Technology Security

Phish Information

These listed below are currently ACTIVE on GCSU campus:

Subject: Invoice (as of February 12)

Many are receiving bogus invoices that appear to be from a GC person, but they're using a non-vetted email account that has nothing to do with GCSU.

Please be on the alert. If you receive one of these, please forward them to hance.patrick@gcsu.edu or serve@gcsu.edu and we'll have the URL's blocked. This is not how you'd receive an invoice. You may delete the emails.


Subject: IT Syetem Support from Mike Hammill (as of February 11 at 10:20am)

From: Hammill, Mike
Sent: Monday, February 11, 2019 10:17 AM
Subject: IT Syetem Support

Dear Employee, Staff.

We are migrating all staff email account into staff Outlook 2019 office web mail and as such all active Staff and Employee are to verify and Log in for this Upgrade and migration to take effect now. This is done to improve the security and efficiency due to recent spam mails received.

Please all Staff and Employee Click Here Switch to Outlook Webmail 2019 for Staff

Note that, This switching on Outlook is for all email users on this service and if not done, we will start deactivating and deleting unverified and inactive email accounts without any further delay within the next 24 hours.

PLEASE DO AS ADVISE ABOVE.

Regards,
External Email Administrator,
Outlook Service for Staff and internet Service
Copyright 2019.


Subject: Invoice Jan 2019 from A. Kay Anderson (as of January 18, 2019 at 1:07pm)

Phish or virus coming in to many with the subject line saying "Invoice Jan 2019 from A. Kay Anderson" sent from Kay's email account. This is actually a full spoof of her email and didn't actually come from campus. hey want you to click on the link, by asking "I have enclosed a copy of the invoice for your reference". Please report all of these to iso@gcsu.edu. You can then delete the email.

Subject: Important: Please Review (as of January 17, 2019 at 10:10am)

Phish or virus coming in to many with the subject line saying "Important: Please Review" send from Joy Godin's email account. The sender is actually using Joy's email account. They are NOT coming in from Joy, but a hacker using her account. They want you to click on the link, by asking you to "View Document". Please report all of these to iso@gcsu.edu. You can then delete the email.

Subject: Invoice (as of January 12, 2019)

Phish or virus coming in to many with the subject line saying "Invoice". The sender is usually a pure spoof of someone on campus. They are NOT coming from that person. They want you to click on the link, by asking "I have enclosed a copy of the invoice for your reference. You can download it at this link:". Please report all of these to iso@gcsu.edu. You can then delete the email.

Subject: Payment (as of December 7th, 2018)

Latest PayPal phish is coming in from service_online@paypal.com with a subject line of: Payment. The image in the email are actual images to PayPal and some of the links actually go to the real PayPal site. However, the link where it says "Download transactions details file" and the link in the transaction numbers all take you to a hacked phishing site. Please delete the message.

IMPORTANT MESSAGE FROM DEPARTMENT OF EDUCATION (as of December 5th, 2018)

USG Cybersecurity received multiple reports of a suspicious email message sent to USG employees. This message has the subject line, ā€œ[[[IMPORTANT MESSAGE FROM DEPARTMENT OF EDUCATION!!!]]]ā€ and may appear to be from someone you know. The body of the message contains the following text. These email messages are not legitimate. Please do not open any attachments or click on any embedded link. They could be used to compromise your account credentials and allow intruders access to confidential information. If you receive a message having these characteristics, please delete the message.
If you have additional questions or concerns, please contact the USG Enterprise Service Desk at 706-583-2001, or by email at helpdesk@usg.edu.

Alisson L. Guth has shared OneDrive files with you. Click review below to view file.

Review File

Best Regards

Alisson Louise Guth
Department of Education
400 Maryland Avenue, SW
Washington, D.C. 20202"

SPOOF EMAILS being circulated (current and active since July 2018)

For the last few months hackers have been circulating emails that spoof (imitate) someone on campus. Most often the person being imitated is a department lead. Most (not all) are coming in as "Firstname Lastname ". The names are accurate but of course my.com is not a GCSU email domain.

These emails are fraudulent. Please do not respond to them. Most come in with a subject line similar to "Follow Up" and the content of the email is something as simple as "Are you available?". The hacker is working towards credit card theft/fraud.
----------------------------------------------------------------

From: Dr. Desha Williams
Sent: Monday, December 3, 2018 4:38 PM
Subject: Re: Hello

I'm in a meeting right now and that's why Iā€™m contacting you through here. I should have called you but phone is not allowed to be used during the meeting. I don't know when the meeting will be rounding off and I want you to help me out on something very important right away.

 

 

Recent Phish (but not known to be active at this time):

PHISH/VIRUS: Notification - Review New Doc (Late October 2018)

A few people are getting email notices that appear to be OneDrive documents to be reviewed and approved. If you do not know the sender, please do not click on the documents. Also, if/when you receive these emails, please send them to Serve as well as the ISO (serve@gcsu.edu and iso@gcsu.edu). Thanks.
----------------------------------------------------------------

From: Tomas Rehak
Date: October 30, 2018 at 8:29:55 AM EDT
To: "updates@onedrive.ms"
Subject: Notification - Review New Doc

You have received a new document on OneDrive and it is said to be important

Your document is ready!

 




Virus Information

General Information