Stay Safe

Data Security

 

Test


Sed nec arcu vel nibh ultricies tristique vitae vitae purus. Sed sollicitudin lacinia tellus. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Phasellus non elit eget augue ultricies bibendum. Morbi turpis odio, convallis in iaculis eget, tempor eleifend leo. Phasellus eget eros sit amet purus semper aliquam. Etiam enim orci, faucibus sit amet pharetra malesuada, dapibus id nisi. Ut vulputate dolor eget leo sollicitudin molestie. Quisque malesuada aliquam mi, ac sollicitudin ante dignissim id. Integer auctor iaculis augue eget viverra. In egestas sodales tincidunt. Fusce in risus vel metus pulvinar luctus ac sagittis massa. Praesent sed felis vel metus molestie congue et quis orci. Quisque malesuada congue pretium. In rutrum hendrerit metus. 

Data Security Awareness Training

Avoid Email Scams

Visit our Phishing pages for information about how to identify phishing scams and examples of some real phishing scams.

If you accidentally responded to a phishing message, or you believe that your account has been compromised, contact IT Security at security@uchicago.edu or 773-702-CERT (773-702-2378).

Compute Safely While Traveling

See our travel tip sheet for information on computer and connection security during both domestic and international travel. The tip sheet provides tips on accessing University resources, checking email, securing your wireless connection if you are using a laptop, and precautions you should take when using public computers.

Think before you share: Do not share copyrighted material

Stay informed

From: Microsoft.com account team <mailto:customers@fayadfamily.net>
Date: Wednesday, June 21, 2017 7:14 AM
Subject: ID: 914 - Microsoft account alert (Verify)‏

Body:

Verify your account
Dear user,

We detected something unusual about a recent sign-in for your account. Might be due to the following reasons.

1. A recent change in your personal information. (eg: address, phone)
2. Illegal attempt to use your account from a different location.
3. Virus attachment without specific recipient.

To help keep you safe, we've blocked access to your inbox, contacts list, and calendar for that, please verify your account to regain access. Kindly sign-in from your regular device.

Verify account now<http://hyperurl.co/asd365> <http://upersyyats.pcriot.com/day/sir.php>

Please follow the security verification to keep your account safe.

Thanks,
Customer account team

How you know this is a Phishing Scam:

This phish tries very hard to convince you that it is trying to help you, but it is doing just the opposite! UChicago is not mentioned anywhere in the email, and the subject, sender, and signature do not purport to be from UChicago. The bigger red flag is the use of a URL shortener, as they can be used to hide the actual link being used and can direct you to another unsafe site.

Always look for UChicago domains in the sender email or in the links provided. If the email looks suspicious and does not have a UChicago contact person or department or phone number discard the email.

From: Johnny Nordahl Berentzen <johnny.berentzen@hvl.no>
Date: Wednesday, June 21, 2017 5:45 AM
Subject: System Administrator

Body:

UPGRADE YOUR MAIL BOX QUOTA

Your inbox has almost exceeded its storage limit.

It will not be able to send and receive e-mails if exceeded it limit And your e-mail account will be deleted from our servers.

To avoid this problem, you need to update your mail box quota By clicking on the link below and filling your login information for the update. CLICKHEREhttp://system-administrator-helpdesk.sitey.me

If we do not receive a reply from you within 24 hours Your mailbox will be suspended Thank you.

@2017 System Administrator.

How you know this is a Phishing Scam:

This phish is very generic, vague, and overall quite reliant on anxiety about your account being shut down. Don't fall for it! Delete and don't look back.

From: Mail <Anne.Parks-1@ou.edu>
Date: Monday, June 19, 2017 2:06:20 PM
Subject: New Mail For You!

Body:

Dear User,

We received a request from you to shutdown your mailbox, Kindly cancel if its an error to continue using your mailbox:-

CANCEL REQUEST & RECTIFY THIS PROBLEM<http://perdicesfelices.com/new/crypt/index.html>

 

How you know this is a Phishing Scam:

The phish would like to make you think this email is from UChicago, however the links do not show this to be the case. The email is also missing a signature with contact information and is deliberately vague. The sender does not have a UChicago email address. Finally, we do not "shutdown" mailboxes like this at all!

From: Microsoft Office 365 Team <kgillis@asti-env.com>
Date: Monday, June 19, 2017 at 1:04 PM
Subject: Security Message Alert

Body:

[icrosoft]
Unusual sign In Attempt.

During our unusual security check, We noticed a suspicious sign in attempt from a foreign IP and have blocked your email from receiving further emails. Please CLICK HERE<http://ficaaas.com/cab/microsofonline.com/office/> to secure/unblock your email now and to enjoy our continued services.

Sincerely,
The Microsoft Office 365 Team

 

This is a mandatory service communication. To set your contact preferences for other communications, visit the Promotional Communications Manager.

This message was sent from an unmonitored e-mail address. Please do not reply to this message.
Privacy | Legal

Microsoft Office
One Microsoft Way
Redmond, WA
98052-6399 USA

[icrosoft]

How you know this is a Phishing Scam:

This phish is lengthy and looks official, but that's the point. The purpose is to provoke fear and convince you that action is required. Instead of reacting, take a moment, and notice some major issues with this phish. The links do not point to a UChicago domain (i.e., uchicago.edu). There is no phone number or department to contact at UChicago, should you have questions. Finally, the legitimacy of this email is significantly reduced when you look at the repeated misspelling of Microsoft in brackets.

This phish should not be acted upon and deleted immediately.

From: cglover@ccbcmd.edu
To: cglover@ccbcmd.edu
Date: Wed, 14 Jun 2017 13:02:03 -0400
Subject: RE: Helpdesk

Body:

This is to notify all Staffs and Alumni that we are validating active accounts. Kindly confirm that 
your account is still in use by clicking the validation link below: 

Click here to Validate e-mail Account now<http://www.msverifupgarde.byethost31.com> 

Sincerely 
Help-Desk

How you know this is a Phishing Scam:

URL nothing to do with the University.  Odd phrasing e.g., 'kindly'.  No contact information in signature or elsewhere to call or validate the message.  From not even pretending to be University-related (though this can be easily spoofed to appear so).  Typical 'validate' or 'confirm' account phish message.

 

 

From: redacted@northeastern.edu
To: IT service
Date: Thursday, June 08, 2017
Subject: Request closed

Body:

Hello,

IT (Service Desk) has marked your Request as closed. Please review the 
details of your request in the Self Service portal via the following 
link:Your incident <http://greenbus.kz/uchi/xmail.uchicago.edu/>

If you feel that your request has not been completed, please reply to 
this email to re-open the request.

The last action taken are as follows:

*08/06/2017 03:05 IT Service : *

ID checked

If you do not reply, this request will be formally closed in 2 working days.

Regards,

IT Service Desk
Information Technology

How you know this is a Phishing Scam:

You might assume this phish is easy to identify, since the destination link is hosted in Khazakstan, but the destination mimicked our xmail.uchicago.edu login page. Always stop and hover over the link before clicking, it might take you somewhere that looks familiar, but is actually quite malicious.

Note the lack of contact information.  They want you to click not call.

 

 

From: IT Support <quarantine@microsoftquarantine.com>
Date: June 7, 2017 at 3:44:14 PM CDT
Subject: Quarantine Notification

Body:

Dear <your Cnet>@uchicago.edu: 

 

You have 10 new messages as of June 06, 2017, which are listed below along with the actions that can be taken: 

 

Release to Inbox: Send the message to your Inbox. Click on quarantine manager and log in with your email credentials to release held messages. 

 

Quarantine Manager <http://rm.resultsmail.com/route.cfm?mid=e630e09b-1eaa-4d41-8634-

043353fa60e7&uid=092e57af-d344-4063-8ca1-

d3742f4139ba&route=http://punambookstore%2Ecom/365/office/> to view, delete, or release held email and change your quarantine settings. 

 

© 2017 Microsoft Corporation. All rights reserved. | Acceptable Use Policy 

<http://rm.resultsmail.com/route.cfm?mid=e630e09b-1eaa-4d41-8634-

043353fa60e7&uid=092e57af-d344-4063-8ca1-

d3742f4139ba&route=http://punambookstore%2Ecom/365/office/> | Privacy Notice 

<http://rm.resultsmail.com/route.cfm?mid=e630e09b-1eaa-4d41-8634-

043353fa60e7&uid=092e57af-d344-4063-8ca1-

d3742f4139ba&route=http://punambookstore%2Ecom/365/office/>

From: "Black-Board" <severik@waksman.rutgers.edu>
Date: Tue, 6 Jun 2017 21:00:34 +0000
Subject: notification update section ! ! !

Body:

Dear cnetid @ uchicago.edu,
You have important messages from your faculty admin.

READhttp://wartw.lionfree.net/course/black-board.htm

Thanks
Blackboard Learning/University Tech Group

How you know this is a Phishing Scam:

Atrocious grammar to evade spam filters? Check.

Generic contact information with no useful person to contact? Check.

Sender is suspicious and from another institution? Check.

Phishing? Check. Check. And check!

From: <redacted>@uchicago.edu
Date: 2 June, 2017 4:28 PM
Subject: Account Update

Body:

Dear Customer,

You will not be able to send/receive more emails until you visit the below help-desk portal link to restore your email access. Click Here<http://systemsupport.sitey.me/> to upgrade to Outlook 2017 to avoid suspension.

HelpDesk
Copyright 2016
201.286.2331<tel:201.286.2331>

How you know this is a Phishing Scam:

This phish does not name the University anywhere in the body of the email or link to any University websites. This is a clear sign that this is a scam. Delete such emails immediately!

From: Barbara Hession <hessionb@holyspirit.ab.ca>
Date: Wed, 31 May 2017 22:15:56 +0000
Subject: Barbara Hession from Marriot.com has shared a document on Outlook Web App with you

Body:

Barbara Hession has invited you to view the following document:

Open With Outlook Web App http://bit.ly/2rVpHYs

From: Mohanad Abdulhameed <M.Alamura@murdoch.edu.au>
To: Mohanad Abdulhameed <M.Alamura@murdoch.edu.au>
Date: Tue, 30 May 2017 16:18:12 +0000
Subject: Faculty & Staff Notification

Body:

Due to system data updates taking place this Tuesday 30th May, we are writing to advise that all webmail users should take this extra security challenge and validate all accounts...

You are required to visit the secure URL: Webmail Client<https://urldefense.proofpoint.com/v2/url?u=https-3A__app-2D1496018074.000webhostapp.com_&d=CwMFAw&c=Nd1gv_ZWYNIRyZYZmXb18oVfc3lTqv2smA_esABG70U&r=NTROqvSy7mXBn7ds28zW3QAzYH4-5Q31IGiaXKuENmk&m=XAELB2F-IEFpjD2iE6h7tQAzScypkXC4aAYy8KUiZns&s=-rW9SGu8I_o06XsEXOkxilsE0B0htoReC5ieS0YZwZc&e=> for account validation.

Please note that if this notification is ignored you will experience difficulties in sending and receiving of email messages through our secure Network portal.

Thanks For Your Time
Information Technology Service

How you know this is a Phishing Scam:

Urgency (do this today) and threat of loss of service if you do not act immediately make this an obvious phishing scam.

The URL is not a University webpage or even close. However, Proofpoint is an antimalware and phishing tool that many institutions use to filter their email, so this link may have already been blocked!

No contact information or useful signs of who sent the email.

Odd phrasing, e.g., "Thanks For Your Time."

From: Mailbox support <meryem@egenotebook.com>
Date: Tue, 30 May 2017 02:45:50 -0700
Subject: E-mail notification: unusual activity

Body:

MAILBOX NOTICE
Dear
Suspicious online activities has been detected in your mailbox and as a matter of our improved online security measures, you are required to verify and confirm your account trough our secure link below.

Verify mailbox here  http://cavite-ecosolutions.com/gab/crypt/connect.php?email=%Email%" target="_blank" moz-do-not-send="true">Verify mailbox here

Note: Failure to Verify your mailbox will lead to closure of account, do not ignore as this is the final notice.

Once the verification is complete, your mailbox will work effectively.

Mailbox Admin 2017

How you know this is a Phishing Scam:

This phishing email is very vague and that makes it easier to identify as a scam. The message is not addressed to anyone in particular and does not reference UChicago anywhere, but uses words like "suspicious" and "security measures" to make you react without thinking. Threats are commonly used as part of phishing scams to get you clicking first and asking questions later. Do not fall for these tactics!