Category Archives: Phishing

Phishing Attempt

ITS has received reports of phishing emails being sent to various college staff.  The Phishing email claims to be coming from “Erin Ross” stating that your email Quota has exceeded its storage and your password will expire.  Please DO NOT open any links or attempt any password Changes.

From: Ross, Erin [mailto:RossE@nhsd.net]
Sent: January 16, 2017 9:59 AM
To: Ross, Erin <RossE@nhsd.net>
Subject: Notice

ear User,

Due to essential maintenance,Your E-Mail Quota has exceeded it storage limit and your Password expires in 2 hours. You are to change your Password below via the ACCOUNT MANAGEMENT PAGE for Quota INCREASE.

Click on CHANGE-PASSWORD to verify account

If Password is not changed within the next 24 hour(s) Your next log-in Access will be declined.

If you do find any difficulties changing your password, quotas, accessing files or missing files, please contact the ITS Helpdesk.

Thank you

IT Services.

 

Phishing Attempt

ITS has received reports of Phishing/Malicious emails being sent to various college staff.  The Phishing email says you have received a new eFax. Please DO NOT click on any links in this email.

Anyone receiving an email with the subject You received a new eFax” or other similarly suspicious emails are asked to forward them to ITSHELPDESK@niagaracollege.ca and delete the email immediately.

Example:

phishing2016-12-20

Phishing Attempt

ITS has received reports of phishing/Malicious emails being sent to various college staff. The Phishing email requests that you log into your BMO bank account and verify your account. Please DO NOT click on any links in this email.

Example:

phishing2016-12-19

Phishing Attempt

ITS has received reports of phishing/Malicious emails being sent to various college staff.  The Phishing email claims to be a e-Transfer from the “Canadian Revenue Agency” stating they have sent you money and to deposit the amount given.  Please DO NOT click on any links.

See Example Below

From: Info <money@d-foods.com>
Sent: Thursday, December 15, 2016 11:02 AM
To: XXXXXXXX
Subject: INTERAC e-Transfer

 INTERAC e-Transfer

 

Hi ,
Canada Revenue Agency sent you $299.76 (CAD).

Message:
A message was not provided

Action Required:

Deposit Your Money  Expires: December 20, 2016

Possible Blackboard Security Issue

For users of the Google Chrome Web browser, there is currently a malicious Chrome Extension that is being used as part of a phishing attempt.  If the extension is installed it may attempt to send an additional phishing email on a student’s behalf while also attempting to collect user credentials.

The malicious Chrome Extension is not currently available directly via search in the Chrome Extensions Store.  Rather, students are being phished directly with a link similar to the following to install it:

https://chrome.google.com/webstore/detail/…class-easy-invite/aamdmgbfnjpdfkjjbob

During installation, the extension requests permissions to “Read and change all your data on the websites you visit”.  This malware installation process focuses on users’ tendency to accept terms without reading.  The extension will then add an apparent button inside of Blackboard Learn pages, seen only to the infected user, to “Invite Your Classmates to …Class”.

The plugin will then attempt to email all of the students in the infected user’s class (utilizing Blackboard URLs and resources, which are functioning as designed) to promote the plugin/product.  The plugin also has code that attempts to collect and send the sender’s user credentials (both username and password) to a third-party.  Blackboard Corporation is in the process of determining if the code could be successful in doing so.

The content of the email currently being generated by this malicious Chrome extension is similar to:

“Hey guys, I just found some really helpful notes for the upcoming exams for … courses at https://…class.com/s/signup.  I highly recommend signing up for an account now that way your first download is free!”

 

Please DO NOT install this extension.  If you receive an email similar to the above please inform the ITS Help Desk and then delete the email.

If you have any questions or require further information, please contact the ITS Helpdesk ITSHelpdesk@niagaracollege.ca or call 905-735-2211 x7642.

Phishing Attempt

ITS has received reports of phishing emails being sent to various college staff.  The Phishing email claims to be coming from a “Naomi BlakeStating your Mailbox is almost full and to click on a link to confirm.  Please DO NOT Click on any links.

See Example Below

 

Your mailbox is almost full.

408 MB   450 MB
Current size       Maximum size

Please reduce your mailbox size. At 429 MB you wont be able to send or received emails.

Click on Staff mailbox and confirm your mailbox. Delete any items you don’t need from your mailbox and empty your Deleted Items folder.

Phishing Attempt

ITS has received reports of phishing emails being sent to various college staff.  The Phishing email claims to be coming from Support@icloud.com stating your account is on the verge of closure.  Please DO NOT click on any links.

See Example Below

                                                                   AppIe Store

Your account on the verge of closure !

your account was reviewed and flagged

You must secure your account now

                                            Login And Secure Your Account

Phishing Attempt

ITS has received reports of phishing emails being sent to various college staff.  The Phishing email claims to be coming from a “TD Commercial Business ServicesClaiming it has sent you a new DocuSign to View.  Please DO NOT Click on any PDF attachments as they are Malicious .

See Example Below

From: TD Commercial Business Services [mailto:webbusineshelp@td.com]

Sent: Thursday, December 08, 2016 3:33 PM

To: xxxxxxxxxxx

Subject: ‘TD Bank Group Notice – You’ve received an Important Document’

Dear Web Business Banking User,

TD Commercial Banking has sent you a new DocuSign document to view. Please download or open the attached ‘PDF’ file below.

Thank You.

TD Bank Group Support

Canadian Business Banking

Phishing Attempt

ITS has received reports of phishing emails being sent to various college staff.  The Phishing email claims to be coming from a “RichardStating you have been subpoenaed by the FTC.  Please DO NOT Click on any links.

Please See Example

From: Richard xxxx
Sent: December 7, 2016 10:30 AM
To: xxxxxx
Subject: FW: FTC subpoena

 

You’ve been subpoenaed by the FTC.
FTC Subpoena

Please get back to me about this.
Thank you
Richard xxxx
Senior Accountant
richard@niagarac.on.ca
Phone: 441-216-4324
Fax: 441-216-3029

Phishing Attempt

Several staff have received emails requesting the verification of information in an attached document. The email shows an invoice from “Proforma”. Please do not click on this attachment.

See Example Below

From: Anna <account@equipmentsales.com>
Sent: Sunday, December 4, 2016 9:27 PM
Subject: URGENT: PROFORMA INVOICE

Dear Customer,

We sent you an email on Friday regarding payment that we made to your account last week but I did not receive any response from you. The money returned back to us , So I have just sent the mail again just in-case you did not receive it.

Please cross check the account in the attached Invoice carefully and revert back to me.

Best Regards,

Anna