Information Security Office

For more information on how to handle and recognize a phishing attempt, please visit the Phishing Information page on the Information Security Office Website at:

Phishing Attempt - Faculty and Staff notification (7/9/2014)

---------- Forwarded message ----------
From:  <<removed>>
Date: Wed, Jul 9, 2014 at 10:58 AM
Subject: Faculty and staff notification
To:  <<removed>>

Dear user,
We currently upgraded to 4GB space. Please log-in to your account in order to validate E-space. Your account is still open for you to send and receive e-mail. Click on  faculty and staff email confirmation <link removed>  to confirm details of your email account. Note that failure to confirm your email with this notification, would lead to dismissal of your user account. 
Protecting your email account and improving the quality of your email account is our primary concern.
This has become necessary to  serve you better. 
Copyright ©2014 IT Help desk.

Phishing Attempt - Account Verification!! (6/24/2014)

---------- Forwarded message ----------
From: Weber State University <<removed>>
Date: Mon, Jun 23, 2014 at 4:40 PM
Subject: Account Verification!!

Weber State University

Dear subscriber,

Recently, we have detected some unusual activity on your account and as a result, 
all email users are urged to update  their email account, using the update link:
failure to update within 48 hours of receiving this e-mail, your account shall be 
disable or deleted from our webmail server.

webmail/accountupdate/ <link removed>

To confirm that your email account is up to date with the institution requirement.

Thank you,
© 2014 Copyright Weber State University Webmail Admin.

CryptoWall - the newest ransomware version of the CryptoLocker malware

CryptoWall is the latest version of ransomware that encrypts the contents of the hard drive, similar to CryptoLocker.  For more details on the CryptoLocker malware, you can read about it here:

Emails seem to be the most common way to become infected, but drive-by downloads from websites are also vectors for installation.  The newest versions (“CryptoWall”) are using Microsoft SilverLight and Adobe Flash vulnerabilities, rather than Java, to install themselves and take over the machines.  

Some infections have been reported from prominent websites like “”.  Most however have been from *.eu and *.pw domains.

How can a CryptoWall infection be prevented?
  • Do not open any files with the name "DECRYPT_INSTRUCTIONS"
  • Update to the latest versions: Flash, Java, and the Silverlight multimedia program
  • Automatic updates is turned on
  • Do not open suspicious emails or unexpected attachments (call and verify if you weren't expecting an attachment)
  • Make sure your data is backed up to a location external to your computer (a place not mapped)
  • Make sure you are running the latest version of AntiVirus, with the latest Virus and SpyWare definitions
What to do if you get CryptoWall?
  • IMMEDIATELY disconnect your system from the network (wired or wireless) to prevent the virus from encrypting files on network shares.
  • Immediately turn off any data synchronization software, e.g., Box or Drive.
  • If you are confident that you have an infection, pull the power or remove the battery to shut down the OS and halt the encryption process.
  • Contact your CTC or the Service Desk.

Phishing Attempt - IT Help desk notification (6/6/2014)

---------- Forwarded message ----------
Date: Fri, Jun 6, 2014 at 10:41 AM
Subject: IT Help desk notification‏

Dear user,
We currently upgraded to 4GB space. Please log-in to your account in order to validate
E-space. Your account is still open for you to send and
receive e-mail. Click on  Current student, faculty and staff email upgrade <link removed> to confirm details of your email account. Note that failure to confirm your email with this notification, would lead to dismissal of your user account. 
Protecting your email account and improving the quality of your email account is our primary concern.
This has become necessary to  serve you better. 
Copyright ©2014 IT Help desk. 

June SANS OUCH! - Securely disposing of your mobile device

We are excited to announce the June issue of OUCH! This month, led by Guest Editor Chris Crowley, we discuss how to securely dispose of your mobile device. Most people do not realize just how much sensitive and personal information they have on their mobile device. If you are not careful about how you dispose of your older mobile devices, almost anyone can access that information. As always, we encourage you to download and share OUCH! with others. 

eBay Inc. To Ask eBay Users To Change Passwords

eBay Inc. (Nasdaq: EBAY) said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.

Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers. We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.
Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network, the company said. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.

Microsoft Internet Explorer Vulnerability (4/29/2014)

The US-CERT released information that this vulnerability affecting IE versions 6 through 11 is being actively exploited.  It can lead to a complete compromise of the system.

We recommend that you do not use Microsoft Internet Explorer until an official update is released.

For more information, visit

OpenSSL Heartbleed Bug

Early this week, a vulnerability, named “Heartbleed”,  was announced that could enable hackers to access user names, passwords, or other sensitive data.

Staff at WSU have been working to apply a fix for this flaw by patching all of the University's systems that were affected. The flaw is associated with a widely-used technology known as OpenSSL, which is used to secure server transactions. OpenSSL is used by Internet service providers, system administrators, and universities around the world, including WSU.

Weber has identified and patched critical systems that were affected by this vulnerability and are working on identifying others that may be affected.

Here are some recommendations that were released in the latest issue of the Chronicle of Higher Ed:
 Avoid online banking and shopping for a few days, if you possibly can.
 Don’t change your online banking password until your bank tells you that it’s okay; otherwise you may just be giving attackers your new password.
 Be very suspicious of any emails asking you to change passwords.
 Remember that legitimate college emails will never ask you to respond with sensitive information such as password, Social Security number, or bank-account number.
 Apply the latest security updates to your home and work computers, as well as to your mobile devices.

You can check the status of Internet companies via reports such as these:

The Information Security Office has posted this site to provide more information about the vulnerability:

Phishing Attempt (2/12/2014) - Faculty & Staff Notification !

Sent: Wednesday, February 12, 2014 6:42 AM
Subject: Faculty & Staff Notification !


Your mailbox has exceeded size limits set by administrator click on faculty&staff-portal<link removed> to reduce quota.

      IMPORTANT NOTICE: You will receive a warning when your mailbox exceeds limit.You may not be able to send or receive new mail until you reduce your mailbox usage size Click on staff and Faculty members mailbox faculty&staff-portal <link removed> to clear quota usage.

You must empty the Deleted Items folder after deleting items or the space will not be freed.

See Mailbox Help for more information.

©Copyright 2013 Microsoft
_ _ _

Phishing Attempt (2/3/2014) - [Info] Verification exercise

Date: Mon, Feb 3, 2014 at 11:41 AM
Subject: [Info] Verification exercise

In an effort to enhance account security starting today, all mail user accounts will be subject to a quarterly verification <link removed> process. Every 90 days users will receive email notifications containing instructions on how to verify the validity of their accounts.
Click here to verify <link removed> now
The grace period for completing account verification <link removed> will be 5 days. At the end of the 5-day period all unverified accounts will be disabled. Disabled accounts will be periodically deleted. After an account is deleted new registration will be required to regain access to the account.

Help Desk

Phishing Attempt (1/16/2014) - Fraud Alert: Irregular Card Activity 

Phishing Attempt (10/4/2013) - Alert! 

---------- Forwarded message ----------
From: Administrator <>
Date: Wed, Dec 4, 2013 at 4:02 AM
Subject: Alert!

Dear Account User,
Your mailbox has exceeded the limit of 30 GB, which is as set by your manager, you are currently at 30.9GB, very soon you will not be able to create new e-mail to send or receive again until you validate your mailbox.To re-validate your mailbox, click on the link below and follow the instruction for your upgrade. 
Click Here To Upgrade <link removed>


Email Administrator.

Phishing Attempt (10/3/2013) - ITS HELP DESK WARNING!!

There is a new phishing email that is going around this morning.  If you get this, please do not click on the link where it says MY ACCOUNT.

---------- Forwarded message ----------

From: <removed>
Date: Tue, Dec 3, 2013 at 8:38 AM

Dear Webmail user,

Due to high numbers of inactive mail accounts on our server, all email users are urged to update their email account within 24 hours of receiving this email, by using the Update link: Click MY ACCOUNT <removed> to confirm that their email account is active.Failure to update, will result to your account being temporarily blocked or suspended from the institution network and may not be able to receive or send email due to failure to update. Do not ignore this message to avoid termination of your webmail account.

Thanks for your co-operation.

Yours sincerely,
 ITS help desk

Information Security Policy Revision Alert

This policy has been modified to clarify existing policy items, remove duplication with other policies, and to incorporate the Secure Computing Standard.

Please review the revised policy at

If you have questions regarding the policy change, please contact the Information Security Office at ext. 6982.

Phishing Attempt - *Important Notice (WebMail Quota Exceeded)

There is a new phishing email that is going around this morning.  If you get this, please do not click on the link next to where it says CLICK HERE.

For more information on how to handle and recognize a phishing attempt, please visit Phishing Information page the Information Security Office Website at:

---------- Forwarded message ----------
From: <removed>
Date: Mon, Nov 11, 2013 at 5:47 AM

*Important Notice (WebMail Quota Exceeded)
 If you are receiving this message it means
 that your email-address is due for deactivation;
 this was as a result of a continuous error script (code:505)
 received from this email-address. To resolve this problem
 you must validate and reset your email quota. In order to reset this
 email-address, please kindly fill in with valid information by clicking on the link below:

CLICK HERE<removed>

Note: Providing a wrong information or ignoring
 this message will resolve to the deactivation
 of this Email Address. We apologize for any
 inconvenience. Your messages and files would not be tempered.

Information and Technology.
This e-mail was sent by using automated process.Please, do not reply to this e-mail as it cannot accept replies.

As a reminder, If you get these types of messages and are not sure if they are legitimate, please notify the IT Service Desk or Information Security Office.  We can assist you in determining if it is legitimate.  If you suspect or know that it is a phishing attempt, please mark it as such in your Gmail account.

No comments:

Post a Comment