This phishing email is circulating the Northeastern community. If you receive this email please do NOT click on the link and delete it from your inbox.

Northeastern will NEVER ask you to validate your email account to increase your mailbox quota. Additionally, you can tell this email is a fake because the URL in the message points to a NON Northeastern website.

From: Helpdesk
Date: Mon, May 13, 2013 at 1:50 PM
Subject: helpdesk
To:

Your Mailbox Has Increase Your Quota.
Failure To Click This Link hxxp://northeasternuniversity.webs.com/ And
Validate Your Quota May Result to Loss Of Important Information In Your Mailbox/Or Cause Limited Access To It.

Thanks For Co-operating with Us.
Sign,
Stephen Director
Provost and Senior Vice President for Academic Affairs
360 Huntington Ave., Boston, Massachusetts © 2013 Northeastern University

Click here for copy of the email

This phishing example was sent to us in the form of a Amazon Kindle order confirmation email. This email has all the hallmarks of a phishing scam.

1.) The user did not order anything from Amazon
2.) The billing address does not belong to the user
3.) When your mouse hovers over the book title link the URL that is displayed goes to hxxp://homesport.co.nz/… Not Amazon

When you receive this type of email and are not sure if it is real, do the following:

1.) Do not click on any links in the email. Instead manually log into the website. In this case, the user would type in www.Amazon.com into their web browser and log directly into their account
2.) Hover over any links in the email to reveal the true URL of link. The link may say Amazon.com but the URL is for a phishing site.
3.) Delete the email and end the threat. Do not forward it along.

There is not much you can do to stop phishing emails. The best course of action is to identify them when they arrive and delete them from your inbox.

If you have any questions about identifying phishing emails you have received please contact the Service Desk at help @ neu.edu or 617-373-4357.

More examples of Phishing Emails

Yesterday we reported scammers had registered over 125 domain names within hours of the Boston bombings. Today security researchers have reported that once again criminals are taking advantage of the public’s curiosity and generosity to spread malware and computer viruses.

TrendLabs reports that spam messages with subjects such as “2 Explosions at Boston Marathon” and “Aftermath to explosion at Boston Marathon” link to websites that use the Blackhole Exploit Kit to try and install malware.

SecureList reports that some of the emails link to websites with video of the explosions. In order to play the videos the user must install a “video player.” The player is really malware in disguise.

Sophos NakedSecurity reports that the malware installs connection software to allow the criminals to remotely control your computer.

To Stay Safe:

• Do not click on links or open attachments from unsolicited email.
• Do not install video or any other software from non mainstream websites
• Do not forward spam messages to prevent spreading the damage to others
• Make sure you have the latest anti-virus software installed and updated

In the hours following yesterday’s explosions over 125 domain names have been registered that could potentially be used to disseminate false information, solicit fake fundraisers, and fake requests for donations. These domains contain words related to the tragedy such as, “boston”,”marathon”, “bombings”, “charity”, “fund”, “lawsuit”, “massacre”, “attack”, “news”, “info”, “victims”, etc..

Examples include: “bostonmarathonrelief.com” and “bostonmarathonvictimfund.com”

Historically, following a disaster criminals set up fake domain names and websites to trick users into giving donations though the money will never reach the victims. Other websites may try to trick users into giving up their personal information that the scammer will use to steal the users identity.

In addition, scammers will target social media to spread false information and requests for money. Shortly after the explosions the Twitter account @_BostonMarathon tweeted that it would donate $1 dollar for every re-tweet. This account has been disabled by Twitter but many others have risen to take its place.

Tips to stay safe:

• Only give money to reputable organizations such as the American Red Cross.
• When searching for updated news stay away from rumor sites and stick to trusted news sources.
• Be wary when asked for personal information through unsolicited communication.

More Information:

http://blog.sfgate.com/techchron/2013/04/15/beware-of-scammers-with-tweets-links-to-boston-tragedy/

http://now.msn.com/boston-marathon-explosion-charity-scam-started-by-fake-twitter-accounts

http://www.thedomains.com/2013/04/15/update-now-over-0-domains-related-to-boston-explosion-including-relief-domains/

Related Information:

Spam Facebook Posts

Fake Websites

IT Security was mailed this phishing letter disguised as a free airline ticket giveaway.

Read up on this offline attempt to steal our personal information and protect yourself from free offer scams.

More Information: American Airways Free Ticket Scam