The Help Desk has received multiple reports of a phishing email that warns recipients that “Your Mailbox has exceeded Its storage limit as Set By Your Administrator, and you will not be able to receive new emails until you Re-Validate it.” It includes all the tell-tale signs of a phish: it attempts to create a false sense of urgency, requests you click on a suspicious link to address the problem, is from a non-Brown account and not sent directly to your email account, and contains grammar and formatting errors. DO NOT CLICK on the link.
Instead, before deleting it, open the original copy of the email you received and then click on the down arrow, to the right of the REPLY button, and select “Report phishing.” This will send that message immediately to the GMail Team for analysis and filtering. Read more about how to spot a phish.
An email supposedly from the “Webmaster” of Brown University has been circulating the campus, warning recipients that “An Attempt has been made to Your Account from a new computer. For the security of your account, we are poised to open a query. Kindly Click <link> for good security practice and instant online account upgrade.” This is a phishing attempt. Do NOT click on the link. If you have not already deleted it, mark it as Phishing (from email, click on the down arrow, to the right of the REPLY button, and select “Report phishing”) to alert the GMail Team.
The email is a good example of phishing, with many of the tell-tale signs: attempting to create a false sense of urgency, requesting you to click on a suspicious link to address the problem, from a non-Brown account and not sent directly to your email account, and contains grammar and formatting errors. Read more about how to spot a phish.
Several members of the Brown community have reported suspicious emails supposedly from the Better Business Bureau (BBB), regarding a customer complaint. It requests that you open the attached file to be able to print it out and answer the complaint. Do NOT open the file. Instead, if you have not already deleted it, please report it as phishing (in the email click on the down arrow to the right of the REPLY button and select “Report phishing”) to send that message to the GMail Team for analysis and filtering. Read more about how to spot a phish.
ISG and the Help Desk have received multiple reports of a phishing email supposedly from the IRS asking you to update your information due to an upgrade of its servers. While it is obviously a phishing attempt, the incident is a good reminder to stay vigilant as emails like these arrive from a variety of senders (some from compromised Brown addresses) with different messages, but generally all with the same purpose: to convince you to give up personal information or direct you to a site where your account may be compromised.
Many people have asked me recently about how information security is evolving. More and more CISOs now have a broader, risk-based focus on information protection, and many have privacy and compliance responsibilities as well. This rapid maturation is both welcome and daunting for security pros, and as a result we look to the larger community for support, guidance and networking. I’d like to share with you some of the connections that I have through Brown.
Brown has been hit on a number of occasions over the last couple of months with a variety of phishing attempts. Most are fairly obvious — with egregious grammar and typos and unconvincing sender addresses — but a few are a little more clever and may fool the casual reader, especially on the smaller screen of a smartphone you are checking quickly.
David Mycue has been the Director of IT for the School of Engineering since August of 2011. Before that, he worked at MIT for a dozen years directing a small group that supported MIT’s flagship distance education program, the Singapore MIT Alliance, as well as providing video acquisition, encoding, hosting and webcasting services to the institute at large for programs including MIT World, Open CourseWare and the annual commencement exercises. He began at MIT as an undergrad majoring in electrical engineering and continued as staff until he met his wife, a Brown professor.
We hear a lot recently about the security of Java. Lots of vulnerabilities are being found and new patches being issued constantly. Why can’t a company get this right for a language and platform that’s been available for nearly twenty years? Let’s take a look.