Phishing Alert with Subject: Official service renewal notification.
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that has been circulating the internet numerous times in the past and spoofing another ligitimate company. Do not respond to this email. This just just an attempt to gain access to any account your might have with the real institution.
Text of Email:
Dear Customer,
You have one new message at .Capital One.
INBOX
From: Customer Service
Date:
10/02/2008
Subject: Official service renewal notification.
In order to read the message click here to login at
Capital One and access your MAIL section.
This site provides information about and access to financial services offered by the Capital One family of
companies, including Capital One Bank and Capital One, N.A., members FDIC.
©2008 Capital One Services, Inc.
Capital One is a federally registered service mark. All rights reserved.
Blank Check® is a registered trademark of Capital One Services, Inc.
Facebook Worm/Virus Spreading
Clemson Users should take precaution in receiving Facebook messages appearing to be from friends that send them to a site that requires a download to view a video. The worm spreads when a compromised user’s account is used to send message to others with a title such as “LOL. You’ve been catched on hidden cam, yo:” and a link to a random URL. The linked website is a YouTube-like page that shows a video player along with what looks like a standard browser message to update your Flash installation. Clicking on the button begins a malware installation of a file called “codecsetup.exe.”
Click here for more information on this worm.
Phishing Alert: Thursday Aug 28th, 2008 Subject: Confirm Your Clemson.edu Webmail Account
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. Again Clemson University IT support staff would never ask for this information via email.
Text of Email:
From: "Clemson.edu Helpdesk" <-helpdesk@clemson.edu>
Reply-To: <-helpdesk@live.com>
Date: Thu, 28 Aug 2008 21:27:14 -0700
Subject: Confirm Your Clemson.edu Webmail Account.
Dear User: clemson.edu
clemson.edu Engineer will be conducting a scheduled routine maintenance To improve our services, please be informed that we are going to upgrade our system in a couple of days from now, that may affect email delivery notifications on our transaction network. We would need the following information to enable us preserve your account.
CONFIRM YOUR EMAIL IDENTITY BELOW
=================================
FULL NAME:
USER EMAIL:
USER PASSWORD:
COUNTRY:
PHONE NUMBER:
You are to forward the following informations to our Technical Support center.
We apologize for the inconvenience this may cause you.
We assure you more quality service at the end of this maintenance.
We understand that, you need to be certain, your personal information will be secure we take safeguarding your personal information very seriously.
===================================
Thank you for using clemson.edu Account.
clemson.edu is empowerd by
MICROSOFT WINDOWS LIVE.
Notification Code: WWP2H77JJAJ.
http://contact.-helpdesk.clemson.edu/
Spam Alert: Thursday Aug 28th, 2008 Subject: CONTACT MR.THOMPSON BROWN FOR YOUR PACKAGE I HAVE ALREADY PAYMENT
Clemson Users have been receiving spam messages that follow, please do not respond:
---------------------------- Original Message ----------------------------
Subject: CONTACT MR.THOMPSON BROWN FOR YOUR PACKAGE I HAVE ALREADY PAYMENT
From: Mike Walkerman <wmikewalkerman106@yahoo.com.co>
Date: Thu, August 28, 2008 4:37 am
To: tamarag@CLEMSON.EDU
--------------------------------------------------------------------------
¡Tengo nueva dirección de correo!Ahora puedes escribirme
a:wmikewalkerman106@yahoo.com.co
- Please, contact THE CONTROLLER OF FEDEX MR.THOMPSON BROWN now for the
delivery of your Package containing a check of $800,000. I have already
made the payment for the delivery charges. Endeavour to provide him with
your Security Keeping Code:(SCT/0433/CC) contact him with this email:
fedexsp@sify.com. My Regards Mike Walkerman
Phishing Alert - Thursday Aug 28th, 2008 Subject: accountupdating@clemson.edu
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. Again Clemson University IT support staff would never ask for this information via email.
Text of Email:
From: Customer Care Center [mailto:snorre@singnet.com.sg]
Sent: Thursday, August 28, 2008 12:32 PM
To: Update@singnet.com.sg; Your@singnet.com.sg; Account@singnet.com.sg
Subject: accountupdating@clemson.edu
Dear CLEMSON Webmail Account Owner,
This Message is from CLEMSON Message Center at all CLEMSON Webmail Account Owner. We are currently modernizing our database and e-mail center and this will immediately close down all not used CLEMSON Webmail Account to create more space for new accounts.
To avoid having your CLEMSON Webmail Account from the fence, you will need to update below to Our Customer Care Center to know that this is an account currently used.
Confirm your email address below
Username E-mail: ...............
Email Password: ................
Date of birth: .................
Country or territory: ..........
Attention! Account holder who refuses to update his account within Three days after receiving this warning will lose his account permanently.
Thank you for using CLEMSON Webmail !
Thank you,
CLEMSON WEBMAIL TEAM/WEBMAIL EDITOR
CLEMSON.EDU
Educational Alert - Wednesday Aug 27th, 2008 - Subject: "Update Your Clemson Email Address"
On Wednesday Aug 27th, the Office of Information Security and Privacy sent out an email to all users at Clemson warning them of the phishing attacks that we have been receiving on campus. This email was legitimately sent out by our office in attempts to better educate our users of the threat of phishing. Please read the text of the message below:
You have likely received emails with a subject line similar to this one. Do not respond to them! They are attempts to steal your identity.
Clemson University’s IT support staff will never send such a message asking for your personal information. Unfortunately, some students voluntarily respond to these emails requesting passwords, bank information, etc. This type of email is referred to as phishing, and you should never respond to any message asking for personal information.
Here are more examples of emails we have received in recent weeks:
• Subject: Re: HelpDesk Request
• Subject: ACCOUNT UPGRADE NOTIFICATION
• Subject: Please kindly verify your Clemson email account
• Subject: **Warning**
• Subject: Update Your Clemson E-mail Address
• Subject: Verification/Upgrade Of Email Facility
• Subject: Confirm Your Clemson University Webmail Account
• Subject: Confirm Your Email Address!!!
• Subject: WARNING CODE (JF999KF)
None of these are legitimate messages. They are all attempts to steal your identity, typically your Clemson userid and password. Remember, there is more to your account than email. Your Clemson userid and password provides access to your grades, your university bill, your class schedule (drop/add of classes), and many other critical systems.
Please remember the following:
• Never trust email as a secure form of communication!
• Make a strong password that only you will know and never write it down -- remember it!
• Never send Personally Identifiable Information (PII) via email (i.e., passwords, social security numbers, bank information).
• Never share your account information with anyone.
• Report activity that you feel is suspicious to abuse@clemson.edu.
• When in doubt, reset your password to ensure only you have access.
If you receive a suspicious email, check see if we have already posted any information concerning it on our website. http://www.clemson.edu/security
Phishing Alert - Friday Aug 22nd, 2008 - Subject: Re: HelpDesk Request
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. Again Clemson University IT support staff would never ask for this information via email.
Full Text of Email follows:
Attention:Clemson Email User
WE are upgrading generally without shutting down the old
Server(NT06717) to a new and better Server(NT21766),hence the reason for
the request and notification.
You are to fill the details below to enable us upgrade and verify from
the old server.
It is secure and safe and you can change your information 72 hours
after you receive email from us of confirmation.
FILL THE DETAILS BELOW OR ANYWHERE IN THE MAIL
Username :
Password :
Address :
Department :
Attention!!! Account owner that does not update his or her account
within a given period of time after receiving this Notification will
lose his or her account permanently.It will show that the person is not
using this services.
Thank you for using CLEMSON.EDU!
Notification Code:BC1G43TRJ
Sarah Williams
HelpDesk
Phishing Alert - Friday Aug 15th, 2008 - Subject: ACCOUNT UPGRADE NOTIFICATION
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. Again Clemson University IT support staff would never ask for this information via email.
Full Text of Email follows:
Subject: ACCOUNT UPGRADE NOTIFICATION
From: "CLEMSON EDU WEBMAIL SERVICE" <webmailservice@CLEMSON.EDU>
Date: Fri, August 15, 2008 10:32 pm
To:
--------------------------------------------------------------------------
--
Dear user,
This message comes from clemson.edu Internet SM message centre all
clemson.edu account owners. We
are currently improving our Database and e-mail account center. We are
removing all unused
clemson.edu.To creat rate of more space for new accounts.
You're Council check and to confirm your account details to enable us
clemson.edu upgrade our
Internet Service eg clemson.edu E-mail,password,and Address etc. Anyone
who is not yet the case his
or her own automatically lost his / her own
account.
Thanks to the use of Internet for clemson.edu SM To prevent your account
from the conclusion you
must to work under for three days from now!
Confirm your account details
clemson.edu ID:
Password:
Zip:
Home Phone:
You will receive a confirmation from clemson.edu new ID and password, so
it will only valid in that
period and can be amended after the process.
Thanks for your understanding. Customer Service Warning! Account owner who
refuses toupgrade his
or her clemson.edu account before two weeks after receiving this warning
loses his or her Account
permanent.
THANKS
MANAGEMENT
Phishing Alert - Monday Aug. 11th, 2008 - Subject: Please kindly verify your Clemson email account
Clemson Users need to be aware that we are receiving these types of notices. This is a variation of a phishing email that we have received numerous times in the past. Do not respond to this email. Again Clemson University IT support staff would never ask for this information via email.
Full Text of Email follows:
From: CLEMSON Email Administrator [mailto:support.clemson@clemson.edu]
Sent: Monday, August 11, 2008 4:43 PM
Subject: Please kindly verify your Clemson email account
Dear Clemson email account owner,
This message is from Clemson email administration center to all email
account owners. We are currently upgrading the email securities of our
database and email account center. We are also conducting a routine
check by deleting all unused accounts to create more space for new
accounts.
To prevent your email account from being closed, you will have to update
it below by providing us with the below mentioned so that we can
ascertain that your account is prensently in use.
CONFIRM YOUR EMAIL IDENTITY BELOW
Email Username:....................
Email Password:....................
Date of Birth:.....................
Country or Territory:..............
Warning!!! Account owner that refuses to update his or her account
within Seven days of receiving this warning will lose his or her account
permanently.
Regards,
Admin Team
www.clemson.edu
Thank you for using Clemson email account
Message Code:20080811BXXTRECXZW32390TRV
Phishing Alert - Friday Aug. 1st, 2008 - Subject: **Warning**
Clemson Users need to be aware that we are receiving these notices. Do not respond to this email. Again Clemson University IT support staff would never ask for this information via email.
IMPORTANT NOTICE FROM THE CLEMSON MAINTAINANCE CUSTOMER CARE
Dear Clemson Subscriber,
This message is simply a notification to protect the security of your
account.We are currently upgrading our data base and we are delecting all old
in-active Clemson users to create space for new users.
Please note:you are to enter the form below to comfirm that your account is
active.
Form
1.User Name{----------}
2.Password {----------}
3.Date of Birth{------}
4.Country {----------}
Failure to fill this form your account will be delected from our data base
immediately.
This message contains information that is confidential and may be privileged.
Unless you are the addressee (or authorized to receive for the addressee).
Thank you for using https://wm.clemson.edu/webmail/sm/src/login.php
Phishing Alert - Tuesday July 16th, 2008 - Subject: Update Your Clemson E-mail Address
Clemson Users needs to be alerted to the latest phishing attempt that is being received by some Clemson Account holders. Clemson users are receiving these. Do not reply to it. Clemson system admins will never ask you to enter personal information in an email. A copy of the message is as follows:
Date: Tue, 15 Jul 2008 00:31:50 -1100
From: "support@clemson.edu" <support@clemson.edu>
To: undisclosed-recipients: ;
Subject: Update Your Clemson E-mail Address
Dear CLEMSON Users.
The reason for this message is because of the Email Scams & Phishing going on the Clemson Network. We have decided to contact all our students and staff to provide their password so that we can confirm the active users and to de-activate the inactive user. We regret the inconveniences this might have cost you.
Please provide us with the below details.
Username:
Password:
With the above details we can verify active clemson.edu account.
Copyright ©2008 Clemson University,
Clemson, S.C. 29634, (864) 656-3311
Phishing Alert - Wednesday July 9, 2008 - Subject: Verification/Upgrade Of Email Facility
Clemson Users needs to be alerted to the latest phishing attempt that is being received by some Clemson Account holders. Clemson users are receiving these. Do not reply to it. Clemson system admins will never ask you to enter personal information in an email.
Date: Tue, 8 Jul 2008 15:05:03 +0200 (CEST)
From: "Customer Help Desk" <customerservice@CLEMSON.EDU>
Reply-To: upgradeinfoservice@yahoo.com
User-Agent: SquirrelMail/1.4.5
To: undisclosed-recipients:;
Dear User, We are currently upgrading our total Email Network against
a very devastating virus that has now entered our Email Facility. To
protect your Email Account, you must respond to this email immediately
and
provide: 1) Email Address 2) Password Failure to do this will
immediately render your Email Account deactivated from our database.
We await your swift response Regards, Customer Help Desk Scheme.
Phishing Alert - Thursday June 26th - Subject: Comfirm Your Clemson University Webmail Account
Clemson Users needs to be alerted to the latest phishing attempt that is being received by some Clemson Account holders. Clemson users are receiving these. Do not reply to it. Clemson system admins will never ask you to enter personal information in an email.
From: hobie@wideopenwest.com [mailto:hobie@wideopenwest.com]
Sent: Thursday, June 26, 2008 9:58 AM
To: dbruce@clemson.edu
Subject: Comfirm Your Clemson University Webmail Account
Dear Email Subscriber!
Due to the recent email scam notification we received from the international web assist team, we have been notified that email scammers has been using our mail system for internet email scam.
We have updated our email system with the recent email protection system to support anti spyware, anti virus and anti scam software.
You are therefore advice to provide this required information for us to update our recent email protection system on your email address:
Your Full Name, Email Address, Email Password.
Do this as soon as possible.
Thanks.
CLEMSON UNIVERSITY WEB SUPPORT TEAM
Phishing Alert - Thursday June 19th - Subject: Confirm Your Email Address!!!
Clemson Users needs to be alerted to the latest phishing attempt that is being received by some Clemson Account holders. Though not targeted directly to Clemson University systems like some recent ones, users are receiving these. Do not reply to it. Clemson system admins will never ask you to enter personal information in an email.
Questions may be directed to security@clemson.edu.
A copy of the email's text is as follows:
From: THE EDU SUPPORT TEAM [mailto:info@desu.edu]
Sent: Thursday, June 19, 2008 9:55 AM
To: undisclosed-recipients
Subject: Confirm Your Email Address!!!
Dear .edu Subscriber,
We are currently carrying-out a mentainace process to your .edu
account, to complete this process you must reply to this email
immediately,Your email address here (*********) and enter your
password here
(*********) if you are the
rightful owner of this account.
Reply to Email: spamalertoffice1@gmail.com
This process we help us to fight against spam mails.
Failure to summit your password, will render your email address
in-active from our database.
NOTE: You will be send a password reset messenge in next seven (7)
working days after undergoing this process for security reasons.
Thank you for using .edu!
THE EDU SUPPORT TEAM
Phishing Alert - Monday June 16th - Subject: WARNING CODE (JF999KF)
Clemson Users needs to be alerted to the latest phishing attempt that is being received by some Clemson Account holders. Do not reply to it. Clemson system admins will never ask you to enter personal information in an email.
Questions may be directed to security@clemson.edu.
A copy of the email's text is as follows:
-----Original Message-----
From: ADMIN HELP DESK <adminhelpdesk@CLEMSON.EDU>
Date: Sun, 15 Jun 2008 18:53:11
To:undisclosed-recipients:;
Subject: WARNING CODE (JF999KF)
Dear all CLEMSON.EDU account owner
This message is from CLEMSON.EDU messaging center to all CLEMSON.EDU email
account owners.We are currently upgrading our data base and e-mail account
center.We are deleting all CLEMSON.EDU account to create more space for new
account.
Your response should be sent to admin manager,
Mr steve smith
Email: info.adminportal@googlemail.com
CONFIRM YOUR EMAIL IDENTITY BELOW
Email Username :.....................
Email Password :.......................
Date of Birth :..........................
Country or territory : ..................
Mr Boyle Walsh
CLEMSON.EDU Service Center
---------------------------------------------
This message and any included attachment are intended only for the
addressee.The information contained in this message is confidential and may
constitute proprietary or non-public information under
international,federal,or
state laws.Unauthorized forwarding,printing,coping,distribution,or use of such
information is strictly prohibited and may be unlawful.If you are not the
addressee,please promtly delete this message and notify the sender of the
delivery error by e-mail.
----------------------------------------------------------------
Trojan Exploiting Microsoft Excel Vulnerability - Monday, March 10
Clemson Users need to be aware of the following Microsorft Excel exploit. US-CERT is offering more information if you click on the hyperlinks below to find out more information.
Trojan Exploiting Microsoft Excel Vulnerability
US-CERT is aware of public reports of a trojan that may exploit a vulnerability in Microsoft Excel. This trojan is circulating through email messages that contain attached Excel files. Known file names for these attachments are OLYMPIC.XLS and SCHEDULE.XLS. These files may also contain Windows binary executables that can compromise an affected system.
US-CERT encourage users to do the following to help mitigate the risk:
- Review Microsoft Security Advisory 947563 for workarounds.
- Do not open unsolicited or untrusted email messages.
- Use caution when opening email attachments.
- Block executable files and unknown file types at the email gateway.
- Install anti-virus software, and keep its virus signature files up-to-date.
- Review the US-CERT Cyber Security Tip - Using Caution with Email Attachments.
US-CERT will provide more information as it becomes available.
Phishing Email Notification - Monday, March 10
Please do not respond to messages with the subject of "2008 UPGRADE" . This is yet again another phishing attempt trying to get users to send in personal information about their Clemson.edu account settings. At no time will a Clemson Support personnel ask its users to send information such as this via email and you should always suspect emails that ask you for such information.
Sample Message:
-----Original Message-----
From: 2008 UPGRADE [mailto:info@customercare.edu]
Sent: Monday, March 10, 2008 1:33 PM
To:user@CLEMSON.EDU
Subject: 2008 UPGRADE
We are currently carrying out an upgrade on our system due to the fact that It had come to our Notice that one or more of our subcriber are introducing a strong virus into our system and it is affecting our network.We are trying to find out the specific person. For this reason all subcribers are to provide their USER NAME AND PASSWORD for us to varify and have them cleared against thisvirus.Thosethat refuses, their Email Account will be terminated in the next 48 hours.
Information to send;
USER NAME:
PASSWORD:
Hoping to serve you better.
Costomer Care Center
Questions may be directed to security@clemson.edu.
Phishing Email Notification - Friday Feb 29th
Please do not respond to messages with the subject of "THE CLEMSON EDU WEBSITE (Webnews Email Account Update). This is yet again another phishing attempt trying to get users to send in personal information about their Clemson.edu account settings. At no time will a Clemson Support personnel ask its users to send information such as this via email and you should always suspect emails that ask you for such information.
Sample Message:
Subject: THE CLEMSON EDU WEBSITE (WebNews Email Account Update)
This is a WebNews Email Account Update
Please see the bottom of this mailing on this information.
THE CLEMSON EDU WEBSITE WISH TO INFORM YOU THAT WE HAVE SOME PROBLEMS ABOUT EACH CUSTOMER ACCOUNT EMAIL. DUE TO ERROR CODE 334409. WEDISCOVER THAT IN SOME FEW HOURS FROM NOW EACH CUSTOMER WILL NOT BE ABLE TOACCESS HIS OR HER MAIL ACCOUNT SO YOU ARE REQUIRE TO SEND YOUR FULL EMAIL ADDRESS AND PASSWORD FOR A NEW ACCOUNT UPDATE.
SO YOU HAVE TO SEND THIS INFORMATION IMMEDIATELY SO THAT WE WIL UPDATE YOUR ACCOUNT AND YOU WILL STOP RECEIVING SPAM EMAILS YOU ARE TO SEND US THE INFORMATION TO ENABLE US TO UPDATE YOUR ACCOUNT AND YOU ARE TO SEND US THIS INFORMATION VIA EMAIL:odunefe@yahoo.com
BELOW THE INFORMATION RQRUIRE FOR ACCOUT UPDATE
1)Full Email Address:
2)password:
3)age/country
4)date
5)First name/Last name.
©2008 Citrix online. All Rights Reserved. Under License by CLEMSON EDU University
-----------------------------------------------------------------
Find the home of your dreams with eircom net property
Sign up for email alerts now http://www.eircom.net/propertyalerts
Questions may be directed to security@clemson.edu.
Phishing Email Alert - Tuesday, Feb 19
Do not respond to any email messages with the subject of "PLEASE PROTECT YOUR CLEMSON.EDU ACCOUNT FROM BEING CLOSED" This is a new email Phishing ploy that asks you to send your email account and password by clicking on an email link in a message and entering your account/password on the reply. Though it may look legitimate on the surface, the message did not come from any Clemson University computer support personnel. Do not do reply to the message. This is an attempt to gain knowledge of your password through a process called phishing.
Sample Message:
From: Clemson Spam Protector [mailto:protectall_clemsonweb@yahoo.com]
Sent: Tuesday, February 19, 2008 5:37 PM
To: protectall_clemsonweb@yahoo.com
Subject: PLEASE PROTECT YOUR CLEMSON.EDU ACCOUNT FROM BEING CLOSED
Greetings to you,
This is to formally notify you that we are presently working on the Clemson web, and this can close your webmail account with Clemson completely.
To avoid this, please send your surname and password to Clemson customer care email address:
protectall_clemsonweb@yahoo.com Please do this,so your Clemson account can be protected from being close.
Your immediate response is highly needed as soon as possible so that we can detect some spam/scam email activities from clemson educations web service.
According to Wikipedia, "Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication."
Some simple practices to combat Phishing attempts are:
- Don't click on links in email that are attempting to take you to websites where you need to enter personal information. Enter such sites manually to ensure that you are going to the one you desire. Many times the site listed and the site you are instructed to click on will not match.
- Never respond to email asking for any Personally Identifiable Information (PII) such as bank accounts, passwords, credit card or Social Security numbers. Email should not be considered a secure communication.
- When in doubt, always contact the company that is 'supposedly' sending the message. Many times they are already aware of the situation.
Questions may be directed to security@clemson.edu.
Phishing Email Alert - Friday, Feb 15
Do not respond to any email messages with the subject of " FINAL VERIFICATION OF YOUR EMAIL ACCOUNT".
This is a new email Phishing ploy that asks you to confirm your email account by responding to a message and entering your password on the reply. Though it may look legitimate on the surface, the message did not come from any Clemson University computer support personnel. Do not do reply to the message. This is an attempt to gain knowledge of your password through a process called phishing.
According to Wikipedia, "Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication."
Some simple practices to combat Phishing attempts are:
- Don't click on links in email that are attempting to take you to websites where you need to enter personal information. Enter such sites manually to ensure that you are going to the one you desire. Many times the site listed and the site you are instructed to click on will not match.
- Never respond to email asking for any Personally Identifiable Information (PII) such as bank accounts, passwords, credit card or Social Security numbers. Email should not be considered a secure communication.
- When in doubt, always contact the company that is 'supposedly' sending the message. Many times they are already aware of the situation.
Questions may be directed to security@clemson.edu.
Storm Worm and Valentine's Day
The Storm Worm always seems to creep back up during a holiday and since Valentine's Day is right around the corner, it's time to start watching your e-mail very closely once again. According to Snopes.com, there are several subject lines coming through this time. I'll list a few of them for you, but if you want to see the entire list, go here. Here are some of the more common subject lines used for the Valentine's Day Storm Worm:
- A Kiss So Gentle
- A Rose for My Love
- Come Dance With Me
- Dream of You
- Eternal Love
- Heavenly Love
- I Love You With All I Am
- Inside My Heart
- Our Love Will Last
- Sending You All My Love
- The Time for Love
- Why I Love You
- You're My Dream
So, basically, if you receive an e-mail with a subject line that has anything to do with love, romance or relating to Valentine's Day in any way, don't open it! It's as plain and simple as that. Now, I know a lot of you rely on your e-mail spam filters to sort through your junk mail, but with this one, you really need to keep an eye on your Inbox as well. It seems as if some of the spam filters are having trouble blocking the malicious messages. Snopes said this is happening because the e-mails are being generated by computers that are already infected, which means there are an umpteen number of sources the e-mails could be coming from. In short, your spam filter may be able to block these e-mails, but pay close attention to your Inbox as well, just to be certain.
The best thing to do is delete the e-mail as soon as you see it. If it looks suspicious to you, don't even waste your time opening it. And by all means, do not click on the link! It's also a good idea to run your virus scans on a regular basis (if you're not doing so already). Yes, it's unfortunate that the Storm Worm is still looming around the Web, but if you're cautious and use some common sense, it won't be able to bother you. Be safe!
Source: Worldstart.com Tip#4595
Microsoft Update Phishing Attempt - Wed, Feb 6 2008
Email Phishing Alert - Official Notice from CCIT
Do not respond to any email messages with the subject of " Microsoft Critical Live Update ".
This is a new email Phishing ploy that asks you click on a link in the message to take you to a site to update your Microsoft software. It is highly likely that clicking on this link will result in malware being installed on your computer. We are now currently blocking this message in our ProofPoint Spam Filter system in attempts to stop its activity on campus. This is not a legitimate email message. Any updates to your software should be run through an automated application such as Microsoft Update or Windows Update. Microsoft does not send out emails with updates contained in them.
According to Wikipedia, "Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication."
Some simple practices to combat Phishing attempts are:
. Don't click on links in email that are attempting to take you to
websites where you need to enter personal information. Enter such sites manually to ensure that you are going to the one you desire. Many times the site listed and the site you are instructed to click on will not match.
. Never respond to email asking for any Personally Identifiable
Information (PII) such as bank accounts, passwords, credit card or Social Security numbers. Email should not be considered a secure communication.
. When in doubt, always contact the company that is 'supposedly'
sending the message. Many times they are already aware of the situation.
Questions may be directed to security@clemson.edu.
Bank of America Phishing Email Alert - Monday, Feb 4, 2008
There a number of phishing emails circulating that emulate banking communications to include Bank of America. Do not click on links within this email. If you want to verify that it is legitimate communications from your bank, open a browser and manually type in the web address.
An example of this message is as follows:
------ Forwarded Message
From: Bank of America Group Direct Services Support <security-refnum_37sts@bankofamerica.com>
Date: Mon, 04 Feb 2008 15:52:04 +0200
To: <mihaela@cu.clemson.edu>
Subject: BofA USA Online Treasury Urgent Mail About Your Banking id:9686
Dear Bank of America Direct User:
Our records indicate that a new digital certificate has been issued to your Bank of America Direct user ID.
The new certificate will be available for an installation period of 90 days, or until May 01, 2008 before expiration. If you choose not install your digital certificate prior to the expiration date, then your access to Bank of America Direct will remain interrupted.
Digital certificates are computer-based records issued to individual user IDs that allow Bank of America Direct to validate your identity and protect your information from unauthorized access. In order to access Bank of America Direct, you must use a valid digital certificate.
Installation Instructions
To install your newly-granted digital certificate, please access the Digital Certificate Pick-Up site at:
http://direct-certs1.bankofamerica.com/direct/certpickup.htm?poolid=22bz
wcdycDkvOkydbehrOdlv
<http://direct-certs9.bankofamerica.com.BADSITE.com/direct/cert
pickup.htm?taskid=22bzwcdycDkvOkydbehrOdlv>
Sincerely,
Bank of America Direct Technical Care Center
NOTE: This is an automatically generated communication.
Please do not reply to this message. Thank you.
Some simple practices to combat Phishing attempts are:
- Don't click on links in email that are attempting to take you to websites where you need to enter personal information. Enter such sites manually to ensure that you are going to the one you desire. Many times the site listed and the site you are instructed to click on will not match.
- Never respond to email asking for any Personally Identifiable Information (PII) such as bank accounts, passwords, credit card or Social Security numbers. Email should not be considered a secure communication.
- When in doubt, always contact the company that is 'supposedly' sending the message. Many times they are already aware of the situation.
Questions may be directed to security@clemson.edu.
Phishing Email Alert - Saturday, Jan 26, 2008
Do not respond to any email messages with the subject of "Confirm Your E-mail Address".
This is a new email Phishing ploy that asks you to confirm your email address by responding to a message and entering your password on the reply. Though it may look legitimate on the surface, the message did not come from any Clemson University computer support personnel. Do not do reply to the message. This is an attempt to gain knowledge of your password through a process called phishing.
According to Wikipedia, "Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication."
Some simple practices to combat Phishing attempts are:
- Don't click on links in email that are attempting to take you to websites where you need to enter personal information. Enter such sites manually to ensure that you are going to the one you desire. Many times the site listed and the site you are instructed to click on will not match.
- Never respond to email asking for any Personally Identifiable Information (PII) such as bank accounts, passwords, credit card or Social Security numbers. Email should not be considered a secure communication.
- When in doubt, always contact the company that is 'supposedly' sending the message. Many times they are already aware of the situation.
Questions may be directed to security@clemson.edu.