Technology Security

Phish Information

These listed below are currently ACTIVE on GCSU campus:

Email coming in from kelli.brown@gcsu.edu. Subject: I will be in London, UK June 18th-22nd. 06/13/2019

Many at Georgia College received an email this morning that appeared to be from Dr. Kelli Brown with the subject line “I will be in London, UK June 18th – 22nd”. This email was not sent by her nor her email account. Ultimately if you clicked on the “PLAY VOICEMESSAGES.wav” it sent you to one of many phishing sites where you were prompted to enter your GC credentials.

If you clicked on the “PLAY VOICEMESSAGES.wav” portion of the email, please call the campus Information Security Officer at x6354 as soon as possible and change your password through Unify (My Password) immediately.

Here is an example of the email:

From: "kelli.brown@gcsu.edu lncoming Voicenote"
Date: June 13, 2019 at 4:32:38 AM EDT
To:
Subject: I will be in London, UK June 18th – 22nd
You missed an lncoming voice_note for kelli.brown@gcsu.edu ,

Received on Thursday, June 13, 2019

Duration: 01:23sec


PLAY VOICEMESSAGES.wav


PRIVILEGE, CONFIDENTIALITY, PROPRIETARY INFORMATION AND TRADE SECRET NOTICE
The information contained in this electronic mail message is intended for the named recipients only. This message contains material that is privileged, confidential, proprietary and trade secret and otherwise protected from disclosure.



Subject: Secure Messaging Notification

Email coming in from Wayne Harrison at USG. Subject: Awaiting Approval. 03/19/2019

Please be on the alert. If you receive one of these, please forward them to hance.patrick@gcsu.edu or serve@gcsu.edu and we'll have the URL's blocked. This is not how you'd receive an invoice. You may delete the emails.



A document has been sent to you for review and requires signature.

PREVIEW OR DOWNLOAD

Best Regards,
Private Group Communication Service

Many are receiving emails that appear to be from POSTMASTER at Augusta University. 03/10/2019

Please be on the alert. If you receive one of these, please forward them to hance.patrick@gcsu.edu or serve@gcsu.edu and we'll have the URL's blocked. This is not how you'd receive an invoice. You may delete the emails.

Secure Messaging

You have been sent a secure message by Augusta University.

View the message by clicking here. It has been classified as sensitive and may only be accessed from within this Secure Messaging service.

Need help? If this is the first time you have received a secure message from this company, a password will be emailed to you separately.

If you did not receive your password or are experiencing trouble logging in, click here to request a new password.

Subject: Invoice (as of February 12)

Many are receiving bogus invoices that appear to be from a GC person, but they're using a non-vetted email account that has nothing to do with GCSU.

Please be on the alert. If you receive one of these, please forward them to hance.patrick@gcsu.edu or serve@gcsu.edu and we'll have the URL's blocked. This is not how you'd receive an invoice. You may delete the emails.


Subject: IT Syetem Support from Mike Hammill (as of February 11 at 10:20am)

From: Hammill, Mike
Sent: Monday, February 11, 2019 10:17 AM
Subject: IT Syetem Support

Dear Employee, Staff.

We are migrating all staff email account into staff Outlook 2019 office web mail and as such all active Staff and Employee are to verify and Log in for this Upgrade and migration to take effect now. This is done to improve the security and efficiency due to recent spam mails received.

Please all Staff and Employee Click Here Switch to Outlook Webmail 2019 for Staff

Note that, This switching on Outlook is for all email users on this service and if not done, we will start deactivating and deleting unverified and inactive email accounts without any further delay within the next 24 hours.

PLEASE DO AS ADVISE ABOVE.

Regards,
External Email Administrator,
Outlook Service for Staff and internet Service
Copyright 2019.


Subject: Invoice Jan 2019 from A. Kay Anderson (as of January 18, 2019 at 1:07pm)

Phish or virus coming in to many with the subject line saying "Invoice Jan 2019 from A. Kay Anderson" sent from Kay's email account. This is actually a full spoof of her email and didn't actually come from campus. hey want you to click on the link, by asking "I have enclosed a copy of the invoice for your reference". Please report all of these to iso@gcsu.edu. You can then delete the email.

Subject: Important: Please Review (as of January 17, 2019 at 10:10am)

Phish or virus coming in to many with the subject line saying "Important: Please Review" send from Joy Godin's email account. The sender is actually using Joy's email account. They are NOT coming in from Joy, but a hacker using her account. They want you to click on the link, by asking you to "View Document". Please report all of these to iso@gcsu.edu. You can then delete the email.

Subject: Invoice (as of January 12, 2019)

Phish or virus coming in to many with the subject line saying "Invoice". The sender is usually a pure spoof of someone on campus. They are NOT coming from that person. They want you to click on the link, by asking "I have enclosed a copy of the invoice for your reference. You can download it at this link:". Please report all of these to iso@gcsu.edu. You can then delete the email.

Subject: Payment (as of December 7th, 2018)

Latest PayPal phish is coming in from service_online@paypal.com with a subject line of: Payment. The image in the email are actual images to PayPal and some of the links actually go to the real PayPal site. However, the link where it says "Download transactions details file" and the link in the transaction numbers all take you to a hacked phishing site. Please delete the message.

IMPORTANT MESSAGE FROM DEPARTMENT OF EDUCATION (as of December 5th, 2018)

USG Cybersecurity received multiple reports of a suspicious email message sent to USG employees. This message has the subject line, “[[[IMPORTANT MESSAGE FROM DEPARTMENT OF EDUCATION!!!]]]” and may appear to be from someone you know. The body of the message contains the following text. These email messages are not legitimate. Please do not open any attachments or click on any embedded link. They could be used to compromise your account credentials and allow intruders access to confidential information. If you receive a message having these characteristics, please delete the message.
If you have additional questions or concerns, please contact the USG Enterprise Service Desk at 706-583-2001, or by email at helpdesk@usg.edu.

Alisson L. Guth has shared OneDrive files with you. Click review below to view file.

Review File

Best Regards

Alisson Louise Guth
Department of Education
400 Maryland Avenue, SW
Washington, D.C. 20202"

SPOOF EMAILS being circulated (current and active since July 2018)

For the last few months hackers have been circulating emails that spoof (imitate) someone on campus. Most often the person being imitated is a department lead. Most (not all) are coming in as "Firstname Lastname ". The names are accurate but of course my.com is not a GCSU email domain.

These emails are fraudulent. Please do not respond to them. Most come in with a subject line similar to "Follow Up" and the content of the email is something as simple as "Are you available?". The hacker is working towards credit card theft/fraud.
----------------------------------------------------------------

From: Dr. Desha Williams
Sent: Monday, December 3, 2018 4:38 PM
Subject: Re: Hello

I'm in a meeting right now and that's why I’m contacting you through here. I should have called you but phone is not allowed to be used during the meeting. I don't know when the meeting will be rounding off and I want you to help me out on something very important right away.

 

 

Recent Phish (but not known to be active at this time):

PHISH/VIRUS: Notification - Review New Doc (Late October 2018)

A few people are getting email notices that appear to be OneDrive documents to be reviewed and approved. If you do not know the sender, please do not click on the documents. Also, if/when you receive these emails, please send them to Serve as well as the ISO (serve@gcsu.edu and iso@gcsu.edu). Thanks.
----------------------------------------------------------------

From: Tomas Rehak
Date: October 30, 2018 at 8:29:55 AM EDT
To: "updates@onedrive.ms"
Subject: Notification - Review New Doc

You have received a new document on OneDrive and it is said to be important

Your document is ready!

 




Virus Information

General Information

General Information Regarding Cybersecurity (aka. Information Security) at GC:

Subject: On Behalf of Executive Vice Chancellor Teresa A MacCartney: Cybersecurity attacks

Good afternoon,

Cybercriminals are using advanced social engineering techniques to gain access to USG sensitive information and personal credentials, such as your log-in information, to commit fraud and identity theft. These criminal attempts include phishing emails requesting private information regarding social security numbers, bank accounts, debit/credit cards, etc.

Your commitment to safeguarding sensitive information is critical and should include:
• Discussing/reviewing security procedures,
• Implementing multi-factor authentication technology,
• Establishing protocols to validate requests or changes to sensitive information,
• Establishing notification (including police, senior leadership, etc.) response and recovery procedures in the event of a breach.

Please share this information with all of your direct reports.

Your attention to this matter is greatly appreciated. If you have any questions, please contact your campus ISO Hance Patrick at hance.patrick@gcsu.edu or x6354.

Thank you,
Teresa MacCartney