The 20 Most Recent Threat Descriptions
'Picture and video message MMS' Spam 2013-05-22 11:09:23
Don't open the attachment, don't click on the link and don't reply.
Typical attachment name: Image Id 33976933.zip (633 B) [numbers vary]
Typical body content:
Cell +440563656942 [number varies]
If your can't show pictures to visit our on-line a web address - www.t-mobile.co.uk/pmcollect - where you can look at the picture message (enter your telephone number and the password). It'll only be available online for 14 days, so make sure you save the picture to a computer if you want to keep it.
New Webmail Phishing Attack 2013-04-23 14:33:20
Below is a copy of the text of the phishing email
From: webmaster@lancs.ac.uk [mailto:capitalsolution.nick2010@gmail.com]
Subject: ALERT!!!
Your e-mail needs to be updated CLICK HERE and fill the webmail account update page to have your email updated,Failure to update will process your lancs.ac.uk account being temporarily blocked or suspended from our network and may not be able to receive or send e-mail due to the update.
Note: the update page is quite different from your login page, mean while fill the all the information there to have your webmail updated okay
We apologize for the inconvenience, we are here to make it look better web mail Lancs.ac.uk 2013.
Quota Size Phish Attack 2013-03-11 12:40:18
From: UCISA announcements list [mailto:UCISA-ANNOUNCE@JISCMAIL.AC.UK] On Behalf Of Mary Sandbo
To: UCISA-ANNOUNCE@JISCMAIL.AC.UK
Subject: Quota size: 94.6% Warning !!!
Helpdesk requires you to upgrade webmail by Clicking
[link]
This Message is From Helpdesk. Due to our latest IP Security upgrades we have reason to
believe that your webmail account was accessed by a third party. Protecting the security of
your webmail account is our primary concern, we have limited access to sensitive webmail
account features.Failure to revalidate, your e-mail will be blocked in 24 hours.
Thank you for your cooperation.
Webmail Phishing Attack 2013-02-28 10:00:47
Copy of the Webmaster Phish Attack
WEBMASTER EMAIL ACCOUNT UPGRADE
Information Technology Services (ITS) are currently updating our new website accounts. This will provide you the ability to store a greatly Increased amount of e-mail correspondence in your e-mail account and also reduce spam emails that is received in your email on the daily basis. Your account has been selected, as one of the accounts that are to be upgraded. Please click the link below and follow the instruction to upgrade your email account
CLICK [link]
The new minimum quota level for e-mail accounts will be set to 2 G.
(c) Copyright 2012 | WEBMASTER EMAIL HELP DESK * * ALL RIGHTS RESERVED.
!!! WARNING !!!
Do not respond to Emails Instructing you to send your email password as this is a phishing attempt. Failure to log out will allow others to access your account. Closing the browser window does NOT log you out properly. To log out, please click one of the "Log out" icons in the browser window.
---
This is a phishing attack - do not follow the link and do not reply to the message.
Background Record Phish 2013-02-26 12:57:39
The contents of the Background Record Phish attack
From: Background Check Alert [mailto:backgroundcheckalerts@findyourrecordsfast.us]
To: (your name)
Subject: Your background records may have been viewed (i.yourname)@lancaster.ac.uk
Dear (i.yourname)@lancaster.ac.uk,
Think your arrest records are posted online?
You can view your files or anyone else's you wish to run a background-check on by following the link below:
View Your Records Here: [link]
Sincerely,
ICM
Do NOT follow the link. Delete and ignore.
Fake Parcel Delivery Messages 2013-02-21 10:45:55
There are a number of 'fake parcel delivery' messages appearing to come from companies like FedEx arriving in in-boxes on campus. Do not open the attached zip file - it contains a dangerous Trojan.
Reports
One machine infected.
'Email Security Upgrade' Phishing Attack 2013-01-30 10:44:23
The fake message looks like the message below. Variations on this theme may also be circulating.
Do NOT click on any of the links in the message.
-----Original Message-----
From: [a 'ac.uk' address]
To: noreply@notice.com
Subject: Email Security Upgrade
Dear Customer,
As part of our year 2013 Email Security Upgrade, Admin Helpdesk Support require you to immediately update your account information by following the reference link below to prevent your Email address not to be de-activated on our Email service database.
CLICK the secured link Below****
[link]
Failure to confirm and verify your email account on our database as instructed, Your e-mail account will be blocked in 24 hours.
Thank you for your cooperation.
(c)2013 Email System Admin.
Please access the attached hyperlink for an important
electronic communications disclaimer:
[a 'ac.uk' address]
-----end-------
Do NOT click on the links. Delete the message.
eBay Phishing Attacks 2012-11-13 16:17:40
eBay Phishing Attack Sample
From: (a Lancaster Address)
To: (your address and other Lancaster addresses)
Subject: Failed Payment - eBay
Dear Client,
You are receiving this notification from eBay payment processing center.
Your request for payment has been received, however we are not able to process it at this time.
Reason - false or incorrect information in the payment details.
Please check the data submitted during the payment.
The funds will remain in "frozen" status until all relevant information is corrected.
Once necessary information is corrected in the payment order, funds will be sent within 10 minutes.
(link) Please follow the link to correct/update your payment details
Respectfully,
eBay Payment Processing Services.
---
Do NOT follow the link
Adobe Reader PDF Alert 2012-11-09 16:53:16
Zero Day Exploit Found in Adobe Acrobat
There is an un-patched vulnerability in the Adobe Acrobat Reader (and writer) PDF system.
Advice
ISS advises users to be more cautious than usual when opening unsolicited PDFs in email and online.
External Advice From Sophos
Link to internet article http://nakedsecurity.sophos.com/2012/11/08/adobe-reader-zero-day-exploit-thwarts-sandboxing/
UPDATE - AOL Blocking University Email 2012-11-08 12:20:17
Friday 9th November 2012 - Mail delivery to AOL email addresses is now OK.
---
Restriction By AOL
Due to a 'Trojan' infected PC sending out Spam to AOL addresses, the University has been blocked by AOL and delays in outgoing mail to AOL are being experienced. Users will get an error message back if their email has not been delivered.
Spam Makes Money
Criminals get paid for relaying Spam to people's email accounts. They use diverse methods to get ordinary users to download 'Trojan' programs on to their PCs, which then send out Span for the criminals.
Advice
Users are reminded to be careful about clicking on unknown links in emails and opening/downloading attachments in suspect emails.
Trojans can also be downloaded from websites that have become infected. If your computer displays a dialog box asking you to allow access to your computer unexpectedly e.g. after a simple visit to a web page, refuse permission.
Vodafone New Message - Phishing Attack 2012-11-06 13:13:20
The 'Vodafone New Message - Phishing Attack' looks like this:
---
From: mms@vodafone.co.uk
To: (varies)@lancaster.ac.uk
Subject: You have received a new message
Attachment: UK-vodafone_MMS.zip (28 KB)
[image]
You have received a picture message from mobile number +447436014069
To save this picture, please save attached file.
[grey footer box]
You can reply once to this message via MMS for free!
To send a reply containing pictures, audio or video, click here to visit our on-line composer.
Alternatively, you can send a text-only reply (limited to 500 characters), simply by
clicking your usual reply button. By replying to this message you agree to our terms and conditions.
Please see our Website Terms and Conditions at
http://www.vodafone.co.uk/termsandconditions for full details.
Only one reply is possible until 11/11/2011.
Do not click on any links in this message. Do not open the attachment.
Facebook Spam 2012-09-17 12:33:45
Email messages purporting to come from Facebook with the subject: "Your friend added a new photo with you to the album" (or similar) are being received on campus. They look like this:
---
From: [notification+txox-uj-ntk_@facebookmail.com]
To: (your address)
Attachment: New_Photo_with_you_on_Facebook_PHOTOIDOUEEPXTK.zip
Subject: Your friend added a new photo with you to the album
---
[blue background] Facebook
Greetings,
One of Your Friends added a new photo with you to the album.
You are receiving this email because you've been listed as a close friend.
[blue background] View photo with you in the attachment
Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA 94303
---
Do NOT open the attachment - delete and ignore
New @lancaster Phish Attack 2012-08-22 15:23:49
The @lancaster phish attack looks like this:
---
From: Admin [mailto:Admin@neni.co.il]
Sent: 21 August 2012 08:43
To: info@org.ca.uk
Subject: Dear @lancaster.ac.uk Account Subscriber,
Dear @lancaster.ac.uk Account Subscriber,
Welcom to Webmail Account Center Upgrade And Maintenance . In order to continue using our services you are require to update and re-comfirmed your email account details as requested please Click here to complete this update you are require to fill the account form,you must reply to this email immediately and enter your account details as requested.
After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconveniences.
Warning!!! Account owner that refuses to update his/her account after 2days of receiving this warning will lose his or her account permanently.
Thank you for your understanding
Warning Code: BRYN4F5G7NBX
Copyright (c)2012 Webmail Helpdest Support Center
Do NOT open the attachment. Do NOT reply.
Hotel Reservation Phish 2012-08-02 14:59:15
Do not open the attachment. Delete and ignore.
---Begins---
From: Booking.com
Subject: Reservation Confirmation [1845412], Thu, 2 Aug 2012 19:04:55 +0800
Hotel Confirmation:
7610739
Date: Thu, 2 Aug 2012 19:04:55 +0800 ---
--------------------------------------------------------------------------------
Herewith you receive the electronic reservation for your hotel. Please refer to attached file for full details.
--------------------------------------------------------------------------------
Arrival: Monday, August 06, 2012
Departure: Wednesday, August 08, 2012 Number of rooms: 1
--------------------------------------------------------------------------------
Sincerely,
Customer Service Team
Booking.com http://www.booking.com
Your Reference ID is: 8630613
The Booking.com reservation service is free of charge. We do not charge you any booking fees or administration fees, and in many cases rooms offer free cancellation. -Booking.com guarantees the best hotel rates in both cities and regional destinations - ranging from small family hotels to luxury hotels.
---ENDS---
Webmail Phishing Attack 2012-07-31 15:51:24
From: EMAIL UPGRADE
Subject: Warning Attention!! Activate! Webmail Quota Limint!
Your mailbox has exceeded the storage limit of 1GB, which is as defined by your administrator, you are running at 5.9GB, you may not be able to send or receive new messages until you re-validate your mailbox. To revalidates your mailbox [link]Click here to update your account[/link]
Thank You.
Webmail System Administrator
2012 ITS Help Desk.
Delete and ignore these messages.
More Spam Arriving On Campus 2012-06-21 16:09:22
A large amount of Spam is being received on campus. The subject and content varies but the messages look similar.
From: (yourself or other Lancaster address)
To: (Lancaster University addresses
Subject: Various including 'New job vacancy - see details'
The content various but here is a sample...
I would like to take this time to welcome you to our hiring process and give you a brief synopsis of the position's benefits and requirements. If you are taking a career break, are on a maternity leave, recently retired or simply looking for some part-time job, this position is for you. Occupation: Flexible schedule 2 to 8 hours per day. We can guarantee a minimum 20 hrs/week occupation Salary: Starting salary is 2000 GBP per month plus commission, paid every month. Business hours: 9:00 AM to 5:00 PM, MON-FRI, 9:00 AM to 1:00 PM SAT or part time (UK time). Region: United Kingdom. Please note that there are no startup fees or deposits to start working for us. To request an application form, schedule your interview and receive more information about this position please reply to Arnold@newengwork.com with your personal identification number for this position IDNO: 5989 ---
Delete and ignore these Spam messages.
Spam Attack apparently from yourself 2012-06-18 16:35:20
From: (your own email address)
To: (your own email address)
Subject: New Company concerning itself with the advertising OR Green technology,alternate methods of power OR (variations)
--- Countries of interest: UK, Rep. of Ireland, Germany, Austria, Sweden A company concerning itself with the advertising, spearheading, and production of web media projects, we also are involved with today's green technology, recyclable items, and alternate methods of power and are actively seeking a motivated representative from one of the countries mentioned. Requirements: - You need to be the proprietor of a company or willing to start a fresh company fairly fast. - It is required that you are a citizen of a listed country. - It is also necessary to hold a completion certificate from a reputable school of higher education. - Your English accuracy must be pretty good as communicating back and forth for this position is important. - A long period of good standing with a nearby or international financial entity is a definite bonus. - Work amount will consist of 3-4 hours every day for the first two months of working and after that period of time, 2-3 hours every day. - Contract of work between us will be one year, with a good chance of this period extending on as long as 2 years. Your main job will detail handling receivables from sales. Amount of pay you will receive is a percentage of the amount of product we sell. Our contacts: Elaine@ukconsultantsnet.com ---
Do not reply or follow any link.
Note - the spammers are able to 'stuff' the recipients name into the 'from' field. This does NOT imply any virus infection. You computer is NOT infected.
DHL Spam Emails 2012-05-24 16:16:07
Fake DHL parcel tracking messages have been arriving on campus. The messages have a program attached which is likely to be a Trojan, do not open attachments or follow links in the DHL messages. Treat DHL messages with caution.
Fill Out Form Phish Attack 2012-03-23 09:52:42
From: Lancaster University [helpdesk09@lancaster.ac.uk]
To: (blank)
Subject: Alert.
---
CLICK REPLY BEFORE FILLING DETAILS
Attention:
An Attempt has been made to login from a new computer. For the security of your
account, we are poised to open a query. Kindly verify your login details by
responding to this email and providing your UserID {_______} Pass-Word
{_______} Confirm Pass-Word {_______} in the spaces provided.
Do not ignore this message to avoid termination of your webmail account.
Lancaster University
---
This is a targetted phishing attack message. Do NOT fill out form that may appear. Do NOT reply. Do not give out any personal information.
