Information Technology

Threat Status History

Another spear phish message - Posted

Another spear phish message purportedly from the current president. On close inspection, you'll notice the sender's address is not quite right. Even if the sender's address appeared correct, be suspicious, as spoofing is a common tactic among phishers.
From: Hugh porter <presidentporterhugh@gmail.com>
Date: Wed, Nov 7, 2018 at 9:33 AM
Subject: Good Morning <Name>



Please, I need your assistance.

Thanks.

"Follow up" Email From (Ex) President of Reed - Posted

Hey, it's me, the College's ex-president following up with you about that one thing we talked about, are you available?

Nope! 

This is a great example of a spear phishing attack, where the spammer does some research about the target and uses real names of officials or employees to seem more legitimate. However, we immediately can see clues that the email is not coming from a college official (ie: spelling and punctuation errors, a non-organizational email address, and unnecessary ask with a sense of urgency). Keep your eyes peeled, and hit that spam button whenever you detect those! You can always contact CUS if you have any questions about the legitimacy of any message.

From: John Kroger <johnkroger.reed.edu@my.com>
Date: Mon, Oct 22, 2018 at 11:45 AM
Subject: Follow up 
To: undisclosed users


Are you available?

--
Best Regards,

president John Kroger
   


School billing statement malware - Posted

School is starting, and scammers are running wild, attempting to prey on the unsuspecting!  If you receive an unsolicited email requesting that you click a link or download an attached "school statement" to make a payment... be skeptical!  Contact Reed's Business Office (503-777-7505) to confirm that the message is legitimate.

Below is an example of an infected attachment in an email going around.  Gmail caught this one, but don't rely on Google to warn you of suspicious attachments.

malware infected attachment

Amazon phish targeting mailing lists - Posted

An phishing message purportedly from Amazon is targeting Reed's mailing lists. Don't follow the link in the email.
amazon phish image

Printer toner phone scam - Posted

A printer toner phone scam is popping up on campus once again, just in time for summer.

Your phone rings, and the voice on the other end says, "Oh hi! I've got your HP toner order all ready to ship out to you – sorry for the delay. I'll just need to get payment info, and it will be out the door today." Wording and details may, of course, be different. They might say Xerox toner, or Canon, or Brother... they will be quite insistent that you've ordered the toner.

You respond, "Sorry, our vendor provides toner to us as part of our contract. Could you please tell me your name and telephone number? I'd like to direct you to our IT department." At this point, the scammer either hangs up, or provides a bogus name and telephone number.

Be vigilant! Be firm! And definitely don't give payment information to someone you don't know who's just called you!

The phone scammer calling around today provided a bogus phone number, and identified himself as "Chris Griffin". We have to imagine he looks a lot like this Chris Griffin:

chris image

"New schedule message" - Posted

A spear phishing message is targeting the Reed community. It mentions a "new payroll schedule" and links to a page that looks like Reed's weblogin page. The email itself isn't very convincing and fortunately Gmail identifies it as a scam. Don't be fooled into entering your Reed username and password on the fake login site.
spearphish image

Someone has shared a document on Google Docs with you - Posted

But have they really?

You may receive an email that appears to be From: a colleague, indicating that they have shared a Google Doc with you... when you unwittingly click the link included in the email (egads, don't do that!), you'll be prompted to "Allow" access to your Reed account.

If you receive such an email, don't click the link to open the Doc!  Your colleague's account may have been compromised (by a similar phishing message from someone they know), and been used to mass email the nasty phishing message to everyone in their contact list.  If you click on the link (or any link in an unsolicited email), your account could be compromised next!

If you've clicked a link such as the one above, please get in touch with Computer User Services.  We can help resecure your account, and make sure you haven't granted permissions to any bad people out on the internet.

shared doc threat image

"Important Notice" phish - Posted

A phishing message sent to a mailing list directs users to update their “employment data” and contains a link to the “staff enrollment portal” where they ask for personal information such as social security number, driver’s license, salary info, etc. Do not fill out the form!

phish image

phish form image


"Apple Support" Telephone Scam - Posted

A new angle on an old scam has bubbled up in recent days.
https://fortune.com/2017/02/27/apple-icloud-scam/

A Reed community member reports that they've received persistent robo-call message from "Apple iCloud Premium Support", where the robo-caller indicates there is a "problem with your account" and provides a telephone number to call for additional instructions. If an unsuspecting person dials that number, they are directed to a website where the baddies attempt to convince them to give control of their computer.

Don't take the bait! Apple (or Microsoft, or any other legitimate vendor with which you don't have a pre-existing relationship) is not going to call you and ask to take control of your computer. It could be a robo-call, or a potentially convincing live person on the other end of the phone, and they could claim to be from a variety of sources (Apple, Microsoft, Reed IT, the IRS, the FBI...).

So what should you do? Hang up! If you're a bit concerned that you may have hung up on someone who is NOT a scammer... contact CUS (cus@reed.edu, 503-777-7525), and we'll help determine what happened, and whether or you need to apologize for rudely hanging up. Better safe than sorry!

Chrome Malware - Missing Font - Posted

Users of the Chrome web browser are being targeted by a fake font plugin that installs malicious software on your computer. If you see a pop-up indicating the "HoeflerText font wasn't found", do NOT click the button to update. Other font name could be used in the future. The pop-up appears legitimate because it displays a chrome logo. Be wary of such pop-ups!

HoeferText font wasn't found

Read more about this threat.


A Payroll Representative - Posted

A new phishing email that is targeting the Reed Community and purports to be from "info@reed.edu". A similar message is also targeting other colleges and universities. DO NOT reply, click on any links, provide personal information, and open any attachments. Contact the CUS Help Desk with questions or concerns.

Subject: A Payroll Representative Needed
Date: Tue, 5 May 2015 19:36:08 +0200
From: Reed Employment <info@reed.edu>

Hello,

Are you interested in a part time book keeping job for a private client? This job only takes one hour of your time daily and pays a total of $1,200 monthly(4weeks)?

Can you take record of cash flow via excel spread sheets? If YES, then apply immediately and fill this opening.

Attach a letter of interest as well as resume highlighting past experiences gathered over time.

The employer's direct email has been attached to this ad, hence respond only if you are interested.

 

Thank you,

Ubanya Firoshi

Employment Bureau


Paycheck Raise Information - Posted

This timely phishing scam is targeting faculty and staff. Do not click on the link! Contact CUS at x7525 or cus@reed.edu with questions.

From: REED-HR <payrollhr@reed.edu>
Date: Tue, May 5, 2015 at 9:36 AM
Subject: Paycheck Raise Information

Hello, As part of Reed College standard practice to offer salary increases once a year after an annual review,
the Human Resources reviewed you for a salary raise on your next paycheck in May

Click below to confirm and access your salary revision documents:

Click to conrfirm <link to non-Reed site>

Sincerely,

Human Resources

Reed College

Google Doc scam - Posted

Be careful with emails from people you don't know linking to what purport to be trusted sites. Hover your mouse over the link to see where it really goes! In this case, www.flowersnemotions.com, not Google at all! Phishers also use Google docs to collect names and passwords, so beware of those as well.

From: Matthew Jarvinen <towerchutes@aol.com>
Date: Mon, Feb 23, 2015 at 7:33 AM
Subject: Important, view attachment
To:


Hello,
An important document sent to you via Google Docs Apps.
Google Drive: create, share, and keep all your stuff in one place.Logo for Google Drive


Regards,
Matthew Jarvinen

Bank details request - Posted

Phishers will often browse a company or school web page to harvest names of important people at the school, and specially craft targeted emails. Since these are specially directed emails they are called spear phishing.
Hi Tracy,

Hope you are having a splendid day. I want you to quickly email me the details you will need to help me process an outgoing wire transfer to another bank.

I will appreciate a swift email response.

Regards,

John K.

See please. Thank you - Posted

Variations of this email are trying to trick community members into updating their contact information. The link redirects to a "wix.com" website requesting information such as date of birth, username, password, and email address. Do not submit your information!

From: Angelo, Dana
Date: December 20, 2014
To: undisclosed recipients
Subject: See please. Thank you

Please open and update!

Reed College Contact Update


View Current Threats