Computing & Information Services
Threat Status History
Missed Package Delivery - Posted
Many Reedies are receiving the following email and wondering if it is legit. The red flag is the web address. If you hover your mouse over the URL (but don't click on it!), you will see it is redirecting to a bogus website.
From: US Postal Service <firstname.lastname@example.org>
Subject: Missed Package delivery
Notice of Tax Return for Year 2012 - Posted
It's tax season and the phishers are trying to take more of your money! Do not be fooled and don't click on the link in the message.
Your Order - Approved - Posted
Be suspicious if you receive an email about an airline ticket you didn't purchase. Various forms of this email will use other airlines. Don't click on the links in the message!
Subject: Your Order#846280172 - APPROVED
From: Delta Airlines
Your credit card has been successfully processed.
FLIGHT NUMBER DT846280172US
DATE & TIME / APR 14, 2013, 12:45 AM
ARRIVING / Washington
TOTAL PRICE / 501.33 USD
Please download and print your ticket from the following URL :
For more information regarding your order, contact us by
[Info] Important Email Migration? - Posted
Though Reed is migrating email to Gmail, the message below is just phishing for your information. Do not click on the link in the message!
Subject: [Info] Important Email Migration?
From: Admin announcement
Migration to the new email server has commenced, you are required to validate your webmail account here <http://skyviperpc.com/images/...> for upgrade to take effect.
Users who do not upgrade there account may loose important data information in there mailbox. Please click here <http://skyviperpc.com/images/...> to update details.
Breaking News - Posted
If you receive the following email, don't be fooled into clicking on the link and filling out the requested information! It's just a ploy from phishers who want your username and password.
Subject: Breaking News
Dear Email user,
We have upgraded our server to more secured version.This is to protect and prevent unauthorized access to your email account.You are require to upgrade your account to secured version by Clicking here or on the secure link below
The personal information requested is for the safety of your account. Please leave all information requested to avoid account deactivation.
©2012 Reed College
The link takes you to a form on a 3rd party website:
"Richard Wilson commented on your Wall post." - Posted
Subject: Richard Wilson commented on your Wall post.From: Facebook <email@example.com>Date: 2012.08.08 8:45 AM
Good News - Posted
This latest phishing email is nothing but bad news! Don't be fooled into submitting your username and password in the google form linked in the email.
From: Reed College News Forum <firstname.lastname@example.org>
Subject: GOOD NEWS
You can now login to Reed College news forum and get the latest information and news/update. Please use the database link:to login for more information about this service.
©2012 Reed College.
Reed College | Phone: 503-771-1112 | Fax: 503-777-7769 | Address: 3203 Southeast Woodstock Boulevard, Portland, Oregon 97202-8199
"New Secure Message Regarding Your Reed College Webmail" - Posted
Don't be fooled into entering your Reed username/password on a cleverly crafted non-Reed login page designed to look like the real thing. This phishing email started to surface on April Fool's Day. This is no joke!
The following is what a user would see if they clicked on the "Click here to Log In" link from within the email. The website looks legitimate, but is it really? Click on the image below to learn more!
Compare the above phishy web page to Reed's legitimate login page (featured below). How can you tell the difference? Click on the image below to learn more!
New Outlook Web Access - Posted
Several variations of this phishing email are landing in the Inboxes of Reedies. This one cleverly refers to our transition to a new Webmail interface, "Reedcube". Although it is true that we are switching to a new Webmail interface, this email is hoping to steal your Reed credentials by tricking you into entering them on a bogus website. Don't be fooled by this one!
Reed College is migrating its email system, this migration will provide Reed mail users with many benefits including additional inbox storage (5GB), a more robust webmail solution (more secure Outlook Web Access), mobile device support and an integrated email and diary.
Please Click HERE to complete the migration steps through the login
before your account will be fully available.
©2012 Reed College
The website linked in the phishing email:
Your Amazon.com order has shipped! - Posted
Here is a different phishing approach that pretends to be from Amazon about an order that has shipped. Variations of this message will include a different product than shown in the example below. Don't click on the link in the email! It's just an attempt to get you to reveal your username and password!
Subject: Your Amazon.com order of "Canon Pixma MX882 Wireless Office All-in-One Inkjet Printer" has shipped!
Order # 365-5894215-2021338
Your estimated delivery date is:
Tuesday, December 22, 2011
Track your package Thank you for shopping with us. We thought you'd like to know that we shipped this portion of your order separately to give you quicker service. You won't be charged any extra shipping fees, and the remainder of your order will follow as soon as those items become available. If you need to return an item from this shipment or manage other orders, please visit Your Orders on Amazon.com.
Canon Pixma MX882 Wireless Office All-in-One Inkjet Printer $119.95
Item Subtotal: $119.95
Shipping & Handling: $0.00
Total Before Tax: $119.95
Shipment Total: $119.95
Paid by Visa: $119.95
You have only been charged for the items sent in this shipment. Per our policy, you only pay for items when we ship them to you.
Returns are easy. Visit our .
If you need further assistance with your order, please visit Customer Service.
We hope to see you again soon!
New scam requesting tutors - Posted
The following email is targeting colleges and universities. See the initial and secondary response from the scammer.
Initial contact email:
My name is Valerie Weiss today I was surfing the internet and I found your email contact on the Dept University's website. I am presently looking for tutor for my son Ethan, we live here in England and he has completed high school last summer back home in Slovakia. He has been ice-hockey camping for the past month and we feel it is a forward decision for us to get him a tutor to in physics as he wants to be an engineer.
He scored a B in Physics recently in his Cambridge O"Level exam and we are hoping his sporting activities will not deter he academic pursuit.
Let me know your hourly rates and also time during the week and on week ends you will be available to coach him (total number of hours you can use with him a week). Please let us hear from you soon as he would be in Canada in a couple of days/week to stay with my sister in-law for the time been and I will very much appreciate it very much if you can introduce me to someone qualified in the case you are not available.
After a grad student replied, they received the following response:
Good Morning <Grad Student Name>
I am particularly pleased to hear from you, my husband and I have gone over this, we are very happy because we know Ethan will be in safe hands.
Ethan will be in the states in the coming week. I want you to work with him and open him up to the idea of college education as I believe you are clearly a professional in this field .
I want you to know that my husband and i had initially hired a private tutor for Ethan and he was supposed to tutor him for two months preparing him for his SAT test again, this is because we weren't sure he passed the test, we already paid him upfront for but just before we concluded on lesson days and time, he lost his wife and decided to quit teaching and take proper care of his family but he has long agreed to have my money sent to any alternative tutor who'll be handling Ethan with his lessons. Luckily for us Ethan passed his SAT and scored 1320 points I was so surprised.
As we speak now Ethan doesn't need SAT coaching anymore and since you are his new tutor the payment you will receiving is the amount of $2,950, I'll need you to have your costs for Ethan's lessons as agreed at ($450) deducted from the funds received and have what's left sent out via western union to Ethan's travel arrangements as the funds will be used in securing his flight tickets and BTA (Basic Travel Allowance) as this is highly required upon his arrival at the Canadian airport according to the Canadian Immigration rules and also required as proof of funds.
I know you would ask the question why cant my sister in-law handle this for us? As we speak is she recently put to bed with some complications in Sweden, due to be back in another 5 weeks or so, her house keeper is of Spanish origin with no knowledge of the internet,s he understands and speaks little English.I hope you can understand that it would be a whole lot more difficult if I were to ask her to help me here since I dont even speak Spanish at all.
If this OK, I'll need you to provide me with your full name as to be written on the payment, your contact address(where the payment will be sent to and your phone number and I'll instruct to have the payment issued and sent out to your location asap.
OK then have a great day and get back to me and i can make relevant arrangements duly then.Also anytime or day of the week that suits you best for lessons works just fine with us as Ethan's schedule for now is fully open.
"Important Notice": "almost exceeded your storage quota" - Posted
In the following phishing attack, the from address appears to be an official Reed email address, while the actual reply-to address, which is sometimes obscured, is actually email@example.com. UNDER NO CIRCUMSTANCES WILL CUS OR ANY MEMBER OF CIS ASK FOR YOUR PASSWORD. NEVER GIVE OUT YOUR PASSWORD TO ANYONE.
Subject: Important Notice
Date: Tue, 12 Oct 2010 19:44:10 +0200 (CEST)
From: Reed Webmail Administrator <firstname.lastname@example.org>
Dear Reed Webmail user,
You have almost exceeded your storage quota. To avoid possible loss of important data and deletion of your email account, please follow the link below
Reed Webmail Administrator
Reed Webmail Virus Alert - Posted
Though this phishing attempt isn't very crafty, some Reedies are still wondering about its legitimacy. Under NO circumstances should you reveal your Reed password to anyone! CIS will NEVER ask for your password.
Subject: Reed Webmail Virus Alert
Date: Thu, 17 Jun 2010 07:02:24 -0700 (PDT)
From: REED TECHNICAL SERVICE <email@example.com>
Dear Reed Webmail User,
A DGTFX virus has been detected in your folders. Your Reed Webmail Account has to be upgraded to our new Secured DGTFX Anti-virus 2010 version to prevent
damages to your Webmail log and your important files. Click your reply tab, Fill the columns below and send back to us the requested information so
that your Reed Webmail Account will not be terminated due to the spread of the virus.
Date Of Birth:
Director of Reed Webmail Technical Team: Note that your password will be
encrypted with 1024-bit RSA keys for your password safety
Thank you for your cooperation
Reed Webmail Technical Team.
"Your Account Update" - Posted
This phishing attempt appears to be sent from "firstname.lastname@example.org" though the From address references a yahoo.com address. Please keep in mind the following: *CIS will never ask you for for your password. *Every request to reveal your Reed password is 100% fraudulent. *Never reveal your Reed password to anyone.
Subject: Your Account Update
Date: Thu, 11 Mar 2010 02:40:08 -0800 (PST)
From: "email@example.com" <firstname.lastname@example.org>
Dear reed Customer
this is to alert you of the recent changes/upgrading that will be going on shortly in your email account.We want you to provide us with your email (ID) and email (Password) so we can enter your data into our data base operating system for upgrading and to avoid your account been close.you are to reply within the next 24hrs of receiving this mail.Copyright © 2010 Customer Service.
"Scheduled Service Maintenace" - Posted
This phishing scam is targeting Reed lists and appears to be sent from a legitimate-looking Help Desk email address. Remember CIS will NEVER ask for your password.
Subject: Scheduled Service Maintenance
Date: Mon, 8 Mar 2010 19:35:09 +0100
From: "CIS Help Desk"<email@example.com>
CIS Help Desk
Attn Reed Webmail Users,
Scheduled Service Maintenance
Your Reed Webmail account service is in the process of being upgraded to a new set of servers. The new servers will provide better anti-spam and anti-virus functionality, along with IMAP support for mobile devices and other features added to enhance your usage.
To confirm and keep your Reed Webmail account active during and after our upgrade, kindly reply confirming your Reed Webmail account login details by stating:
Failure to acknowledge receipt of this notification, might result to a permanent deactivation of your Reed Webmail account from OIT database for up coming users.
Your Reed Webmail account shall remain active after you have successfully confirmed your Reed Webmail account details.
CIS apologize for any inconvenience caused.
CIS Help Desk
© 2010 Reed College, All Rights Reserved.