LearnIT - Fordham University...Scams (The 3 Card Monty of Email) • Scams are unsolicited email...

FORDHAM UNIVERSITY THE JESUIT UNIVERSITY OF NEW YORK

LearnIT Best Practices for Handling Suspicious Email

Shannon Ortiz

Director of IT Security

Scott Messing

IT Security Engineer

IT Security

What is a suspicious email?

Fordham IT 2 June 2013

IT Security

What is a suspicious email? (Here are just a few…)

SPAM (The Junk Mail of Email)

• SPAM is the use of electronic messaging systems to send unsolicited

bulk messages indiscriminately.

– Legit business solicitation

» Home Depot, Starbucks, Educause, Blackboard

– Today at Fordham Spotlight, Fordham IT, HR

– Not-so legit business solicitation

» (Stocks, Pharmaceutical, Adult, Dating)

– Subjective – You may want them!


IT Security

SPAM (The Junk Mail of Email)


IT Security


Scams (The 3 Card Monty of Email)

• Scams are unsolicited email which attempts to separate the victim from

their possessions.

– Traveling and lost my cash. Please send money

– Individual in need of medical care. Please send money

– You have won something, but you need to Send Money

– Answer some questions and get a free… iPad, iPod, etc…

– Sandy Hook School – Send money for charity fund


IT Security


From: davidjjs

Date: Wed, Jan 30, 2013 at 10:45 AM

Subject: AWFUL TRIP::::David J Smith

To: [email protected]

Good morning,

I Hope you get this on time, I made a trip to Manila(Philippines) and had my bag stolen from

me with my passport and personal effects therein. The embassy has just issued me a temporary

passport but I have to pay for a ticket and settle my hotel bills with the Manager.

I have made contact with my bank but it would take me 3-5 working days to access funds in my

account, the bad news is my flight will be leaving very soon but i am having problems

settling the hotel bills and the hotel manager won't let me leave until i settle the bills,

I need your help/LOAN financially and I promise to make the refund once I get back home, you

are my last resort and hope, Please let me know if i can count on you and i need you to keep

checking your email because it's the only way you can get to me.

Thanks,

David.

Source: http://fordhamsecureit.blogspot.com/2013/01/awful-tripdavid-j-smith-scam-email-sent.html


From: davidjjs




Good morning,










Thanks,

David.

IT Security


• Not Personalized



From: davidjjs



To:[email protected]

Good morning,










Thanks,

David.

IT Security




• Scare Tactic


IT Security


Malicious (The Letter Bomb of Email)

• Malicious emails are SPAM with malicious attachments or links leading to

websites hosting malicious code.

– DHL/UPS delivery failed – Please print out attached label or open .zip file

– You were caught speeding – Here is your ticket!

– Tax Refund miscalculation– Click this attachment to print

– Oklahoma Tornados– Click here for the video


IT Security



cc:

Subject: DHL Delivery Problem No65075

Dear client.

Your package has been returned to the DHL office.

The reason of the return is - "Error in the delivery address"

Attached to the letter mailing label contains the details of the package delivery.

You have to print mailing label, and come in the SDF office in order to receive the packages.

Thank you for your attention.

DHL Logistics Services.


IT Security



cc:


Dear client.


The reason of the return is - "Error in the delivery address” Attached to the letter mailing label contains the details of the package delivery.






IT Security



cc:


Dear client.







• Scare Tactic


IT Security



cc:


Dear client.







• Scare Tactic

• Requires Action:

• Open an Attachment


IT Security



cc:


Dear client.


The reason of the return is - "Error in the delivery address"

Attached to the letter mailing label contains the details of the package delivery.




Source: http://fordhamsecureit.blogspot.com/2010/11/dhl-delivery-problem-no65075-malicious.html

Results • Virus/Spyware

• Keylogger

• Remote Exploit Code Install


IT Security


Phishing (It ain’t you and your dad on a boat anymore!!!)

• Phishing is a way to obtain personally identifiable information (PII) such as

usernames, passwords and credit card details by posing as a trusted source.

– Email maintenance – Please provide your username and password

– Bank wire fund transfer failed – Please click link to verify your account

information

– Helpdesk account verification – Please click on link and login to your

account

» (Fake authentication screens)


IT Security


From: [email protected] [mailto:[email protected]]

Sent: Tuesday, April 30, 2013 06:37 PM

To: undisclosed recipient

Subject: Final Warning: Fordham University Security Maintenance

Fordham University is currently warning you that your passwords

have reach his time-limit. For security purposes, please provide the

following to secure your email account.

1.Your Username:

2.Your Password:

3.Confirm Password:

4.First/Last name:

Note: Failure to provide the listed details above would affect access to

His/Her email account from 3RD of May 2013.

Regards

Admin/Fordham University

Source: http://fordhamsecureit.blogspot.com/2013/04/final-warning-fordham-university.html


IT Security


Source: http://fordhamsecureit.blogspot.com/2011/11/message-could-not-be-delivered-scanmail.html


From: Automatic Email Delivery Software <[email protected]>

Date: 12/15/2011 01:02PM

Subject: Message could not be delivered [ScanMail Notification] Virus detected!

Dear user of fordham.edu,

Your account was used to send a large amount of spam during the recent week.

Probably, your computer was infected by a recent virus and now contains a trojan proxy server.

Please follow our instructions in order to keep your computer safe.

https://mailadministration.fordham.edu

Have a nice day,

fordham.edu support team.


IT Security


cc:

Subject:Please Confirm Your Message

This message was created automatically by mail delivery software (TMDA).

To release your message for delivery, please click on the following link and confirm message

https://fordham.edu/confirm/launch?.gx=1&.rd=ck8q9en84ere5&.intl=us

This confirmation verifies that your message is legitimate and not

junk-mail. You should only have to confirm your address once.

If you do not respond to this confirmation request within 14 days,

your message will not be delivered.

Regards,

fordham.edu Account Services

Source: http://fordhamsecureit.blogspot.com/2010/06/please-confirm-your-message-phishing.html

• Requires Action:

• Click a link*

* Hover over the link and check where you REALLY

would have gone!!!



IT Security


Source: http://http://fordhamsecureit.blogspot.com/2013/02/phishing-email-sent-to-fordham.html

Results • Identity Theft

• Keys to the kingdom

• Compromised Access

Date: Wed, 06 Feb 2013 17:02:00 +0100

From: Fordham University <[email protected]>

To: undisclosed-recipients:;

Subject: Re: Important Notice From Help Desk

Fordham University

Scheduled Maintenance And Upgrade

Attn: Webmail User,

This is inform you that our webmail server has been scheduled for

upgrade and maintenance, this is to improve the ability to identify and

block spam, phishing attempts and anti-virus functions for better online

services.

To avoid your e-mail account been terminated during this upgrade,

Kindly click on the below link and follow the instructions to upgrade.

CLICK HERE:http://www.upgradeservicecentre.co.uk/index.html

Your Email access will be disable if you fail to comply with the above.

We do apologize for any inconvenience caused.

Thank you for using our online services.

Help Desk

Fordham University

Rose Hill Campus Bronx, NY 10458. (718) 817-1000

Lincoln Center Campus New York, NY 10023. (212) 636-6000

Westchester Campus West Harrison, NY 10604. (914) 367-3426

©2013 Fordham University, All Rights Reserved.


IT Security

Recap

• Any misspellings or bad grammar?

• Does it just not make any sense?

• Were you expecting this email?

• Was it from someone you know?

• Is the attachment something you recognize or asked for?

• Did you scan the attachment?

• Was it a personal or generic greeting and closing?

• Misdirected links? Do they go somewhere else?

• Deal with the “issue” directly and outside of email.

• Are you being asked to provide personal information?

• Never share your password or any PII with anyone!

• Be wary of recent news events, scare tactics and alerts

• eg. Sandy Hook, celebrity deaths, Mail Quota


IT Security

Best Practices!

Fordham IT 21 February 2012

DOs DON’Ts Check the links (ie. hover) – Enter them manually Don’t click the links

Regularly patch (software and OS) and scan with your endpoint

tools (Anti-Virus & firewalls)

Open the attachment, don’t disable your endpoint tools

Go directly to the “source” (My.Fordham, bank, HR, etc…) Don’t reply to suspicious emails

Use HTTPS whenever possible!!! Don’t be fooled by spoofed email addresses

Report suspicious emails Don’t call the number in the email

Check your accounts, credit reports and change your passwords –

especially if you fell victim!

Don’t be fooled by convincing layouts in emails. They are usually

exact copies with just the links changed

Password protect your devices and use secure communications Don’t panic!!! (Don’t fall victim to the scare tactics!)

Delete it (you didn’t want it anyway) Don’t trust anything

Check the SecureIT blog Don’t forget to check the SecureIT blog

Contact Fordham IT Customer Care Don’t forget about Fordham IT Customer Care

Question everything, let the UISO double check for you Don’t be an IT vigilante

IT Security

Fordham IT would (should) NEVER ask for your password

Fordham IT E-mail Sample:

“Signatures” of a

Fordham IT E-Mail

From: Fordham Information Technology

<[email protected]>

Date: Wed, Jun 12, 2013 at 11:47 AM

Subject: OUTAGE: Partial Network Outage in FMH, Tierney and Hughes

Avenue

To: Fordham All Faculty <[email protected]>, Fordham All Staff

<[email protected]>, Fordham all Guests <[email protected]>

Dear Colleagues:

We are currently experiencing network outages affecting some customers

in the following locations:

- Faculty Memorial Hall (FMH)

- Tierney Hall

- All Fordham buildings on Hughes Avenue

Please be advised that wireless access is unaffected.

Fordham IT is aware and is working to resolve this issue as soon as

possible.

If you have any questions, please contact IT Customer Care at (718) 817-

3999 or via email at: [email protected]

Thanks.

Bill

William R. Shuriff

Director Customer Care and Call Center Operations

Fordham University | IT Customer Care

718.817.0646


IT Security

Show me the numbers!!!!

• 64.1% of all email is considered SPAM

• Phishing – 1 in 508.6 emails identified as phishing

• 1 in 400 emails contained malware

•2,256 websites each day harboring malware

•Education sector became the 3rd most spammed

industry sector in January, with a spam rate of 65.2

percent.

Source: Symantec Intelligence Report January 2013


IT Security

Why Phish? What is the data used for?


Source: http://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account/

IT Security

How are we going to help you?

• Security Awareness Training

• Currently live via Blackboard

• UISO – Let us help you

• PhishMe Campaign • Mock e-mails will be sent

• Purpose

• Train & Raise Awareness

• Determine where we need to focus our training

• Increase ability to identity and appropriately respond

• Appearance

• Will look legit but what you learn you should spot attachments,

links, phishing, grammar, spelling and other common tricks of the

spammers


IT Security


How are we going to help you?

IT Security



IT Security

If you see something…say something…

Additional links: www.opendns.com/phishing-quiz

www.sonicwall.com/furl/phishing

www.paypal.com/fightphishing

spamlinks.net/scams-phish.htm

www.apwg.org

en.wikipedia.org/wiki/Phishing

snopes.com

http://www.fordham.edu/SecureIT Find this presentation at: http://www.fordham.edu/learnit


LearnIT - Fordham University...Scams (The 3 Card Monty of Email) • Scams are unsolicited email...

Documents

Transcript of LearnIT - Fordham University...Scams (The 3 Card Monty of Email) • Scams are unsolicited email...