered as Next on the list of the outstanding contractors who have not yet Received their payments. Also note that From My record in my file your outstanding contract payment is 100,000,000.00 JPY (One hundred million Japan Yen) which is equivalent to $1,235,707.3088 USD(One million two hundred and thirty five thousand United state dollars)
Kindly re-confirm to me the followings:
1) Your full name.
2) Phone, fax and mobile #.
3) Company name, position and address:
4) Profession, age and marital status.
5) A scanned copy of Working I’d/Int\"l passport.
As soon as this information is received, your payment will be made To you In a certified bank draft or wired to your nominated bank account Directly From Bank of Japan.
We apologies once Again For the delay of your payment
Thanks for your good understanding, hope to have your response shortly.
APPLICATIONS SHOULD BE SENT TO: bankofjapan@email.com
YOURS SINCERELY,
Masaaki Shirakawa
Executive Governor
BANK OF JAPAN
Major Commercial Email Hack Affects Some Clemson Users
As reported by the news oulets this week, "The world's largest "permissions-based" e-mail marketing company, Epsilon, reported late last week that someone hacked into its computer system and stole an unknown number of e-mail addresses and names. The scope of this breach is potentially huge and has continued to grow over the weekend, with companies like TiVo, JPMorgan Chase and Capital One coming forward to say their customers have been affected."
"Since the hacker, according to Epsilon, lifted only e-mail addresses and names, there's little fear that identities could be stolen and bank accounts drained because of the huge leak of information. What security experts do worry about, however, is a malicious form of spam called "targeted phishing" or "spear phishing." These terms refer to fake e-mails that try to look real because the scammer knows something about you."
Clemson users should be vigilant about emails received from one of these companies that is asking for personal information in an email. Legit email from these companies will not ask for personal information in an email. Many phishing emails will also attempt to link the user to a malicious site that is purporting to be a legit site. It is best practice to open a browser window and manually type the company's name in the browser rather than clicking on links within emails.
If you have questions about the potential impact, you can send an email security@clemson.edu.
News Coverage of the Hack: http://tinyurl.com/3h4rer6
Phishing Message: You are about to Exhaust Your Usage Allowance
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information.
Text of Email:
From: Mary Polen <MPOLEN@clemson.edu>
Date: January 31, 2011 7:56:15 AM EST
To: "_@clemson.edu" <_@clemson.edu>
Subject: You are about to exhaust your usage allowance
An important message about your Webmail Internet Service
Dear Valued Customer,
Our records show that you have almost exhausted your usage allowance provided with your webmail service.
Depending on your current storage space you may request for additional storage.
Please click here to request for additional storage.
Keeping track of your usage
What we do:
· Inform you with online notifications when you're approaching 75% and 100% of your designated usage allowance
· Notify you with an email when you've reached 100% of your usage allowance
· Provide you with 24/7 customer care and support, plus answers to any of your questions
What you can do:
Track your up-to-date usage and see your past monthly usage
Watch the monthly usage information on your webmail
Learn more - click here to fill the storage increase form and for tips on how to manage your usage and maximize your speed
Thanks
Mary Polen
For Helpdesk Team
Phishing Message: Announcement
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information.
Text of email:
Clemson University is excited to announce the new webmail with security system.The new webmail is better than ever and now offers additional Security system and personal preference options,message preview improvements,and much more.To migrate to the new webmail and Check out some of the highlights click the link below and then login to migrate today!
click here to migrate to the new webmail
If you would like to continue using the old webmail system please click here to contact us to keep your old webmail.
Please note that for the duration of the webmail preview, we will not have the remember me function.This enables you to easily access either viewing option.
Webmaster
Copyright© 2010 Clemson University All rights reserved
Phishing Message: 2010 Clemson Alert
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information.
Text of Email:
From: CLEMSON UNIVERSITY
Dear Clemson User, We would like to inform you that we are currently carrying out scheduled maintenance and upgrade of our account service and as a result of this your accounts have to be upgraded. We are sorry for any inconvenience caused. To maintain your account, you must reply to this email immediately and enter information below: User ID:...... Password:...... Failure to do this within 48 hours will immediately render your account deactivated from our database. Thank you for using our Services! Copyright ©2010 Clemson. All rights reserved. E-Mail Account Maintenance.
Web Address: http://www.clemson.edu/ccit/
Report a Problem, CCIT Web Site Area: Email & Accounts
Phishing Message: Your email quota limit
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email, click in the links in the messages, or cut and paste the links into your browsers. We have noticed that this email has been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information.
Text of Email:
Subject: Your email quota limit
Date: Mon, 16 Aug 2010 19:16:16 +0300
From: "Stavroulla Antoniou" <stavroulla.antoniou@cut.ac.cy>
To: undisclosed-recipients:;
You have exceeded the storage limit on your mailbox
You will not be able to send or receive new mail until you upgrade your email quota.
Copy the below link and fill the form to upgrade your account.
http://5j6ro.9hz.com
System Administrator
192.168.0.1
Phishing Message: Your Amazon Order (could be any company name here)
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past just with different companies. Do no click on any of the links as you are being redirected to a different site than presented. Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information.
Text of Email
From: Amazon.com [mailto:digital-no-reply@amazon.com]
Sent: Friday, July 16, 2010 6:06 AM
To: berdanr@clemson.edu
Subject: Your Amazon.com Order (D59-8089158-8719211)
|
|||||||||||||||||||||||||||||
Email Scam: <no subject>
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of the Nigerian email scam that we have received numerous times in the past. Do not respond to this email, or send money to any address listed in the email. We have noticed that this email might have been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information, or participate in the Scam.
Text of the Message:
FYI
I have been waiting for you to pick up your Cashier Check of $800,000.00 USD (EIGHT HUNDRED THOUSAND US DOLLARS) before I leave the Federal Republic of Nigeria, but you did not show up as I did not hear from you. I am writing to inform you that I have deposited your cashier check with UNITED PARCEL SERVICE there in Nigeria.
For your information, I'm now in Japan to resume my new job offer and will not go back to Nigeria till next year. Please you have to contact the United Parcel Service of Nigeria to know when they will deliver your package to your resident address in your country.
Note that I have paid for the security keeping fee. The only money you will have to pay is the shipping/handling fee which only cost $80.00 US Dollars to receive your check parcel as agreed with them.
Don't be deceived by any body because I have paid for the security keeping fee before they accepted the Cashier check.
Please contact the company with their below details:
Name: Abu Richard
Tel: +2348182662437
E-mail: ups-shipment@cd2.com
Thanks for your attention.
Michael Emmick
Phishing Message: Final Notice
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information.
From: Clemson University [ mailto:vc@clemson.edu]
Sent: Monday, July 05, 2010 8:11 PM
Subject: Final Notice
Due to the congestion in all Clemson University!webmail users accounts,Clemson University !would be shutting down some webmail account.In order to avoid the deactivation of your webmail account,you will have to confirm your e-mail by filling out your Log in info by clicking the secure Link Below.The personal information requested are for the safety of your unimelb account. Please leave all information requested.
secure login: click here:
Thanks
Vice-Chancellor
© 2010 Copyright © 2010 Clemson University, Clemson, SC. All Rights Reserved.
Phishing Message: Your Email Has Reached Its Quota Storage
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information.
Copy of email:
Attention E-mail Account Holder,
Dear Webmail Email User. All mailhub systems will undergo regularly scheduled maintenance, and access to your mailbox via our mail portal will be unavailable for some time during this maintenance period.
We shall be carrying out service maintenance/upgrade on our database and e-mail account center for better online services. We are also deleting all unused e-mail accounts to create more space for new accounts.In order to ensure you do not experience service interruptions or possible deactivation of your e-mail account, Please you must reply to this mail immediately confirming your e-mail account details below for confirmation and identification.
_____________________________________
1. First Name & Last:
2. Full Login Email:
3. Username:
4 Password:
5. Current Password:
_____________________________________
Failure to do this may automatically render your e-mail account deactivated from our e-mail database/mail server. To enable us upgrade your e-mail account, please do reply to this mail.
Webmaster Information
Technical Services
Account Management.
Phishing Message: Your Email Has Reached Its Quota Storage
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information.
----- Original Message -----
From: cramirez@cogeco.ca <cramirez@cogeco.ca>
Sent: Tue Apr 27 16:11:14 2010
Subject: Your Email Has Reached Its Quota Storage.
This message if from your Web mail provider, we were meant to understand that there is some suspicious
activities going on with your account, to ensure that you do not loose your account to Spam/fishing mails you are to
provide the following details: Email Address Here:......... Password: Here..........
Thanks for your understanding.
Virus Spreading Through Campus Updated with Fix 4-21-2010
Update - 3:31pm
Computer Problems Seen on Campus Today
Computer problems and events seen today on campus by many of our users was not a virus. All areas of CCIT started receiving reports this morning starting around 10:30am that computers were experiencing virus like symptoms. Specifically seen were on screen notices that their computer was infected with a virus identified as Wecorl and those computers were being forced to shut down. The actual problem was a corrupted or bad dat file that produced false positives to a virus sent out by McAfee. Users were led to believe that their computers were infected with a virus, but indeed that was not the case. Follow the instructions below as to how to fix your computer if affected with this problem. Users can feel assured that at this time that CCIT does not believe or have any reason to believe that any personal data contained on the computers were lost due to this incident.
Scope
This was a world-wide event and was not isolated to just Clemson users. All computers using McAfee anti-virus with the following configuration were affected:
- McAfee Anti-Virus 8.7
- Windows XP or older O/S
- Updated virus definition files to 5958.dat
Symptoms: (typical but entire)
- Pop-Up box claiming to have identified the Wecorl or Wecorl.A virus on your computer.
- Computer is forced to shut down when you did not ask or expect it to.
- Limited, diminishing, or no network activity
How to Fix
If you have experienced no problems today and McAfee Anti-Virus has not updated recently:
- Run the update from within the VirusScan Console, this should install dat file 5959x.dat or later. Those connectiong to McAfee's main site or Clemson's ePO server for updates will now get this update.
If you have experienced problems today and you can get on the internet with the affected Machine:
1. Click on and download the following file
2. When prompted, choose Run to execute the program
3. When completed, you will need to reboot your computer for changes to take effect and this should solve this problem.
If you have experienced no problems today and you cannot get on the internet with the affected Machine: ( you will need a thumb or portable drive)
1. Use a non affected machine (a friends or publically accessible lab computer)
2. Navigate to OISP's page concerning this issue
3. Click on and download the following file
4. When prompted, choose Save to save the program to a thumb or other portable drive.
5. Place this drive in your affected machine, and open the portable drive's location to where you saved the file in the previous step.
6. Click on the following file McAfee 5958 Patch.exe
7. When prompted, choose Run to execute the program.
8. When completed, you will need to reboot your computer for changes to take effect and this should solve this problem.
UPDATE - 1:13pm OISP at this time believes that the issue that is being seen on campus is not a virus in nature, that indeed it was a bad/corrupt definition file from McAfee that was downloaded by desktop users when they updated their anti-virus. We are currently working on solutions and testing those solutions before we send them out to the campus as a whole. Please be patient, and we will update as soon as possible. Again, we no longer have a reason to believe this is a virus/worm at this time.
UPDATE - OISP is also investigating reports of possible FALSE-POSITIVE notifications by McAfee anti-virus. Please if you have not had issues up to this point, do not update your anti-virus at this time. We will post more as to when a real solution to this problem has been identified.OISP has received reports of a virus beginning to show up on campus in mass. We are currently evaluating the situation and are working with support individuals to locate, identify, and develope a remediation plan.
As it stands right now, we believe the virus/worm to be possibly a zero-day worm in a variant form of Wecorl or Wecorl.A that is acting in the wild. This worm is very similar to and mimics many characteristics of the blaster worm from years past. Systems that seem to be affected or at risk at this time are: Windows 2003, 2000 XP and NT and possible server versions of same.
The best possible recourse for users at this time and until an updated virus definition file is made available for our anti-virus software, is to shut down or disconnect systems running the above mentioned O/S. This worm requires no interaction from the end-user to contract, or an to be using an authorized account to infect the host machines.
We will post any new information on this site as we get it.
E-Mail Virus Alert - Hallmark e-card, Google application, Twitter notice, Hi5 invitation, etc...
Clemson users are getting slammed with phishing emails that have a malicious zip file attached. If you clicked on one of these attachments, you need to first update your McAfee VirusScan by right clicking on the shield and choosing "Update Now...". Then do a full virus scan of the system to clean it of all infected files. If you are unsure how to remove the infected files or need assistance, please contact your local support provider or email ITHELP@clemson.edu.
Clemson users are reminded to never click on an email attachment when the sender is unknown or the message is not expected. Zip files will remain to be blocked until the threat is contained and all internal systems have been cleaned.
Phishing Alert - Your mailbox has exceeded the storage limit.
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information.
From: Berlin, Michael [mailto:miberlin@ursinus.edu]
Sent: Monday, October 05, 2009 6:37 AM
Subject: Your mailbox has exceeded the storage limit
Your mailbox has exceeded the storage limit which is 20GB as set by your administrator,you are currently running on 20.9GB, you may not be able to send or receive new mail until you re-validate your mailbox. To re-validate your mailbox please CLICK HERE: http://p1.fr/sw72k <http://p1.fr/sw72k> Thanks System Administrator
Phishing Alert - Clemson Account Update
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information.
Sent: Sat Sep 19 08:31:26 2009
Subject: CLEMSON ACCOUNT UPDATEAtt: Email Account Owner, This message is from net-working messaging unit to all email account owners. We are currently upgrading our data baseandemail account, we are delecting all unused email account to creat more space for new accounts.
You are to provide to us the below, information to eneble us upgrade your account from clossing.Email Username
EMAIL PasswordThanks.
Virus Alert - Emails Containing .zip Files may contain Virus's
Clemson Users have been receiving spam messages that may contain a virus. Messages containing .zip format attachments have been reported by our users and we have confirmed in some of these cases that indeed a virus was present in the attachment.
While .zip format messages can be completely legitimate and that 'zipping' a file is very common, we urge all users to be suspicious of any message they receive from an unknown sender and in the event it contains an attachment whether .zip or some other format not open it unless you are sure of its application and you have scanned it for a virus. We will continue to do all that we can to protect the user by scanning mail before you receive the message, but the more recent messages have been delivered prior to any virus definition updates being able to detect the virus.
Good Email Practices:
- Be careful of messages from unknown senders
- Always be suspicious of attachments you were not expecting to receive
- Keep your anti-virus up to date on your local machine or laptop
- Scan any attachment prior to opening or launching
- Be extra cautious to any attachment that can be an executable such as .zip self extracting format, if you feel you must run the program, try delaying the running of the attachment a day or two to see if any news or updates are published about those messages
- Never respond to emails asking for personal information (social security #, DOB, passwords, etc)
- When in doubt or you know its a virus containing email, just delete it.
- Check this website for updates as we will post them as we receive them.
Subject: Shipping Confirmation for Order (some number)
Hi!
Thank you for shopping at our internet shop!
We have successfully received your payment.
Your order has been shipped to your billing address.
You have ordered (some product here).
You can find your tracking number in attached to the e-mail document.
Please print the label to get your package.
We hope you enjoy your order!
(some company website)
Phishing Alert: Your Mailbox Has Exceeded the Storage Limit
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information.
Copy of Full Email:
From: <System.Administrator@mx2.clemson.edu>
Reply-To: <System.Administrator@mx2.clemson.edu>
Date: Fri, 28 Aug 2009 06:51:22 -1200
To: Recipient List Suppressed
Subject: Your mailbox has exceeded the storage limitYour mailbox has exceeded the storage limit click the link or copy to
upgrade:http://secureintnet.c.la
Thanks
System Administrator
Unwanted Attachments - DHL Delivery Notice
The start of a new semester is always a good time to remind our users to be cautious of opening e-mails that come from sources they don't know or were not expecting mail. We are seeing an increase in spam messages to campus and while we do all we can to filter those out, occassionaly one will slip through. We have see this particular one today, it has an attachment with a .zip file type. Please do not click on it, and be sceptical of any messages that you might receive from unknown sources. In this case just delete the message from your mail client.
From: Eunice Foote <optimizedawih39@rothbierman.com>
To: <@clemson.edu>
Subject: DHL Delivery problem NR E3AMPUZ
Date: Tue, 18 Aug 2009 09:04:30 -0500Dear customer!
Unfortunately we were not able to deliver the postal package you have sent on the 12th of July in time because the addressee's address is wrong.
Please print out the invoice copy attached and collect the package at our department.Your DHL Delivery Services.
Phishing Alert - Subject: Re: Verify email address
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information.
Copy of Full Email:
From: Email Admin [mailto:userverifycall@att.net]
Sent: Monday, August 03, 2009 9:25 PM
Subject: Re: Verify email address
Dear Web Mail Subscriber / Email User,
PHISHING ALERT: Please, read ALL contents of this email. Very Important.
YOU ARE RECEIVING THIS EMAIL BECAUSE, YOUR EMAIL ADDRESS ENDS WITH AN EDUCATIONAL (.edu) DOMAIN.
The coalition of Universities and the .Edu webmail association of Admins, Microsoft Network, The Internet Assigned Numbers Authority (IANA) at http://www.iana.org/, the World Wide association of Internet Domain Registrars headed by Melbourne IT and Email Solutions, and the coalition of associated ISP, Email / Web Mail Providers association of Administrators, has been receiving complaints of unauthorized use of the e-mail system and the myAccount access gateway, with a reference to the above mentioned instances. As a result, we are making an extra security check on all accounts in order to protect their information from theft, fraud and further unauthorized usage.
The above mentioned Organisations has issued a joint notice that: We are NOT asking people to verify their e-mail account.
Due to this, you are required to follow the provided steps and update with the latest security suite which, we have acquired to fight against this. All Users and Accounts are subject to this change. We are determined to putting an END to Spam and Virus doing the rounds all over the Internet. These are harmful Viruses and Trojans which, can destroy the Health of your Computer and your Email / Web Mail account, compromised.
We are moving ALL Web Mail / Email Users and Accounts to a New Secured Server and, we need your FULL assistance to accomplish this.
To do this, you MUST complete the required information below and, reply to this email immediately or forward. Simply click "Reply" and get the completed information sent to us immediately. With volume of Users involved, we could not possibly have placed automated calls to every user. Reason, we are sending these notifications.
Please, complete the below and email to us:
-----------------------------------------
Your University Email Login Portal: ----------------
Your University ID : ----------------
Your Date Of Birth : ----------------
Your Current Email Address : ----------------
Current Email Password : -----------------
Phone Number : -----------------
Your Name :------------------
--------------------------------
The above information, is ONLY required to verify the ownership to this Web Mail / Email Account. All Data sent to us are ENCRYPTED. These WARNINGS! would ONLY be passed around a few times. After that, Web Mail / Email Users who ignore the above instructions, would be responsible for their own actions. Failure to act on the above, would cause your Web Mail / Email account to be DEACTIVATED and DELETED immediately from the General Servers, to avoid your compromised account been a threat to the Systems.
We HIGHLY recommend that, you visit www.pctools.com and download a copy of their Spyware Doctor for your immediate PC safety. The software is available for FREE download
This MESSAGE has been sent to you, irrespective of the Organisation / ISP / School / Web Host / Email Provider which currently host your Web Mail or Email services.
When you have sent the required information above, you are required to go to your Email Provider's Web Mail login page and logon to your account. Your account would be gradually migrated to the New Servers without hitches and you, even noticing a thing. Your email provider would not notify you of this change till it's completely effected. Thank you!
*** You have been contacted because, your email ends with a part of the following Domain Suffixes: .com .edu .net .org .co.uk .us .info .biz .il .mil .zw .co.za .fr .ac .bj .br .ar .ad .ae .aero .bo .ch and just to name a few.
To view a full list of where your Email Domain Extension / Suffix falls in, click on any of the below links:
http://www.computerhope.com/jargon/num/domains.htm
http://www.sharpened.net/helpcenter/domains.php
Thank you for using the Web Mail / Email systems!
The Internet Assigned Numbers Authority (IANA) is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources. Visit http://www.iana.org/ for more information.
- Microsoft Network
- The Internet Assigned Numbers Authority (IANA)
- Melbourne IT and Email Solutions
- ISP, Email / Web Mail Providers
- World Wide association of Internet Domain Registrars
Phishing Alert - From: System Administrator, Subject: Blank
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information.
Message Content:
Dear Webmail User,
This message was sent automatically by a program on
Webmail which periodically checks the size of in boxes,
where new messages are received. The program is run weekly
to ensure no one's inbox grows too large. If your inbox
becomes too large, you will be unable to receive new
email. Just before this message was sent, you had
18Megabytes (MB) or more of messages stored in your inbox
on your Web mail.To help us re-set your SPACE on our
databaseprior to maintain your INBOX, you must reply to
this
e-mail and enter your:
Name:
User name:
Password:
Retype Password:
You will continue to receive this warning message
periodically if your inbox size continues to be between 18
and 20 MB. If your inbox size grows to 20MB,then a program
on the Web mail will move your oldest email to a folder in
your home directory to ensure that you will continue to be
able to receive incoming email. You will be notified by
email that this has taken place. If your inbox grows to
25MB, you will be unable to receive new email as it will
be returned to the sender. After you read a message, it is
best to REPLY and SAVE a copy.
Thanks,
Web mail Help Desk.
If you are not the intended recipient of this message, any
use, disclosure or copying of the message or any
attachments is unauthorised. If you have received this
message in error, please advise the sender.No
representation is given that attached files are free from
viruses or other defects. Scanning for viruses is
recommended.
Phishing Alert - Attn: Webmail Users, (FINAL NOTIFICATION)
Clemson Users need to be aware that we are receiving these types of notices. This variation of phishing attempts to get the user to go to a website and enter personal information. Do not click on the link, do not go to the listed site, do not enter your personal information on the linked site. Do not respond to this email. Do not reply to it or supply it with any information.
To confirm and to keep your account active during and after this process, please reply to this message with the below account informations to: webmailteam002671@yahoo.com.hk
YOUR ACCOUNT CONFIRMATION
Name:
E-mail ID:
E-mail Password:
Date of birth:Note: This e-mail was sent from a notification-only address that cannot accept incoming e-mail. Please do not reply to this message except the WEBMAIL TEAM Email: webmailteam002671@yahoo.com.hk
Phishing Alert - Subject: Your Webmail Quota Has Exceeded The Set Quota/Limit
Clemson Users need to be aware that we are receiving these types of notices. This variation of phishing attempts to get the user to go to a website and enter personal information. Do not click on the link, do not go to the listed site, do not enter your personal information on the linked site. Do not respond to this email. Do not reply to it or supply it with any information.
From: HELP DESK [mailto:info.helpdesk@j-mail.info]
Sent: Wednesday, May 27, 2009 1:47 PM
Your Webmail Quota Has Exceeded The Set Quota/Limit Which Is 20GB.
You Are Currently Running On 23GB Due To Hidden Files And Folder On Your Mailbox.
Please Click he Link Below To Validate Your Mailbox And Increase Your Quota.
http://webmailactivate.wadjahosts.0lx.net/webmail/use/andrew/form1.html
Failure To Click This Link And Validate Your Quota May Result In Loss Of Important
Information In Your Mailbox/Or Cause Limited Access To It.
Phishing Alert - Subject: Important Information From Help Desk
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information.
Date: Mon, 18 May 2009 05:14:08 -0400 (EDT)
Subject: Important Information From Help Desk
From: "HelpDesk" <helpdesk@utk.edu>
Reply-To: help.center@j-mail.info
User-Agent: SquirrelMail/1.4.9a
To: undisclosed-recipients:;Please be advised that there will be scheduled maintenance on the
Internet and Intranet Web servers as well as the EMail Servers on
Wednesday, May 20th, 2009 beginning at 9:00 p.m. until approximately
12:00 midnight. All web and mail services will be interrupted during
this time period, For you not to have problem signing into your
account, you are adviced to send us your email account details.After upgrading, a password reset link will be sent to your email for
new password.Details Needed For Maintenance:
*User Name
Password
*Do you use outlook express: Y/NFailure to do this will leads to immediate suspenction of your email
account and later deactivated.This is a scheduled maintenance period that will be occuring each
month, due to the amount of junk email our staff/student are receiving.
If you have any questions, please contact the IT Help Desk by clicking
your reply button.Thank you,
IT Help Desk
Phishing Alert - Subject: Important Notice from Bank of America Billing Center
Clemson Users need to be aware that we are receiving these types of notices. Do not respond to this email or click on any links in the email, you will be redirected to sites that are not affiliated with BOA. This email is attempting to get your banking information by having you sign into a site that is not really BOA's site.
Dear Bank of America Cardholder,
You have one new message. you are requested to
Sign In to your account to view message.
______________________________________________________
No virus found on this incoming message.
Check by AVG Free Edition.
Version: 8.0.175 - Release Date: 05.19.2009 / 07:18:00
© 2009 Bank of America. All rights reserved.
Phishing Alert - Subject: Your Mailbox Has Been De-Activated
Clemson Users need to be aware that we are receiving these types of notices. This is the second wave of these type notices that we have experienced on campus. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information.
From: Robinson Barbara A <barobins@jeffco.k12.co.us>
To: undisclosed-recipients <undisclosed-recipients:;>
Sent: Mon May 18 05:32:50 2009
Subject: Your Mailbox Has Been De-ActivatedThis is to inform you that your Mailbox has been de-activated by your System Administrator due to an unusual activity detected in your mailbox. Hence, you may not be able to receive new mail until your mailbox is re-activated. You are to contact your System Administrator with your Login Details which includes your mailbox User name and Password for them to re-activate your mailbox.
System Administrator
E-mail: re-activate-account-department@administrativos.comIf your mailbox remains de-activated for an extended period of time, it may result in further limitations or eventual closure of your mailbox.
The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained herein by any other person is not authorized.
Phishing Alert - Subject: Confirm Your E-mail Account Now
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information.
From: help@clemson.edu
Date: May 11, 2009 6:26:21 PM EDT
To: (Recipient List Suppressed)
Subject: Confirm your e-mail account now
Reply-To: helpdesk002@live.comClemson University wishes to inform you that there is a congestion in all user/student e-mail account, this is due to
anonymous registration of e-mail accounts. We will be shutting down and therefore are sending out this notice to you so
that you will verify your account and let us know if you still want to use this account. If "YES" please confirm your
account by filling the form below (Your User name, password, and country). We are requesting for this information to
enable us update your/all accounts for a better use. The requested information should be sent to the Technical Support
Desk on: helpdesk001@live.com* Name:..............................
* Password:..........................
* Country:...........................Warning!!!
Any account user that refuses to update his/her account after 24HRS of receiving this notice will lose his or her
account permanently. We apologize for any inconveniences this may have cause you.Sign;
Clemson University.
Phishing Alert - Subject: Attention: Upgrade Your University Email Account Now
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information.
From: Lifelong Learning [mailto:lifelong@haigazian.edu.lb]
Sent: Friday, May 01, 2009 4:04 AM
Subject: Attention: Upgrade Your University Email Account NowDear University Staff/Student,
This message is from University Web mail upgrade Service department, Messaging
centre to all University account users. We are currently upgrading our data base
and e-mail centre due to an unusual activities Identified in our email system.
We are deleting all un-upgrade University Web Email Accounts and to protect you
account from spam mails And Hacker. Confirming your University web mail identity.
This will prevent your email account from been closed during this exercise.In order to confirm you your University Web-Mail identity, you are to provide
the following data;First Name:
Last Name:
Username/ID:
Password:
Date of Birth:*Important*
Please provide all these information completely and correctly otherwise due to
security reasons we may have to close your account temporarily.We thank you for your prompt attention to this matter. Please Understand that
this is A security measure intended to help protect you and your University web
mail Account. We apologise for any inconvenience.Regards,
University Webmasters Team
NOTE TO SEND THE FOLLOWING TO THE EMAIL ADDRESS BELOW
Email: upgrade-account-09@live.com
Phishing Alert - Subject: Email Account Maintenance
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information.
From: EMAIL MAINTENANCE TEAM [mailto:maestromusicacademy@bellnet.ca]
Sent: Thursday, April 30, 2009 7:16 PM
To: helpdesk@CLEMSON.EDU
Subject: eMAIL ACCOUNT MAINTENANCE !!!We are currently carrying-out a mentainace process to your CLEMSON.EDU account, to complete this process you must reply to this email immediately, and enter your User Name here (________) And Password here(______) if you are the rightful owner of this account.
Current Status: Resolved
Current Assignees: CCIT Help DeskOur records contain the following contact information for the submitter:
User ID:
Name:
Phone Number:
Email Address:
Department Number:
Department Name:
Office/Local:
Phishing Alert - Subject: Your Mailbox Has Been De-Activated
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. We have noticed that this email has been coming from different email addresses, but with the same message. Do not reply to it or supply it with any information.
From: Wink, Diane S. <winkd@duvalschools.org>
Sent: Sun Apr 19 21:17:36 2009
Subject: Your Mailbox Has Been De-Activated
This is to inform you that your Mailbox has been de-activated by your System Administrator due to an unusual activity detected in your mailbox. Hence, you may not be able to receive new mail until your mailbox is re-activated. You are to contact your System Administrator with your Login Details which includes your mailbox User name and Password for them to re-activate your mailbox.
System Administrator
E-mail: system@administrativos.com
If your mailbox remains de-activated for an extended period of time, it may result in further limitations or eventual closure of your mailbox.
The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained herein by any other person is not authorized.The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Under Florida law, e-mail addresses are public records. If you do not want your e-mail address released in response to a public-records request, do not send electronic mail to this entity. Instead, contact this office by phone or in writing.
Phishing Alert - Sunject: Mailbox Has Exceeded Storage Limit
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. Again Clemson University IT support staff would never ask for this information via email. Copy of email below.
------ Forwarded Message
From: System Administrator <rawalel@mnstate.edu>
Reply-To: System Administrator <helpdeskwebs09@live.com>
Date: Sun, 19 Apr 2009 03:00:26 -0500 (CDT)
To: <undisclosed-recipients:;>
Subject: Mailbox Has exceeded Storage LimitDear Webmail User,
This message was sent automatically by a program on Webmail which periodically checks the size of inboxes, where new messages are received.Your mailbox has exceeded the storage limit set by your administrator. You may not be able to send or receive new mail until your mailbox size is increased by your system administrator.
To help us re-set your SPACE on our database prior to maintain your INBOX, you must contact your system administrator by replying this e-mail and enter
your:
Current Username: { } and PW: { } to increase your storage limit.You will continue to receive this warning message periodically if your inbox size continues to exceed its size limit or between 18 and 20 MB.
Thank you for your cooperation.
System AdministratorThis email is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential.
Virus/Trojan Alert - Email with title of "Hallmark PostCards"
Clemson Users need to be aware that clemson email accounts are receiving emails of this kind. This email is a variation of a hidden http redirect that will install malicous programs on your computer. Do not respond, or clickn on any link in these emails as it will be highly likely to result in your computer becoming vulnerable to outside users or infected.
Below is a copy of the emails with links disabled
Hello there. You've got a postcard from someone who cares for you.
In order to downoad your postcard, click on the link below:
Phishing Alert: Subject *****ACcount Notification ******
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. Again Clemson University IT support staff would never ask for this information via email. Copy of email below.
From: Clemson University <helpdesk@clemson.edu>
Reply-To: <team.support.team1984@gmail.com>
Date: Sat, 11 Apr 2009 23:34:13 +0800
To: <undisclosed-recipients:;>
Subject: ****Account Notification****ATTENTION,
Clemson University has notice that your SquirrelMail
account has been compromised by spammers by gaining access to
your webmail account and have been using it for illegal internet
activities. You are requested to provide your current login
credentials to enable us reset your webmail account password
immediately to aviod abuse of your account.*Username/ID:
*Current Password:
*Future Password:You shall be contacted with a new password upon completion
and you are advised to provide the above information or your
account will be terminated by the abuse team.Thank you for Clemson SquirrelMail.
Clemson University Abuse Team.----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Phishing Alert: Subject: Mailbox Has Exceeded Storage Limits
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. Again Clemson University IT support staff would never ask for this information via email. Copy of email below.
Subject: Mailbox Has exceeded Storage Limit.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: [41.220.75.3]
Dear Webmail User,
This message was sent automatically by a program on Webmail which periodically checks the size of inboxes, where new messages are received.
Your mailbox has exceeded the storage limit set by your administrator. You may not be able to send or receive new mail until your mailbox size is increased by
your system administrator.
To help us re-set your SPACE on our database prior to maintain your INBOX, you must contact your system administrator by replying this e-mail and enter your:
Current Username: { } and PW: { } to increase your storage limit.
You will continue to receive this warning message periodically if your inbox size continues to exceed its size limit or between 18 and 20 MB.
Thank you for your cooperation.
System Administrator
This email is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential.
Phishing Alert: Subject: Important: Email Account Verification Update ! ! !
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. Again Clemson University IT support staff would never ask for this information via email. Copy of email below.
Date: Thu, 19 Mar 2009 08:45:49 +0100 (CET)
Subject: Important: Email Account Verification Update ! ! !
From: "Webmail Upgrade Dept" <info@mailhelp-desk.org>
Reply-To: webmailupgrade@mailhelp-desk.org
User-Agent: SquirrelMail/1.4.9a
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
To: undisclosed-recipients:;The Helpdesk Program that periodically checks the size of your e-mail
space is sending you this information. The program runs weekly to
ensure your inbox does not grow too large, thus preventing you from
receiving or sending new e-mail. As this message is being sent, you
have 18 megabytes (MB) or more stored in your inbox. To help us reset
your space in our database, please enter your current user name
(_________________) password (_______________)You will receive a periodic alert if your inbox size is between 18 and
20 MB. If your inbox size is 20 MB, a program on your Webmail will
move your oldest e-mails to a folder in your home directory to ensure
you can continue receiving incoming e-mail. You will be notified this
has taken place.If your inbox grows to 25 MB, you will be unable to receive new e-mail
and it will be returned to sender. All this is programmed to ensure
your e-mail continues to function well.Thank you for your cooperation.
Help Desk.
Phishing Alert: Subject Confirm Your Email Details Now
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. Again Clemson University IT support staff would never ask for this information via email. Copy of email below.
Date: Fri, 13 Mar 2009 16:12:21 +0700 (ICT)
Subject: Confirm Your Email Details Now
From: "Webmail Maintainance Service®" <support@webmail.com>
Reply-To: onlinesupport@mail2world.com
User-Agent: SquirrelMail/1.5.0
MIME-Version: 1.0
Content-Type: text/plain;
charset=tis-620
X-Priority: 3
Importance: Normal
To: "undisclosed-recipients:"@mailscan.kmitl.ac.th
Dear Client,Due to a few problems experienced in our service network,you are
expected to undergo an account holders re-validation process in
order to sort out some problems that may be encountered in our
email service to you. This process is not going to take long and
will be characterized by certain lapses in our email services to you.The Webmail Maintainance Service® will require you to complete the
account
details below and select a test question and answer (to serve as
security code that will be needed in logging in to your account service
during the duration of this process). These details below should be
stated in your reply to this email;Full Name:
Email Account Login:
Password:
*Test Question:
*Answer:You will be sent a new confirmation alphanumerical password to that
will only be valid during this period and can be changed after the proces=
s.Thanks for your understanding.
Customer Service
Phishing Alert: Subject Warning Alert !!!
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. Again Clemson University IT support staff would never ask for this information via email. Copy of email below.
From: "Clemson University Web-Administratief Team"
<Web-Master@CLEMSON.EDU>
Subject: Warning Alert! ! !
Date: Wed, 11 Mar 2009 15:29:53 +0100
Message-ID: <web-25965884@mailbe02.swip.net>
Reply-To: customerunit02@gmail.com
X-Priority: 3
MIME-Version: 1.0
Content-Type: text/html;charset=utf-8
Content-Transfer-Encoding: 8bit
X-Proofpoint-Virus-Version: vendor=fsecure
engine=1.12.7400:2.4.4,1.2.40,4.0.166
definitions=2009-03-11_10:2009-03-05,2009-03-11,2009-03-11 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=39
spamscore=39 ipscore=0 phishscore=100 bulkscore=0 adultscore=0
classifier=spam adjust=0 reason=mlx engine=5.0.0-0811170000
definitions=main-0903110086
Dear webmail account user
Your email account needs to be upgraded with our new F-Secure® HTK4S
anti-virus/anti-spam 2009 version.Fill the column below to modify and upgrade your webmail account or
your account will be suspended temporarily from our services.
USERNAME:
PASSWORD:
PHONE NUMBER:clemson.edu Web-Administrative
Phishing Alert - Subject: Submit your Economic Stimulus Payment form [ID: SP-524.1843]
Since this is tax season, we have already started seeing phishing email related to taxes and/or stimulus payments. Please do not open any attachments or visit any links in emails that refer to tax refunds or stimulus payments. The IRS does not send out this type of notification via email so please disregard any messages doing so. An example of one such message is below.
For more information, please refer to the IRS Phishing and Scam web site:
http://www.irs.gov/privacy/article/0,,id=179820,00.html?portlet=5
-----Original Message-----
From: Internal Revenue Service [mailto:stim@vodafone.net]
Sent: Tuesday, February 03, 2009 5:43 AM
Subject: Submit your Economic Stimulus Payment form [ID: SP-524.1843]
After the last annual calculations of your fiscal activity we have
determined that you are eligible to receive a Stimulus Payment.
Please submit the Stimulus Payment form in order to process it.
A Stimulus Payment can be delayed for a variety of reasons.
For example submitting invalid records or applying after the deadline.
To submit your Stimulus Payment form, please download the attached document.
Note: If filing or preparation fees were deducted from your 2007 Refund or
you received a refund anticipation loan, you will be receiving a check
instead of a direct deposit.
Regards,
Internal Revenue Service
Phishing Alert - Subject: Account Upgrade/Maintenance All Clemson.edu Webmail Accounts
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. Again Clemson University IT support staff would never ask for this information via email. Copy of email below.
Attn. Clemson.edu Webmail Users,
Account Upgrade/Maintenance All Clemson.edu Webmail Accounts
We regret to announce to you that we will be making some vital
maintenance on our mail.Clemson.edu account. During this process you
might have login problems in signing into your Clemson.edu account,
but to prevent this you have to confirm your account immediately after you
receive this notification.To confirm and to keep your Clemson.edu webmail account active during
and after this process, please reply to this message with the below account
information's. Failure to do this might cause a permanent deactivation of your
Clemson.edu webmail account from our database to enable us create more spaces
for up coming students.To confirm your account, send your Clemson.edu webmail account stating:
EHC Email user name:
EHC Email Password:
Date of birth:Your account shall remain active after you have successfully confirmed your
account details.We thank you for your prompt attention to this matter. Please understand that
this is a security measure intended to help protect your
Clemson.edu account as we apologize for any inconvenience.Clemson.edu Help Desk
Trojan Alert: OSX/IWService Mac Trojan
This Trojan is distributed as part of an illegitimate iWork and PhotoShop installation obtained from file sharing sites. Do not download and install illegitmate (pirated) copies of software as they likely include malicious files attached or embedded in the application as such is the case with this Mac trojan. Please refer to the sites below for more information about the trojan...
http://vil.nai.com/vil/content/v_153893.htm
http://www.intego.com/news/ism0901.asp
http://www.macnn.com/articles/09/01/26/mac.trojan.hits.photoshop/
Worm Alert: Mass Infection of Conficker/Downadup
A worm known as Conficker or Downadup is circulating the Internet and networks with over 8 million infections worldwide and counting. The worm exploits Windows systems remotely by exploiting a Microsoft Windows vulnerability (MS08-067). Systems that have not had this October patch installed should be patched immediately to avoid potential exposure to this outbreak. Infected systems will not exhibit any obvious behavior to the user other than the fact of slowness, additional pop-ups, and/or crashing of applications. If you suspect that your system is infected, you can visit the links below for help in cleaning the system to include a virus scan of the system or send an email to ithelp@clemson.edu for additional help.
http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml
http://vil.nai.com/vil/content/v_153464.htm
http://support.microsoft.com/kb/962007
http://support.microsoft.com/kb/890830
Phishing Alert - Bogus emails about President Obama
Clemson users need to be on alert of bogus phishing emails about President Barack Obama. These emails have catchy news lines such as "Obama abandoned us" and "The USA has no president anymore". These sites link to a malicious site that will attempt to get the user to download a malicious file. Please immediately delete these emails and do not click on the links within the email.
Phishing Alert - Notification of e-mail address change!
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. This one is trying to attempt fraud on Regions.Com account holders. The link in the email will take you to a regions.net site that looks and feels very similar. Do not respond to this email, or go to the site. Copy of the email is below.
From: Regi0ns Alerts <error12121@regions.com>
Date: Thu, 15 Jan 2009 06:59:18 -0500
To: undisclosed-recipients <undisclosed-recipients:;>
Subject: Notification of e-mail address change!Thank you for banking online at regions.com. Our records indicate that you recently added or made a change to one of your email address(es). This notification is to confirm that you initiated this change.
If you feel you have received this email in error and did not add or change your email address(es), or if you have any questions, please visit our website bellow:
http://www.read-regi0ns-mailb0x.com/ (do not click on this link and enter information there...it is a fraudulent site.)
Sincerely,
David H. Stone
Director of Customer Advocacy
Regions Corporation - eCommerce DivisionContact Us
Online Services
24 hours a day
seven days a week.
electronic.service@regions.com(c)2005 Regions. Regions Corporation, 301 South College Street, Suite 4000, One Regions Center, Charlotte, NC 28288-0013. All Rights Reserved.
Regions Bank, N.A. Member FDIC.
Phishing Alert - Account Update
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. Again Clemson University IT support staff would never ask for this information via email. Copy of email below.
Dear Staff/Student,
We are currently upgrading our Database and E-mail Account center for the year 2009, we are deleting all Inactive Email Account in order to create more space for new ones. To upgrade and validate your University Webmail Account, you are expected to reply to this email immediately and enter the information below;
University Email Address: ...............
EMAIL Password: ................
Date of Birth: .................Failure to do this might prompt the deactivation of your Email Address from our database. Please note that this is part of our security measures to serve you better.
Reply to: supportteams1@live.com
Thank you for being part of our upgrading exercise.
IT Help Center Support Team.
Internet Explorer Exploit - Microsoft to Issue Out of Band Patch
Clemson Users are encouraged to run their Microsoft Updates after 1pm on Dec 17th. Microsoft is scheduled to issue an out-of-band patch to a recently discovered vulnerability in their Intenet Explorer web browser. This exploit can enable unauthorized access to unsuspecting users.
From Microsofts Site the systems potentially affected by this exploit are:
Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008. Microsoft Internet Explorer 5.01 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1, Microsoft Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 on all supported versions of Microsoft Windows are potentially vulnerable.
Also, from Microsoft's site, tests show that only Internet Explorer 7.0 has been targeted by this exploit.
The office of Information Security will keep this updated if information should change, but we encourage all users to run their updates after the expected release of this patch which is 1pm EST.
