Category Archives: Phishing

Phishing Attempt

ITS has received reports of phishing emails being sent to various college staff.  The Phishing email claims to be coming from a “RichardStating you have been subpoenaed by the FTC.  Please DO NOT Click on any links.

Please See Example

From: Richard xxxx
Sent: December 7, 2016 10:30 AM
To: xxxxxx
Subject: FW: FTC subpoena

 

You’ve been subpoenaed by the FTC.
FTC Subpoena

Please get back to me about this.
Thank you
Richard xxxx
Senior Accountant
richard@niagarac.on.ca
Phone: 441-216-4324
Fax: 441-216-3029

Phishing Attempt

Several staff have received emails requesting the verification of information in an attached document. The email shows an invoice from “Proforma”. Please do not click on this attachment.

See Example Below

From: Anna <account@equipmentsales.com>
Sent: Sunday, December 4, 2016 9:27 PM
Subject: URGENT: PROFORMA INVOICE

Dear Customer,

We sent you an email on Friday regarding payment that we made to your account last week but I did not receive any response from you. The money returned back to us , So I have just sent the mail again just in-case you did not receive it.

Please cross check the account in the attached Invoice carefully and revert back to me.

Best Regards,

Anna

Phishing Attempt

ITS has received reports of phishing emails being sent to various college staff.  The Phishing email claims to be coming from UNICEF Employmentregarding a potential job offer.

See Example Below

From: UNICEF Employment <Acrane5@uwo.ca>
Sent: December 2, 2016 4:30 PM
To: XXXXX
Subject: job offer

Hi, can you work with me as Unicef Donation Agent with payment $15,000 monthly? Please send the details below:
— Full Name:
— Full Address:
— Zip Code:
— Country:
— Phone No:
— Date of Birth:
— Driver Licence Number:
You can send the information to our Job consultant agent by email: shay9mk@aol.com

Kelly Scott Mullen
UNicef Donation Supervisor

Phishing Attempt

ITS has received reports of phishing emails being sent to various college staff.  The Phishing email claims that your parcel has arrived, but they were unable to deliver it. The phishing email then asks you to confirm the information on the delivery invoice.  Please DO NOT click the included link.

See Example below

From: UPS Quantum View [mailto:ups@ups-service.com]
Sent: Monday, December 05, 2016 9:39 AM
To: XXXX
Subject: Shipping status changed for your parcel # 1818957

 

Your parcel has arrived, but we were unable to successfully deliver it because no person was present at the destination address.

There must be someone present at the destination address, on the delivery day, to receive the parcel.

Shipping type: UPS 3 Day Select
Box size: UPS EXPRESS BOX
Date : Nov 14th 2016

You can reschedule the delivery over the phone, but you will have to confirm the information on the delivery invoice.

The delivery invoice  can be downloaded from our website :

https://wwwapps.ups.com/WebTracking/view_invoice?id=1818957&delivery_date=1204&account=deshetu@niagarac.on.ca
Thank you for shipping with UPS
Copyright © 1994-2016 United Parcel Service of America, Inc. All rights reserved.

 

Phishing Attempt

Several staff have recieved a phishing email claiming that their BMO account has been locked out and that you must click a link to restore your account. Please do not click on any links. Forward any of these types of emails to itssupport@niagaracollege.ca.

message example:

Dear User,

Our system has lock your Bank Of Montreal account due to 10 invalid login attempts
to your account .

We have closed your Bank Of Montreal account due to the following reasons below ,

On the 11/30/2016 we detected 10 invalid login attempts to your Bank Of Montreal
account with incorrect security answer and password.

we have deleted  your account information’s  and we need you to Restore your account
by confirming and updating your account details within 48hrs of receiving this
message

To Restore Your account , we  need you to update your account information’s by clicking the link below ,

Click The Link Below , Login With Your Card Number To Complete And Verify Your Account Details All Fields Must Be Completed ,
CLICK HERE TO LOGIN

Phishing Attempt

Several staff have received a Phishing email that claims you have a balance due. The email shows an invoice from JJ Douglas Services. Do not click on the link provided. Please forward the email to itshelpdesk@niagaracollege.ca and then delete the email.

Message example:

From: JJ Douglas Services [mailto:billing@douglas.com]
Sent: December 01, 2016 10:39 AM
To: xxxxxxxxxxx
Subject: Your Invoice (#I9083807) from JJ Douglas Services

 

To: xxxxxxxxx

You have received Invoice (#I19083807) from JJ Douglas Services for $424.38.

Your balance due is $486.65.

Click here to view online: #I19083807

Thank you!
JJ Douglas Services

?

?

Sent from my iPad

Phishing Attempt

Several staff have received an email claiming that you are being delivered an iPad and to track the package click on the link provided. Do not click on the link or on any file that pops up asking to be saved. Please forward the email to itshelpdesk@niagaracollege.ca and then delete the email.

Message example:

Subject: RE:RE: ipad

Good Morning , we managed to ship it today.

Here is the UPS tracking info :

https://www.ups.com/?action=view&item=tracking_invoice&id=2154944

Thank you
Louie Corcoran
Phone: 510-276-0345
Fax: 510-276-7273
sales@self-electronics.com

 

Phishing Attempt

ITS has received reports of phishing emails being sent to various college staff.  The Phishing email claims to be coming from RingCentralstating that you have a new fax message.  Please DO NOT clock on any links attached.

See Example below

From: ringcentral@faxmessage.com [mailto:ringcentral@faxmessage.com]
Sent: November 28, 2016 12:04 PM
To:xxxxxx
Subject: New incoming Fax from 908.4775342

 

You Have a new Fax message
From: 908.0843606
Receiving date: November 28, 2016
Pages: 3
You can view your message on our website:
https://service.ringcentral.com/messages/download.aspx?fax_i d=5738141
Thank you for using RingCentral.

Phishing Attempt

ITS has received reports of phishing emails being sent to various college staff.  The Phishing email claims to be coming from TD Commercial Banking”.  Please DO NOT open any documents up attached.

See below for example

From: TD Commercial Banking <web.business.banking@juno.com>

Sent: Saturday, November 26, 2016 8:48 AM

To: xxxxxx

Subject: Web Business Banking – Request Follow Up

To Whom It May Concern,

Due to the ongoing products services updates, we need you to verify and update your WBB ConnectID user profile details.

Kindly open the document attached and follow all the instructions to avoid deactivation of your ConnectID profile associated services.

Please proceed immediately to avoid any transaction(s) delays due to incomplete user profile verification. If you do not wish to update your profile now your WBB ConnectID profile will have limited access to our Web Business Banking services.

Clients Management

Commercial Banking Services

Phishing Attempt

This Phishing email claims that staff and student accounts are updating and to click to change your password. Please DO NOT click the link.

See the example below

From: Zak Clegg [mailto:Zak.Clegg@nwc.edu]
Sent: Friday, November 25, 2016 1:57 PM
Subject: READ

Notice from IT Support, we’re updating all staff and student mailbox  A request has been created to  Click Here reset your password.

to reset your password.

Have a great day!

Thank you

IT Support