Computing & Information Services
Threat Status History
"Richard Wilson commented on your Wall post." - Posted
If you get an email from someone you don't know, then do NOT click on any links in the email! The links in the phishing message below will not take you to Facebook. In fact, Facebook didn't even send this message (it's easy to make your email say "From:" whomever you want!). Instead, clicking a link in the email below would run malicious JavaScript code that would infect your machine with a virus. The way this phishing message is crafted, it will do things to your computer without your permission. Don't let that happen to you! Never click on links in emails from people whom you do not know!
Good News - Posted
This latest phishing email is nothing but bad news! Don't be fooled into submitting your username and password in the google form linked in the email.
From: Reed College News Forum <news@reed.edu>
Subject: GOOD NEWSYou can now login to Reed College news forum and get the latest information and news/update. Please use the database link: https://docs.google.com/a/blumail.org/spreadsheet/viewform?formkey=dGlsd.... to login for more information about this service.
Sign,
HELPDESK
©2012 Reed College.
Reed College | Phone: 503-771-1112 | Fax: 503-777-7769 | Address: 3203 Southeast Woodstock Boulevard, Portland, Oregon 97202-8199
"New Secure Message Regarding Your Reed College Webmail" - Posted
Don't be fooled into entering your Reed username/password on a cleverly crafted non-Reed login page designed to look like the real thing. This phishing email started to surface on April Fool's Day. This is no joke!
The following is what a user would see if they clicked on the "Click here to Log In" link from within the email. The website looks legitimate, but is it really? Click on the image below to learn more!
Compare the above phishy web page to Reed's legitimate login page (featured below). How can you tell the difference? Click on the image below to learn more!
New Outlook Web Access - Posted
Several variations of this phishing email are landing in the Inboxes of Reedies. This one cleverly refers to our transition to a new Webmail interface, "Reedcube". Although it is true that we are switching to a new Webmail interface, this email is hoping to steal your Reed credentials by tricking you into entering them on a bogus website. Don't be fooled by this one!
Reed College is migrating its email system, this migration will provide Reed mail users with many benefits including additional inbox storage (5GB), a more robust webmail solution (more secure Outlook Web Access), mobile device support and an integrated email and diary.
Please Click HERE to complete the migration steps through the login
before your account will be fully available.
©2012 Reed College
The website linked in the phishing email:
Your Amazon.com order has shipped! - Posted
Here is a different phishing approach that pretends to be from Amazon about an order that has shipped. Variations of this message will include a different product than shown in the example below. Don't click on the link in the email! It's just an attempt to get you to reveal your username and password!
Subject: Your Amazon.com order of "Canon Pixma MX882 Wireless Office All-in-One Inkjet Printer" has shipped!
Shipping Confirmation
Order # 365-5894215-2021338
Your estimated delivery date is:
Tuesday, December 22, 2011
Track your package Thank you for shopping with us. We thought you'd like to know that we shipped this portion of your order separately to give you quicker service. You won't be charged any extra shipping fees, and the remainder of your order will follow as soon as those items become available. If you need to return an item from this shipment or manage other orders, please visit Your Orders on Amazon.com.
Shipment Details
Canon Pixma MX882 Wireless Office All-in-One Inkjet Printer $119.95
Item Subtotal: $119.95
Shipping & Handling: $0.00
Total Before Tax: $119.95
Shipment Total: $119.95
Paid by Visa: $119.95
You have only been charged for the items sent in this shipment. Per our policy, you only pay for items when we ship them to you.
Returns are easy. Visit our .
If you need further assistance with your order, please visit Customer Service.
We hope to see you again soon!
Amazon.com
New scam requesting tutors - Posted
The following email is targeting colleges and universities. See the initial and secondary response from the scammer.
Initial contact email:
Good Morning
My name is Valerie Weiss today I was surfing the internet and I found your email contact on the Dept University's website. I am presently looking for tutor for my son Ethan, we live here in England and he has completed high school last summer back home in Slovakia. He has been ice-hockey camping for the past month and we feel it is a forward decision for us to get him a tutor to in physics as he wants to be an engineer.
He scored a B in Physics recently in his Cambridge O"Level exam and we are hoping his sporting activities will not deter he academic pursuit.
Let me know your hourly rates and also time during the week and on week ends you will be available to coach him (total number of hours you can use with him a week). Please let us hear from you soon as he would be in Canada in a couple of days/week to stay with my sister in-law for the time been and I will very much appreciate it very much if you can introduce me to someone qualified in the case you are not available.
Thanks
Valerie
After a grad student replied, they received the following response:
Good Morning <Grad Student Name>
I am particularly pleased to hear from you, my husband and I have gone over this, we are very happy because we know Ethan will be in safe hands.
Ethan will be in the states in the coming week. I want you to work with him and open him up to the idea of college education as I believe you are clearly a professional in this field .
I want you to know that my husband and i had initially hired a private tutor for Ethan and he was supposed to tutor him for two months preparing him for his SAT test again, this is because we weren't sure he passed the test, we already paid him upfront for but just before we concluded on lesson days and time, he lost his wife and decided to quit teaching and take proper care of his family but he has long agreed to have my money sent to any alternative tutor who'll be handling Ethan with his lessons. Luckily for us Ethan passed his SAT and scored 1320 points I was so surprised.
As we speak now Ethan doesn't need SAT coaching anymore and since you are his new tutor the payment you will receiving is the amount of $2,950, I'll need you to have your costs for Ethan's lessons as agreed at ($450) deducted from the funds received and have what's left sent out via western union to Ethan's travel arrangements as the funds will be used in securing his flight tickets and BTA (Basic Travel Allowance) as this is highly required upon his arrival at the Canadian airport according to the Canadian Immigration rules and also required as proof of funds.
I know you would ask the question why cant my sister in-law handle this for us? As we speak is she recently put to bed with some complications in Sweden, due to be back in another 5 weeks or so, her house keeper is of Spanish origin with no knowledge of the internet,s he understands and speaks little English.I hope you can understand that it would be a whole lot more difficult if I were to ask her to help me here since I dont even speak Spanish at all.
If this OK, I'll need you to provide me with your full name as to be written on the payment, your contact address(where the payment will be sent to and your phone number and I'll instruct to have the payment issued and sent out to your location asap.
OK then have a great day and get back to me and i can make relevant arrangements duly then.Also anytime or day of the week that suits you best for lessons works just fine with us as Ethan's schedule for now is fully open.
Regards,
Valerie
"Important Notice": "almost exceeded your storage quota" - Posted
In the following phishing attack, the from address appears to be an official Reed email address, while the actual reply-to address, which is sometimes obscured, is actually peacoth.2ww@gishpuppy.com. UNDER NO CIRCUMSTANCES WILL CUS OR ANY MEMBER OF CIS ASK FOR YOUR PASSWORD. NEVER GIVE OUT YOUR PASSWORD TO ANYONE.
Subject: Important Notice
Date: Tue, 12 Oct 2010 19:44:10 +0200 (CEST)
From: Reed Webmail Administrator <webadmin@reed.edu>
To: undisclosed-recipients:;Dear Reed Webmail user,
You have almost exceeded your storage quota. To avoid possible loss of important data and deletion of your email account, please follow the link below
http://www.webadmn.co.cc/?778fbb6bf152777437b947
Best WishesReed Webmail Administrator
Reed Webmail Virus Alert - Posted
Though this phishing attempt isn't very crafty, some Reedies are still wondering about its legitimacy. Under NO circumstances should you reveal your Reed password to anyone! CIS will NEVER ask for your password.
Subject: Reed Webmail Virus Alert
Date: Thu, 17 Jun 2010 07:02:24 -0700 (PDT)
From: REED TECHNICAL SERVICE <rushingwind91@bellsouth.net>
Reply-To: help_desk01@mail2webmaster.comDear Reed Webmail User,
A DGTFX virus has been detected in your folders. Your Reed Webmail Account has to be upgraded to our new Secured DGTFX Anti-virus 2010 version to prevent
damages to your Webmail log and your important files. Click your reply tab, Fill the columns below and send back to us the requested information so
that your Reed Webmail Account will not be terminated due to the spread of the virus.
Username:
Password:
Confirm Password:
Date Of Birth:
Director of Reed Webmail Technical Team: Note that your password will be
encrypted with 1024-bit RSA keys for your password safety
Thank you for your cooperation
Reed Webmail Technical Team.
"Your Account Update" - Posted
This phishing attempt appears to be sent from "helpdesk@reed.edu" though the From address references a yahoo.com address. Please keep in mind the following: *CIS will never ask you for for your password. *Every request to reveal your Reed password is 100% fraudulent. *Never reveal your Reed password to anyone.
Subject: Your Account Update
Date: Thu, 11 Mar 2010 02:40:08 -0800 (PST)
To: helpdesk@reed.edu
From: "helpdesk@reed.edu" <chucklehman@yahoo.com>
Dear reed Customer
this is to alert you of the recent changes/upgrading that will be going on shortly in your email account.We want you to provide us with your email (ID) and email (Password) so we can enter your data into our data base operating system for upgrading and to avoid your account been close.you are to reply within the next 24hrs of receiving this mail.Copyright © 2010 Customer Service.
"Scheduled Service Maintenace" - Posted
This phishing scam is targeting Reed lists and appears to be sent from a legitimate-looking Help Desk email address. Remember CIS will NEVER ask for your password.
Subject: Scheduled Service Maintenance
Date: Mon, 8 Mar 2010 19:35:09 +0100
From: "CIS Help Desk"<helpdesk@reed.edu>
CIS Help Desk
Attn Reed Webmail Users,
Scheduled Service Maintenance
Your Reed Webmail account service is in the process of being upgraded to a new set of servers. The new servers will provide better anti-spam and anti-virus functionality, along with IMAP support for mobile devices and other features added to enhance your usage.
To confirm and keep your Reed Webmail account active during and after our upgrade, kindly reply confirming your Reed Webmail account login details by stating:
* Username:
* Password:
Failure to acknowledge receipt of this notification, might result to a permanent deactivation of your Reed Webmail account from OIT database for up coming users.
Your Reed Webmail account shall remain active after you have successfully confirmed your Reed Webmail account details.
CIS apologize for any inconvenience caused.
CIS Help Desk
© 2010 Reed College, All Rights Reserved.
"Dear reed.edu User" - Posted
Don't fall for the latest phishing email that is targeting the Reed community. Never reveal your password to anyone!
Subject: Dear reed.edu User
From: Webmail Center Administrator <markusbreuning@hispeed.ch>
Reply-To: accountaccess00@mail2world.comDear reed.edu User,
We would like to inform you that we are currently carrying out Scheduled maintenance and upgrade of our reed.edu webmail service and as a result of this our reed.edu client has been changed and your original password will reset. We are sorry for any inconvenience caused.
To maintain your reed.edu account, you must reply to this mail immediately and enter your current Password here (******). Failure to do this within 48hours will immediately render your reed.edu account deactivated from our database.
Thank you for using the reed.edu account!
"REED.EDU ACCOUNT SUPPORT TEAM".
© REED.EDU ACCOUNT ABN 31 088 377 860 All Rights Reserved.
E-Mail Account Maintenance
"Reed Report" - Posted
This phishing attempt has cleverly been sent at the beginning of the semester to target new and returning students. Every request to reveal your Reed password is 100% fraudulent. Never reveal your Reed password to anyone!
Subject: Reed Report
Your email account has been reported for numerous spam activities from a foreign ip recently. As a result, reed.edu has received advice to suspend your account. However, you might not be the one promoting this Spam, as your email account might have been compromised. To protect your account from sending spam mails, you are to confirm your true ownership of this account by providing your username/NetID (*******) and PASSWORD (*******) as a reply to this message. On receipt of the requested information, the reed.edu email support shall block your account from Spam.
From: helpdesk@reed.edu <useridhelp@gmail.com>
Failure to do this will violate the reed.edu email terms & conditions. This will render your account inactive.
NOTE: You will be send a password reset message in next seven (7) working days after undergoing this process for security reasons.
Reed College Webmail Access (Powered By ymail).
© 2009 Reed College
"Email Security Message" - Posted
A screenshot of a phishing scam targeting the Reed community is posted below. This one is more official-looking than some others. Though the link in the email appears to be valid, it actually redirects you to a different site. The spoofed site has been crafted to look almost identical to Reed's legitimate Webmail login page. Don't fall for this one!
The login page that loads if you click on the link in the message:
"Reed College Webmail User" phishing attack - Posted
Variations of the following phishing email are targeting the Reed community. Please remember that we will never ask for your password. Some of the tip-offs include: 1) grammatical errors; 2) differing "From" and "Reply-To" email addresses (none of which are Reed email addresses); 3) bogus URL at the bottom of the message.
Subject: Dear Reed College Webmail User,
From: Webmail Update Centre <bolliger.gravuren@swissonline.ch>
Reply-To: webaccount-subscribe-webmaster@w.cnDear Reed College Webmail User,
This is to inform you that your www.reed.edu webmail account has been
infected by virus and you need to act fast before your e-mail box get
distroy/damage by the virus.
Help yourself by verifying the account informations below to enable us
know that you are the right owner of the webmail account. You have just
24hours to get back to us.
Webmail Account Verification:
1. Full Names:.......
2. Email:............
3. Password:.........
Thank you for using
https://webmail.reed.edu/imp/login.php<http://www.neumann.edu/>
Copyright ©2009 Mail :: Welcome to Webmail
Verify Your reed.edu Email Account Now! - Posted
Don't take the bait on this one! It's filled with grammatical and punctuation errors. Remember, Reed will never ask for your password!
This is a Update Message From Reed.edu Networks and Security .
*********************************************************
Dear reed.edu Webmail Account User,
We are undertaking some essential, but extensive, maintenance to improve
your "reed.edu" Mail Service. The maintenance is part of our efforts to
solve the problem encountered with our Database and the Internet Service
Manager in which a lot of records were lost, We are contacting you to
inform you that our Account Review Team identified some unusual activity
in your "reed.edu" Account.
Therefore,we are currently upgrading our database and "reed.edu" e-mail
center.Reed.edu is constantly working to ensure security by regularly
screening the accounts in our system. We recently reviewed your account,
and we need more information to help us provide you with secure service.
Until we can collect this information, your access to sensitive account
features will be limited.
WHY IS MY ACCOUNT ACCESS LIMITED?
Your account access has been limited for the following reason(s):
20 Jan. 2009: We determined someone tried to access your "reed.edu"
account without your permission. For your protection, we have limited your
account access. To lift this limitation, you have to immediately send to
us your current "reed.edu"" webmail User name(...........) and Password
(...........) to our maintenance unit via email.
You are to follow the steps below to enable you restore full access of
your account.Failure to provide the requested information below will lead
to permanent closure of your account.
After you have sent to us your correct account details.A confirmation link
will be send to you for the Re-Activation of your e-mail Account, as soon
you receive our response and you are to Click on the "Confirm E-mail" link
on your mail Account box and then enter this confirmation code:
1265-6778-8250-83
Complaints has been received from our email account users for unauthorized
use of their "reed.edu" Email. As a result we have improvised a new
security measure by resetting your Webmail Account to curb the activities
of hackers in order to protect your email information from theft and
fraud.
Provide all these information completely and correctly otherwise due to
security reasons we may have to close your webmail account permanently.
Users have often told us that the more they use our email Service, the
more they discover its benefits. So go ahead and give us the details for
proper maintenance of your webmail account,we assure you that your details
will not be shared.
Please understand that this is a security measure intended to help protect
your "reed.edu" Webmail Account.We apologize for any inconvenience.
Thanks For Your Co-operation.
Reed.edu Maintenance Team
Copyright ©2009 Reed.edu, Inc.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
