All ITS Blogs

From: Support <agarcia@cbtulsa.com>  —> Not a Wesleyan address
Date: Wednesday, September 27, 2017 at 8:42 AM
To: “noreply@office365.com” <noreply@office365.com>
Subject: Pending Message
You have 5 new Pending Message to retrieve during our last email outages

RETRIEVE —> address actually, goes to hxxr://members.westnet.com.ax7/~oooo365/o/three.html

Sincerely
Mail PostMaster —> Not a legitimate Wesleyan Signature

ITS has noticed a high volume of phishing email.  Most recently, these messages have included attempts to replicate the Wesleyan logo and banners and are being distributed through other Wesleyan accounts. Wesleyan ITS will not request your credentials over email. We advise you to go to your WesPortal to change them, if needed.

If you receive anything you suspect as a phish, please send it to security@wesleyan.edu.  Additionally, ITS has set up a site at Portal –> Security –> Security Notices.  There you will find a listing of all phish reported to us to date. Click on any subject title to view the message.   All links have been deactivated and there are notes that identify what is happening in the email.

If you have not already done so, please peruse the Spotting Phishing video. You will find that link in Portal –> Security.  This short video can help you to identify phish and avoid having your account compromised.

Thank you for your diligence.  You may always contact a member of desktop support or security@wesleyan.edu if you have any questions.

Sent: Wednesday, September 20, 2017 8:20 PM
To: xxxxx, xxxxx
Subject: Invoice number 647003812 Notification

Dear Client,

Here is your invoice dated 21 Sep 17. Give me a phone call at 01322 444908, if you have any questions regarding this invoice.

See Invoice Below:
hxxpr://ladymicki.cox/Invoice-Dated-21-Sep-17-12787148683/SGYO-JQB/2017/ –> This address will install malware on your system. 

Thank you!

Dear xxxxx@wesleyan.edu, You are required to update your account. CLICK HERE Security Service Wesleyan University

The originating address looks legitimate. However, if you try to look them up in the address book they do not exist.

The “Click Here” link goes to–hxxr://www.nba.ac.21/images/jdownloads/newimages/wesleyan.htm

If there are issues with your account information we direct you to the person or to Portal. We do not send a link to follow and update/authenticate against.

From: Wesleyan University <xw322@drexel.edu>
Subject: You have (1) new Message
Date: September 12, 2017 at 8:37:41 PM EDT
To: Recipients <xw322@drexel.edu>

Dear User,

You have (1) new Security Mail.
Kindly CLICK HERE to read now.

Wesleyan University

The “From” address is not a valid Wesleyan address.

The link takes you to a totally invalid address—hxxp://rrr.ppk.fr/shell/lib1/jan.phg

Thecsignatute is too kirt and non-descript. No name attached to it.

Hello, all. In light of the Equifax security breach below are some resources to read. Please, be vigilant at home and work to avoid phishing scams. The bad guys will be working to get your money and more information about you like your SSN, Drivers license number, bank and credit card numbers. The scammers will likely, pose as an agency working to protect your information.

Equifax site to register for credit monitoring–

https://www.equifaxsecurity2017.com/enroll/

Credit Freeze information

Credit Freeze Guide: The best way to protect yourself against identity theft

From: “Wesleyan University Library” <libraries@wesleyan.com> –>Convincing looking “From” address.
Date: Sep 11, 2017 5:08 PM
Subject: Library Notifications
To: a wesleyan person
Cc:

The “Wesleyan University” address is actually, ryry@coultercomm.com.  Not a Wesleyan Address.

The “CLICK HERE“ is a downloadable malware package. It is not a web Redirect and you will be infected.

There is no signature or specific contact person identified.