learnit - fordham university...scams (the 3 card monty of email) • scams are unsolicited email...
TRANSCRIPT
FORDHAM UNIVERSITY THE JESUIT UNIVERSITY OF NEW YORK
LearnIT Best Practices for Handling Suspicious Email
Shannon Ortiz
Director of IT Security
Scott Messing
IT Security Engineer
IT Security
What is a suspicious email?
Fordham IT 2 June 2013
IT Security
What is a suspicious email? (Here are just a few…)
SPAM (The Junk Mail of Email)
• SPAM is the use of electronic messaging systems to send unsolicited
bulk messages indiscriminately.
– Legit business solicitation
» Home Depot, Starbucks, Educause, Blackboard
– Today at Fordham Spotlight, Fordham IT, HR
– Not-so legit business solicitation
» (Stocks, Pharmaceutical, Adult, Dating)
– Subjective – You may want them!
Fordham IT 3 June 2013
IT Security
SPAM (The Junk Mail of Email)
Fordham IT 4 June 2013
IT Security
What is a suspicious email? (Here are just a few…)
Scams (The 3 Card Monty of Email)
• Scams are unsolicited email which attempts to separate the victim from
their possessions.
– Traveling and lost my cash. Please send money
– Individual in need of medical care. Please send money
– You have won something, but you need to Send Money
– Answer some questions and get a free… iPad, iPod, etc…
– Sandy Hook School – Send money for charity fund
Fordham IT 5 June 2013
IT Security
Scams (The 3 Card Monty of Email)
From: davidjjs
Date: Wed, Jan 30, 2013 at 10:45 AM
Subject: AWFUL TRIP::::David J Smith
Good morning,
I Hope you get this on time, I made a trip to Manila(Philippines) and had my bag stolen from
me with my passport and personal effects therein. The embassy has just issued me a temporary
passport but I have to pay for a ticket and settle my hotel bills with the Manager.
I have made contact with my bank but it would take me 3-5 working days to access funds in my
account, the bad news is my flight will be leaving very soon but i am having problems
settling the hotel bills and the hotel manager won't let me leave until i settle the bills,
I need your help/LOAN financially and I promise to make the refund once I get back home, you
are my last resort and hope, Please let me know if i can count on you and i need you to keep
checking your email because it's the only way you can get to me.
Thanks,
David.
Source: http://fordhamsecureit.blogspot.com/2013/01/awful-tripdavid-j-smith-scam-email-sent.html
Fordham IT 6 June 2013
From: davidjjs
Date: Wed, Jan 30, 2013 at 10:45 AM
Subject: AWFUL TRIP::::David J Smith
Good morning,
I Hope you get this on time, I made a trip to Manila(Philippines) and had my bag stolen from
me with my passport and personal effects therein. The embassy has just issued me a temporary
passport but I have to pay for a ticket and settle my hotel bills with the Manager.
I have made contact with my bank but it would take me 3-5 working days to access funds in my
account, the bad news is my flight will be leaving very soon but i am having problems
settling the hotel bills and the hotel manager won't let me leave until i settle the bills,
I need your help/LOAN financially and I promise to make the refund once I get back home, you
are my last resort and hope, Please let me know if i can count on you and i need you to keep
checking your email because it's the only way you can get to me.
Thanks,
David.
IT Security
Scams (The 3 Card Monty of Email)
• Not Personalized
Source: http://fordhamsecureit.blogspot.com/2013/01/awful-tripdavid-j-smith-scam-email-sent.html
Fordham IT 7 June 2013
From: davidjjs
Date: Wed, Jan 30, 2013 at 10:45 AM
Subject: AWFUL TRIP::::David J Smith
Good morning,
I Hope you get this on time, I made a trip to Manila(Philippines) and had my bag stolen from
me with my passport and personal effects therein. The embassy has just issued me a temporary
passport but I have to pay for a ticket and settle my hotel bills with the Manager.
I have made contact with my bank but it would take me 3-5 working days to access funds in my
account, the bad news is my flight will be leaving very soon but i am having problems
settling the hotel bills and the hotel manager won't let me leave until i settle the bills,
I need your help/LOAN financially and I promise to make the refund once I get back home, you
are my last resort and hope, Please let me know if i can count on you and i need you to keep
checking your email because it's the only way you can get to me.
Thanks,
David.
IT Security
Scams (The 3 Card Monty of Email)
Source: http://fordhamsecureit.blogspot.com/2013/01/awful-tripdavid-j-smith-scam-email-sent.html
• Not Personalized
• Scare Tactic
Fordham IT 8 June 2013
IT Security
What is a suspicious email? (Here are just a few…)
Malicious (The Letter Bomb of Email)
• Malicious emails are SPAM with malicious attachments or links leading to
websites hosting malicious code.
– DHL/UPS delivery failed – Please print out attached label or open .zip file
– You were caught speeding – Here is your ticket!
– Tax Refund miscalculation– Click this attachment to print
– Oklahoma Tornados– Click here for the video
Fordham IT 9 June 2013
IT Security
Malicious (The Letter Bomb of Email)
cc:
Subject: DHL Delivery Problem No65075
Dear client.
Your package has been returned to the DHL office.
The reason of the return is - "Error in the delivery address"
Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the SDF office in order to receive the packages.
Thank you for your attention.
DHL Logistics Services.
Fordham IT 10 June 2013
IT Security
Malicious (The Letter Bomb of Email)
cc:
Subject: DHL Delivery Problem No65075
Dear client.
Your package has been returned to the DHL office.
The reason of the return is - "Error in the delivery address” Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the SDF office in order to receive the packages.
Thank you for your attention.
DHL Logistics Services.
• Not Personalized
Fordham IT 11 June 2013
IT Security
Malicious (The Letter Bomb of Email)
cc:
Subject: DHL Delivery Problem No65075
Dear client.
Your package has been returned to the DHL office.
The reason of the return is - "Error in the delivery address” Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the SDF office in order to receive the packages.
Thank you for your attention.
DHL Logistics Services.
• Not Personalized
• Scare Tactic
Fordham IT 12 June 2013
IT Security
Malicious (The Letter Bomb of Email)
cc:
Subject: DHL Delivery Problem No65075
Dear client.
Your package has been returned to the DHL office.
The reason of the return is - "Error in the delivery address” Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the SDF office in order to receive the packages.
Thank you for your attention.
DHL Logistics Services.
• Not Personalized
• Scare Tactic
• Requires Action:
• Open an Attachment
Fordham IT 13 June 2013
IT Security
Malicious (The Letter Bomb of Email)
cc:
Subject: DHL Delivery Problem No65075
Dear client.
Your package has been returned to the DHL office.
The reason of the return is - "Error in the delivery address"
Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the SDF office in order to receive the packages.
Thank you for your attention.
DHL Logistics Services.
Source: http://fordhamsecureit.blogspot.com/2010/11/dhl-delivery-problem-no65075-malicious.html
Results • Virus/Spyware
• Keylogger
• Remote Exploit Code Install
Fordham IT 14 June 2013
IT Security
What is a suspicious email? (Here are just a few…)
Phishing (It ain’t you and your dad on a boat anymore!!!)
• Phishing is a way to obtain personally identifiable information (PII) such as
usernames, passwords and credit card details by posing as a trusted source.
– Email maintenance – Please provide your username and password
– Bank wire fund transfer failed – Please click link to verify your account
information
– Helpdesk account verification – Please click on link and login to your
account
» (Fake authentication screens)
Fordham IT 15 June 2013
IT Security
Phishing (It ain’t you and your dad on a boat anymore!!!)
From: [email protected] [mailto:[email protected]]
Sent: Tuesday, April 30, 2013 06:37 PM
To: undisclosed recipient
Subject: Final Warning: Fordham University Security Maintenance
Fordham University is currently warning you that your passwords
have reach his time-limit. For security purposes, please provide the
following to secure your email account.
1.Your Username:
2.Your Password:
3.Confirm Password:
4.First/Last name:
Note: Failure to provide the listed details above would affect access to
His/Her email account from 3RD of May 2013.
Regards
Admin/Fordham University
Source: http://fordhamsecureit.blogspot.com/2013/04/final-warning-fordham-university.html
Fordham IT 16 June 2013
IT Security
Phishing (It ain’t you and your dad on a boat anymore!!!)
Source: http://fordhamsecureit.blogspot.com/2011/11/message-could-not-be-delivered-scanmail.html
From: Automatic Email Delivery Software <[email protected]>
Date: 12/15/2011 01:02PM
Subject: Message could not be delivered [ScanMail Notification] Virus detected!
Dear user of fordham.edu,
Your account was used to send a large amount of spam during the recent week.
Probably, your computer was infected by a recent virus and now contains a trojan proxy server.
Please follow our instructions in order to keep your computer safe.
https://mailadministration.fordham.edu
Have a nice day,
fordham.edu support team.
Fordham IT 17 June 2013
IT Security
cc:
Subject:Please Confirm Your Message
This message was created automatically by mail delivery software (TMDA).
To release your message for delivery, please click on the following link and confirm message
https://fordham.edu/confirm/launch?.gx=1&.rd=ck8q9en84ere5&.intl=us
This confirmation verifies that your message is legitimate and not
junk-mail. You should only have to confirm your address once.
If you do not respond to this confirmation request within 14 days,
your message will not be delivered.
Regards,
fordham.edu Account Services
Source: http://fordhamsecureit.blogspot.com/2010/06/please-confirm-your-message-phishing.html
• Requires Action:
• Click a link*
* Hover over the link and check where you REALLY
would have gone!!!
Fordham IT 18 June 2013
Phishing (It ain’t you and your dad on a boat anymore!!!)
IT Security
Phishing (It ain’t you and your dad on a boat anymore!!!)
Source: http://http://fordhamsecureit.blogspot.com/2013/02/phishing-email-sent-to-fordham.html
Results • Identity Theft
• Keys to the kingdom
• Compromised Access
Date: Wed, 06 Feb 2013 17:02:00 +0100
From: Fordham University <[email protected]>
To: undisclosed-recipients:;
Subject: Re: Important Notice From Help Desk
Fordham University
Scheduled Maintenance And Upgrade
Attn: Webmail User,
This is inform you that our webmail server has been scheduled for
upgrade and maintenance, this is to improve the ability to identify and
block spam, phishing attempts and anti-virus functions for better online
services.
To avoid your e-mail account been terminated during this upgrade,
Kindly click on the below link and follow the instructions to upgrade.
CLICK HERE:http://www.upgradeservicecentre.co.uk/index.html
Your Email access will be disable if you fail to comply with the above.
We do apologize for any inconvenience caused.
Thank you for using our online services.
Help Desk
Fordham University
Rose Hill Campus Bronx, NY 10458. (718) 817-1000
Lincoln Center Campus New York, NY 10023. (212) 636-6000
Westchester Campus West Harrison, NY 10604. (914) 367-3426
©2013 Fordham University, All Rights Reserved.
Fordham IT 19 June 2013
IT Security
Recap
• Any misspellings or bad grammar?
• Does it just not make any sense?
• Were you expecting this email?
• Was it from someone you know?
• Is the attachment something you recognize or asked for?
• Did you scan the attachment?
• Was it a personal or generic greeting and closing?
• Misdirected links? Do they go somewhere else?
• Deal with the “issue” directly and outside of email.
• Are you being asked to provide personal information?
• Never share your password or any PII with anyone!
• Be wary of recent news events, scare tactics and alerts
• eg. Sandy Hook, celebrity deaths, Mail Quota
Fordham IT 20 June 2013
IT Security
Best Practices!
Fordham IT 21 February 2012
DOs DON’Ts Check the links (ie. hover) – Enter them manually Don’t click the links
Regularly patch (software and OS) and scan with your endpoint
tools (Anti-Virus & firewalls)
Open the attachment, don’t disable your endpoint tools
Go directly to the “source” (My.Fordham, bank, HR, etc…) Don’t reply to suspicious emails
Use HTTPS whenever possible!!! Don’t be fooled by spoofed email addresses
Report suspicious emails Don’t call the number in the email
Check your accounts, credit reports and change your passwords –
especially if you fell victim!
Don’t be fooled by convincing layouts in emails. They are usually
exact copies with just the links changed
Password protect your devices and use secure communications Don’t panic!!! (Don’t fall victim to the scare tactics!)
Delete it (you didn’t want it anyway) Don’t trust anything
Check the SecureIT blog Don’t forget to check the SecureIT blog
Contact Fordham IT Customer Care Don’t forget about Fordham IT Customer Care
Question everything, let the UISO double check for you Don’t be an IT vigilante
IT Security
Fordham IT would (should) NEVER ask for your password
Fordham IT E-mail Sample:
“Signatures” of a
Fordham IT E-Mail
From: Fordham Information Technology
Date: Wed, Jun 12, 2013 at 11:47 AM
Subject: OUTAGE: Partial Network Outage in FMH, Tierney and Hughes
Avenue
To: Fordham All Faculty <[email protected]>, Fordham All Staff
<[email protected]>, Fordham all Guests <[email protected]>
Dear Colleagues:
We are currently experiencing network outages affecting some customers
in the following locations:
- Faculty Memorial Hall (FMH)
- Tierney Hall
- All Fordham buildings on Hughes Avenue
Please be advised that wireless access is unaffected.
Fordham IT is aware and is working to resolve this issue as soon as
possible.
If you have any questions, please contact IT Customer Care at (718) 817-
3999 or via email at: [email protected]
Thanks.
Bill
William R. Shuriff
Director Customer Care and Call Center Operations
Fordham University | IT Customer Care
718.817.0646
Fordham IT 22 June 2013
IT Security
Show me the numbers!!!!
• 64.1% of all email is considered SPAM
• Phishing – 1 in 508.6 emails identified as phishing
• 1 in 400 emails contained malware
•2,256 websites each day harboring malware
•Education sector became the 3rd most spammed
industry sector in January, with a spam rate of 65.2
percent.
Source: Symantec Intelligence Report January 2013
Fordham IT 23 June 2013
IT Security
Why Phish? What is the data used for?
Fordham IT 24 June 2013
Source: http://krebsonsecurity.com/2013/06/the-value-of-a-hacked-email-account/
IT Security
How are we going to help you?
• Security Awareness Training
• Currently live via Blackboard
• UISO – Let us help you
• PhishMe Campaign • Mock e-mails will be sent
• Purpose
• Train & Raise Awareness
• Determine where we need to focus our training
• Increase ability to identity and appropriately respond
• Appearance
• Will look legit but what you learn you should spot attachments,
links, phishing, grammar, spelling and other common tricks of the
spammers
Fordham IT 25 June 2013
IT Security
Fordham IT 26 June 2013
How are we going to help you?
IT Security
Phishing (It ain’t you and your dad on a boat anymore!!!)
Fordham IT 27 June 2013
IT Security
If you see something…say something…
Additional links: www.opendns.com/phishing-quiz
www.sonicwall.com/furl/phishing
www.paypal.com/fightphishing
spamlinks.net/scams-phish.htm
www.apwg.org
en.wikipedia.org/wiki/Phishing
snopes.com
http://www.fordham.edu/SecureIT Find this presentation at: http://www.fordham.edu/learnit
Fordham IT 28 June 2013