Security Alert

Phishing Email: “IT DESK”

Some users may have received an email with the subject “IT DESK” yesterday evening. As always, be on the lookout for any email that may be attempting to steal your information.

Unknown
Click for a larger version.

Phishing Attack Titled “RE: PASSWORD MANAGER”

Early this afternoon, some faculty and staff received an email titled: “RE: PASSWORD MANAGER”

This is an attempt to steal usernames and passwords and possibly infect your system with malicious code. Keep in mind that The University of Alabama does not send out these types of messages. If you haven’t already, please delete it.

If you have any questions, please contact the IT Service Desk (8-5555).

Below is a screenshot of the email.

Click for a larger image.
Click for a larger image.

Badlock Bug

A crucial security bug was revealed today involving Samba and Windows called the “Badlock Bug.” Security vulnerabilities of this bug can be mostly categorized as man-in-the-middle and denial of service attacks.

The Samba team has already released patches for this vulnerability. If you are using Samba, please update your systems.

For more information on this bug, visit the badlock.org website. If you have questions about your specific situation, please contact the IT Service Desk.

Phishing Attempt: Job Opportunities

Over the past several days, many students have received emails offering job opportunities, and many are related to babysitting, child care, or note-taking. Students should not reply to these emails and should delete them immediately. Always be suspicious of unsolicited emails, especially if those emails ask for personal information.

Some examples of these attempts are included here for reference.

Unknown-1

 

Unknown-2

 

From: <stephanie@studentspill.org> on behalf of Stephanie Miller <stephanie@studentspill.org>
Reply-To: “stephanie@studentspill.org” <stephanie@studentspill.org>
Date: Monday, January 11, 2016 at 3:01 PM
Subject: Re: invitation

 

Hey Again Andrew – did you get the invitation, the first one? Maybe I missed your reply, but I didn’t see an application.

If you want to earn around $500 per class by taking notes and uploading them to StudySoup, spend 3 mintes and justapply now.

Thank you!

Stephanie

 

Date: January 4, 2016 at 2:51:27 PM EST
To: undisclosed-recipients:;
Subject: Hello

Hello my name is A’aleah an alumni of UA. Got your contact from school Directory, My Boss, Mr Benson is in need of a babysitter for her 4yrs old daughter around the school area,Contact him at: mrjamesbenson@hotmail.com to get more information about the position and tell him you were referred by me.

Phishing Attack: “Library Services”

This week, some students, faculty, and staff may have received the email titled: “Library Services ”

This is an attempt to steal usernames and passwords and possibly infect your system with malicious code. Keep in mind that The University of Alabama does not send out these types of messages. If you haven’t already, please delete it.

If you have any questions, please contact the OIT service desk (348-5555).

Unknown

Phishing Email Titled “IT”

Some faculty and staff received a phishing email this morning titled “IT.” The full email is posted below. This is an attempt to steal usernames and passwords and possibly infect your system with malicious code. Keep in mind that The University of Alabama does not send out these types of messages. If you haven’t already, please delete it.

If you have any questions, please contact the IT Service Desk at (205) 348-5555 or itsd@ua.edu.

Phishing Email

Student Employment Phishing Emails

Students should be aware that a number of different phishing emails related to employment are currently being sent out. The emails are attempting to steal information. Please review these emails carefully, and be sure that you are expecting email from someone before responding. In general, the University does not ask for personal information over email, especially things like driver’s license number, social security number, banking numbers, or similarly important information.

Below are some examples of the phishing emails currently being sent out. Click the images for larger versions.

IMG_9553
IMG_9550

From: kloe williams <kloewilliams95ATgmailDOTcom>
Date: November 23, 2015 at 2:26:18 PM CST
To: ***
Subject: Re: Need a babysitter?

Hello Alexandra,

How are you doing?  I’m Kloe Williams and my husband name is Edward,
I asked my Cousin to help me seek a Babysitter and housekeepers. We
will be relocating to your neighbourhood from Australia. I got a
contract recently with a company on a private research job. However,
We will need someone  that will  help in running some few errands and
babysitting for 3 days per week and also 4 good Hours per day..What
city and suburbs are you in Alabama? Get back to me as soon as
possible.

Kloe.

Phishing Email: “Faculty Administrator Announcement”

Students may have received a phishing email this morning titled “Faculty Administrator Announcement” with a link that takes users to a page that looks like the myBama login page. This is not an official UA page, and it is attempting to steal information. Students should not click the link and should immediately delete the email. A photo of the email is contained below.

phishing_email_11162015

September 8, 2015 – Increase in Phishing Attempts

OIT has found a large increase in the number of phishing attempts and compromised student accounts over the 24 hours. To avoid becoming a victim of phishing and to keep your email account safe, use the checklist below to determine if an email is suspicious or not.

  • Is the email “From:” address appropriate? If the email appears to be coming from The University of Alabama, does the “from” address have ua.edu in it, and is it a Crimson student account trying to represent a University account?
  • If you know the person the email is from, does it make sense for them to be sending you this kind of link?
  • If the message has a URL link, use the mouse hover trick to determine the ultimate destination of the link.  Without clicking, hover your mouse pointer over the URL and a box will appear with the destination of the link.  Again, if this appears to be coming from the University, does the URL address have ua.edu in it?
  • Does the content of the message contain a lot of unusual spelling and grammar errors?
  • Is there contact information for any questions? Again, if the email appears to be from the University, is there a contact number that begins with 348-xxxx or an email address that contains ua.edu.?
  • Crimson mail accounts have very large quotas or limits, but any alerts would come from Google.
  • Never share your password with anyone.
  • If you have any concerns that your account is being used to send spam or your password has been compromised, contact the IT Service Desk at 348-5555 as soon as possible. The service desk can assist with unlocking your account and resetting your password.
  • If you are unsure whether or not an email is a legitimate email from The University of Alabama contact the IT Service Desk.