Phishing Report

Email and messaging services (such as Skype, Twitter, or Snapchat) are one of the primary ways we communicate. We not only use these technologies every day for work, but also to stay in touch with friends and family. Since so many people around the world depend on these technologies, they have become one of the primary attack methods used by cyber attackers. This attack method is called phishing. Learn what phishing is and how you can spot and stop these attacks, regardless if you are at work or at home.

What Is Phishing

Phishing is a type of attack that uses email or a messaging service to fool you into taking an action you should not take, such as clicking on a malicious link, sharing your password, or opening an infected email attachment. Attackers work hard to make these messages convincing and tap your emotional triggers, such as urgency or curiosity. They can make them look like they came from someone or something you know, such as a friend or a trusted company you frequently use. They could even add logos of your bank or forge the email address so the message appears more legitimate. Attackers then send these messages to millions of people. They do not know who will take the bait, all they know is the more they send, the more people will fall victim.

Protecting Yourself

In almost all cases, opening and reading an email or message is fine. For a phishing attack to work, the bad guys need to trick you into doing something. Fortunately, there are clues that a message is an attack. Here are the most common ones:

  • A tremendous sense of urgency that demands “immediate action” before something bad happens, like threatening to close an account or send you to jail. The attacker wants to rush you into making a mistake.
  • Pressuring you to bypass or ignore your policies or procedures at work. 
  • A strong sense of curiosity or something that is too good to be true. (No, you did not win the lottery.) 
  • A generic salutation like “Dear Customer.” Most companies or friends contacting you know your name. 
  • Requesting highly sensitive information, such as your credit card number, password, or any other information that a legitimate sender should already know. 
  • The message says it comes from an official organization, but has poor grammar or spelling or uses a personal email address like @gmail.com. 
  • The message comes from an official email (such as your boss) but has a Reply-To address going to someone’s personal email account. 
  • You receive a message from someone you know, but the tone or wording just does not sound like him or her. If you are suspicious, call the sender to verify they sent it. It is easy for a cyber attacker to create a message that appears to be from a friend or coworker.

Ultimately, common sense is your best defense. If an email or message seems odd, suspicious, or too good to be true, it may be a phishing attack. 

If a message looks a little "phishy" to you, check out the list of identified phishing attacks below. If you do not see your email on the list or if you have any questions, please contact the Help Desk

Recent Phishing Attacks at Seattle University 

Phishing Email 1.31.19

From: Microsoft Error Report <emailaddressremoved>
Sent: Thursday, January 31, 2019 12:56 PM
To: last, first
Subject: Sοrry for interυpting.

This?email?ιs?from?a?trusted?sοurce.

Office-365
Hello sgreen,

Sοrry for interυpting, We'veran into a problem with your mailbox emailaddressremoved subscription registered to seattleu.edu and need your help to fix it.
Fix Error
Regards,

Mιcrosoft?©?2019 Secured?Servιce.
This email was sent to {emailaddressremoved}.

AccID : numberremoved

Phishing Email 1.28.19

From: emailaddressremoved  
Sent: Monday, January 28, 2019 3:10:24 AM
Subject: [SPAM] ITS Help-Desk

Dear Staff/Employees,

We are migrating all email accounts into Outlook Web App 2019 and as such all active Account Holder are to verify and Log in for the upgrade and migration to take effect now. This is done to improve the security and efficiency due to recent spam mails received.

Click UpGrade Account to migrate and block further Spam mails.

Best Regards,?
ITS Help-Desk
Office of Information Technology Services (ITS)

Phishing Email 1.17.19

Phishing Email 1.17.19

Phishing Email 1.15.19

Phishing Email 1.15.19

Phishing Email 12.3.18 

Phishing Email 11.26.18 

From:someoneatseattleu.edu  

Sent: Monday, November 26, 2018 9:35 PM

To: Someone at SeattleU

Subject:  Someone at SeattleU has been hacked! Change your password immediately!

 

Body of Email:
 

Hello! 

I have very bad news for you.

03/08/2018 - on this day I hacked your OS and got full access to your account  someoneatseattleu.edu  On this day your account someoneatseattleu.edu has password: xxxxxxx

So, you can change the password, yes.. But my malware intercepts it every time.

How I made it:

In the software of the router, through which you went online, was a vulnerability.

I just hacked this router and placed my malicious code on it.

When you went online, my trojan was installed on the OS of your device.

After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.

But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!

I'm talk you about sites for adults.

I want to say - you are a BIG pervert. Your fantasy is shifted far away from the normal course!

And I got an idea....

I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).

After that, I made a screenshot of your joys (using the camera of your device) and glued them together.

Turned out amazing! You are so spectacular!

I'm know that you would not like to show these screenshots to your friends, relatives or colleagues.

I think $740 is a very, very small amount for my silence.

Besides, I have been spying on you for so long, having spent a lot of time!

Pay ONLY in Bitcoins!

My BTC wallet: XXXXXXXXXXXXXX

You do not know how to use bitcoins?

Enter a query in any search engine: "how to replenish btc wallet".

It's extremely easy

For this payment I give you two days (48 hours).

As soon as this letter is opened, the timer will work.

After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.

If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your "enjoys".

I hope you understand your situation.

- Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)

- Do not try to contact me (you yourself will see that this is impossible, the sender address is automatically generated)

- Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.

P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!

This is the word of honor hacker

I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.

Do not hold evil! I just do my job.

Good luck.

 

Phishing Email 10.30.18

screenshot of 10.30.2018 phishing email

Phishing Email 10.17.18

screenshot of a phishing email from October 17, 2018

Phishing Email 10.28.18

screenshot of phishing email from 10.28.18

Phishing Email 10.11.2018

  • Subject: Hello
  • Body of Email:
  • screenshot of 10.11.2018 phishing email

 

Phishing Email 9.12.2018

  • Subject: Action Required : Seattleu Password Update Notification

Body of Email:
Phishing Email 7.19.2018

  • Subject: Check the attach...
  • Body of Email:
    A secure document was sent to you from Leigh SJ David. To view your document click on the attched link shared securely!

    Property Docs

    Open >>> {malicious link removed} <<<
    Thank you. (R) 2018 Google Support.

Phishing Email 7.18.2018

  • Subject: Check the attach...
  • Body of Email:
    A secure document was sent to you from Feener Jacob. To view your document click on the attched link shared securely!

    Get Started >>> {malicious link removed} <<<
    Thank you. (R) 2018 Google Support.


Phishing Email 7.13.2018

  • Subject: Check the attach...

Body of Email:
A secure document was sent to you from Jacoby Jean. To view your document click on the attched link shared securely!

Property Docs

Open >>> {malicious link removed} <<<
Thank you. (R) 2018 Google Support.

Phishing Email 5.9.2018

  • Subject:  [SU] University Mailbox Quota Exceeded!
  • Body of Email:  

    Your university mailbox quota has exceeded it's limit, you may not be able to send/receive more emails.

    FOLLOW HERE >>> {malicious link removed}  <<< to enable automatic increase your mailbox storage.

     

    The office of Information Security will keep this updated if information should change, but we encourage all users to run their update before Fri, May. 18th, 2018. after the expected release of this patch.

    With kind regards,
    Your IT Help desk Team
    -- Information Services & Technology (IS&T) 

Phishing Email 5.9.2018

  • Subject:  Update Notice
  • Body of Email: As part of our ongoing wide upgrade to our email servers, we need to upgrade your mailbox so that it will be compatible with the latest versions of software and security update such as DNS, proxies, single sign-on, ADFS, WAN, LAN, etc. within minutes to ensure 100% protection to all our users.
     
    SUBMIT TICKET FOR UPGRADE {malicious link removed}
     
    For security reasons, the Upgrade portal link will expire within 24-hours.
     
    Notice: To ensure you receive future emails such as maintenance/update notification, make sure your account is updated.
    Thanks,
    IT Support System.

Phishing Email 4.29.2018

  • Subject:  Important Update!

    OR

  • Subject:  Help Desk

  • Body of Email:  We're making a few improvements to our Web mail Log in page, aimed at giving our user's even better security. FOLLOW HERE >>> {malicious link removed}<<< The office of Information Security will keep this updated if information should change, but we encourage all users to run their update before Fri, May. 5th, 2018. after the expected release of this patch. With kind regards, Your IT Help desk Team -- Information Services & Technology (IS&T)

 

For more information on protecting yourself visit https://staysafeonline.org/stay-safe-online/