Computing & Information Services

Threat Status History

Phish of a phish - Posted

This phishing email warns about being phished!

Phish of a phish

Information Technology Services Help Desk - Posted

It's true that Reed is migrating email to Gmail, but the following email is a phish. Don't be fooled!

Subject: Information Technology Services Help Desk
Date: Wed, 29 May 2013 14:04:32 +0300
From: Reed College <noreply@reed.edu>


Dear User,

Reed College has upgraded the webmail server to a new and more secured
2013 version.

This will enable your webmail take a new look, with new functions and
anti-spam security.

You are advised to "Click" and "Follow" the link below to upgrade and to
enable advanced security features;



http:/reed.edu/upgrade/information
<http://www.123contactform.com/form-591263/Reed-College>



Reed College,
3203 Southeast Woodstock Boulevard,
Portand, Oregon
Copyright © 2013•
------------------------------------------------------------

Phishy website


Missed Package Delivery - Posted

Many Reedies are receiving the following email and wondering if it is legit. The red flag is the web address. If you hover your mouse over the URL (but don't click on it!), you will see it is redirecting to a bogus website.

From: US Postal Service <tracking@usps.com>
Subject: Missed Package delivery

USPS phish


Notice of Tax Return for Year 2012 - Posted

It's tax season and the phishers are trying to take more of your money! Do not be fooled and don't click on the link in the message.

IRS

Your Order - Approved - Posted

Be suspicious if you receive an email about an airline ticket you didn't purchase. Various forms of this email will use other airlines. Don't click on the links in the message!

Subject: Your Order#846280172 - APPROVED
From: Delta Airlines <tickets@delta.com>

Dear Customer,


Your credit card has been successfully processed.

FLIGHT NUMBER DT846280172US
ELECTRONIC 846280172
DATE & TIME / APR 14, 2013, 12:45 AM
ARRIVING / Washington
TOTAL PRICE / 501.33 USD

Please download and print your ticket from the following URL :

https://www.delta.com/flifo/servlet/DeltaDLTicket?airline_code=DL&flight_number=DT610372917US&order_date=04/08/2013&request=main

<http://www.themarinasideresort.com/docs/delta_ticket_pdf.zip>

For more information regarding your order, contact us by
visiting :
https://www.delta.com/content/www/en_US/support/talk-to-us.html


Thank you
Delta Airlines.


[Info] Important Email Migration? - Posted

Though Reed is migrating email to Gmail, the message below is just phishing for your information. Do not click on the link in the message!

Subject: [Info] Important Email Migration?
From: Admin announcement

Migration to the new email server has commenced, you are required to validate your webmail account here <http://skyviperpc.com/images/...> for upgrade to take effect.

Users who do not upgrade there account may loose important data information in there mailbox. Please click here <http://skyviperpc.com/images/...> to update details.


Breaking News - Posted

If you receive the following email, don't be fooled into clicking on the link and filling out the requested information! It's just a ploy from phishers who want your username and password.

From: admin@reed.edu
Subject: Breaking News

Dear Email user,
We have upgraded our server to more secured version.This is to protect and prevent unauthorized access to your email account.You are require to upgrade your account to secured version by Clicking here or on the secure link below
secure/reed.edu
The personal information requested is for the safety of your account. Please leave all information requested to avoid account deactivation.
Thank you
©2012 Reed College

The link takes you to a form on a 3rd party website:

Phish Form


"Richard Wilson commented on your Wall post." - Posted

If you get an email from someone you don't know, then do NOT click on any links in the email! The links in the phishing message below will not take you to Facebook. In fact, Facebook didn't even send this message (it's easy to make your email say "From:" whomever you want!). Instead, clicking a link in the email below would run malicious JavaScript code that would infect your machine with a virus. The way this phishing message is crafted, it will do things to your computer without your permission. Don't let that happen to you! Never click on links in emails from people whom you do not know!

Subject: Richard Wilson commented on your Wall post.
From: Facebook <comments@faceboook.com>
Date: 2012.08.08 8:45 AM

screenshot of phishing message


Good News - Posted

This latest phishing email is nothing but bad news! Don't be fooled into submitting your username and password in the google form linked in the email.

From: Reed College News Forum <news@reed.edu>
Subject: GOOD NEWS

You can now login to Reed College news forum and get the latest information and news/update. Please use the database link: https://docs.google.com/a/blumail.org/spreadsheet/viewform?formkey=dGlsd.... to login for more information about this service.

Sign,
HELPDESK
©2012 Reed College.
Reed College | Phone: 503-771-1112 | Fax: 503-777-7769 | Address: 3203 Southeast Woodstock Boulevard, Portland, Oregon 97202-8199


"New Secure Message Regarding Your Reed College Webmail" - Posted

Don't be fooled into entering your Reed username/password on a cleverly crafted non-Reed login page designed to look like the real thing. This phishing email started to surface on April Fool's Day. This is no joke!

The phish email
The following is what a user would see if they clicked on the "Click here to Log In" link from within the email. The website looks legitimate, but is it really? Click on the image below to learn more!

Fake login page

Compare the above phishy web page to Reed's legitimate login page (featured below). How can you tell the difference? Click on the image below to learn more!

Reed's Legitimate Login page


New Outlook Web Access - Posted

Several variations of this phishing email are landing in the Inboxes of Reedies. This one cleverly refers to our transition to a new Webmail interface, "Reedcube". Although it is true that we are switching to a new Webmail interface, this email is hoping to steal your Reed credentials by tricking you into entering them on a bogus website. Don't be fooled by this one!

Reed College is migrating its email system, this migration will provide Reed mail users with many benefits including additional inbox storage (5GB), a more robust webmail solution (more secure Outlook Web Access), mobile device support and an integrated email and diary.

Please Click HERE to complete the migration steps through the login

before your account will be fully available.

 

©2012 Reed College

The website linked in the phishing email:

Phishing website

 


Your Amazon.com order has shipped! - Posted

Here is a different phishing approach that pretends to be from Amazon about an order that has shipped. Variations of this message will include a different product than shown in the example below. Don't click on the link in the email! It's just an attempt to get you to reveal your username and password!

Subject: Your Amazon.com order of "Canon Pixma MX882 Wireless Office All-in-One Inkjet Printer" has shipped!

Shipping Confirmation
Order # 365-5894215-2021338

Your estimated delivery date is:
Tuesday, December 22, 2011

Track your package Thank you for shopping with us. We thought you'd like to know that we shipped this portion of your order separately to give you quicker service. You won't be charged any extra shipping fees, and the remainder of your order will follow as soon as those items become available. If you need to return an item from this shipment or manage other orders, please visit Your Orders on Amazon.com.

Shipment Details

Canon Pixma MX882 Wireless Office All-in-One Inkjet Printer $119.95
Item Subtotal: $119.95
Shipping & Handling: $0.00
Total Before Tax: $119.95
Shipment Total: $119.95
Paid by Visa: $119.95

You have only been charged for the items sent in this shipment. Per our policy, you only pay for items when we ship them to you.

Returns are easy. Visit our .
If you need further assistance with your order, please visit Customer Service.

We hope to see you again soon!
Amazon.com


New scam requesting tutors - Posted

The following email is targeting colleges and universities. See the initial and secondary response from the scammer.

Initial contact email:

Good Morning

My name is Valerie Weiss today I was surfing the internet and I found your email contact on the Dept University's website. I am presently looking for tutor for my son Ethan, we live here in England and he has completed high school last summer back home in Slovakia. He has been ice-hockey camping for the past month and we feel it is a forward decision for us to get him a tutor to in physics as he wants to be an engineer.

He scored a B in Physics recently in his Cambridge O"Level exam and we are hoping his sporting activities will not deter he academic pursuit.

Let me know your hourly rates and also time during the week and on week ends you will be available to coach him (total number of hours you can use with him a week). Please let us hear from you soon as he would be in Canada in a couple of days/week to stay with my sister in-law for the time been and I will very much appreciate it very much if you can introduce me to someone qualified in the case you are not available.

Thanks

Valerie


After a grad student replied, they received the following response:

Good Morning <Grad Student Name>

I am particularly pleased to hear from you, my husband and I have gone over this, we are very happy because we know Ethan will be in safe hands.

Ethan will be in the states in the coming week. I want you to work with him and open him up to the idea of college education as I believe you are clearly a professional in this field .

I want you to know that my husband and i had initially hired a private tutor for Ethan and he was supposed to tutor him for two months preparing him for his SAT test again, this is because we weren't sure he passed the test, we already paid him upfront for but just before we concluded on lesson days and time, he lost his wife and decided to quit teaching and take proper care of his family but he has long agreed to have my money sent to any alternative tutor who'll be handling Ethan with his lessons. Luckily for us Ethan passed his SAT and scored 1320 points I was so surprised.

As we speak now Ethan doesn't need SAT coaching anymore and since you are his new tutor the payment you will receiving is the amount of $2,950, I'll need you to have your costs for Ethan's lessons as agreed at ($450) deducted from the funds received and have what's left sent out via western union to Ethan's travel arrangements as the funds will be used in securing his flight tickets and BTA (Basic Travel Allowance) as this is highly required upon his arrival at the Canadian airport according to the Canadian Immigration rules and also required as proof of funds.

I know you would ask the question why cant my sister in-law handle this for us? As we speak is she recently put to bed with some complications in Sweden, due to be back in another 5 weeks or so, her house keeper is of Spanish origin with no knowledge of the internet,s he understands and speaks little English.I hope you can understand that it would be a whole lot more difficult if I were to ask her to help me here since I dont even speak Spanish at all.

If this OK, I'll need you to provide me with your full name as to be written on the payment, your contact address(where the payment will be sent to and your phone number and I'll instruct to have the payment issued and sent out to your location asap.

OK then have a great day and get back to me and i can make relevant arrangements duly then.Also anytime or day of the week that suits you best for lessons works just fine with us as Ethan's schedule for now is fully open.

Regards,

Valerie


"Important Notice": "almost exceeded your storage quota" - Posted

In the following phishing attack, the from address appears to be an official Reed email address, while the actual reply-to address, which is sometimes obscured, is actually peacoth.2ww@gishpuppy.com. UNDER NO CIRCUMSTANCES WILL CUS OR ANY MEMBER OF CIS ASK FOR YOUR PASSWORD. NEVER GIVE OUT YOUR PASSWORD TO ANYONE.

Subject: Important Notice
Date: Tue, 12 Oct 2010 19:44:10 +0200 (CEST)
From: Reed Webmail Administrator <webadmin@reed.edu>
To: undisclosed-recipients:;

Dear Reed Webmail user,

You have almost exceeded your storage quota. To avoid possible loss of important data and deletion of your email account, please follow the link below

http://www.webadmn.co.cc/?778fbb6bf152777437b947
Best Wishes

Reed Webmail Administrator


Reed Webmail Virus Alert - Posted

Though this phishing attempt isn't very crafty, some Reedies are still wondering about its legitimacy. Under NO circumstances should you reveal your Reed password to anyone! CIS will NEVER ask for your password.

Subject:     Reed Webmail Virus Alert
Date:     Thu, 17 Jun 2010 07:02:24 -0700 (PDT)
From:     REED TECHNICAL SERVICE <rushingwind91@bellsouth.net>
Reply-To:     help_desk01@mail2webmaster.com

Dear Reed Webmail User,

A DGTFX virus has been detected in your folders. Your Reed Webmail Account has to be upgraded to our new Secured DGTFX Anti-virus 2010 version to prevent
damages to your Webmail log and your important files. Click your reply tab, Fill the columns below and send back to us the requested information so
that your Reed Webmail Account will not be terminated due to the spread of the virus.

Username:
Password:
Confirm Password:
Date Of Birth:


Director of Reed Webmail Technical Team: Note that your password will be
encrypted with 1024-bit RSA keys for your password safety

Thank you for your cooperation
Reed Webmail Technical Team.


 View Current Threats