Phishing Attack List: E-Z Pass Virus Spam

This is a new category I will be including in the newsletter: phishing attacks that are currently trending and which you may see some examples of in your inbox. If you have any examples to share with the list, please forward it to me with a link to the information or news story that describes the phishing attack.

A series of fake E-Z Pass virus spam emails are going around, that claim you owe money for driving on a toll road. A zip file attached to the spam email contains a javascript file that downloads malware. The javascript files aren’t for execution by a browser but by Windows Script Host, so Windows machines are vulnerable. If you use Windows + Internet Explorer you will receive a randomly-named .gif file that is actually an .exe file.

Read more about this phishing attack here.

The Do’s and Don’ts of Email

The July issue of OUCH!, led by Guest Editor Dr. Eric Cole, discusses how we can be our own worst enemy when using email, including accidentally emailing the wrong people, not understanding the difference between “cc” and “bcc” and the dreaded “reply all.”

Download the July issue of OUCH! (pdf) and feel free to share with colleagues.

Also, what should you do about all that spam?? Here’s a video created by IS&T with some tips on how to keep unwanted emails at bay.

Signs of a Compromised MIT Account

When the IS&T Security Team receives notices of spam coming from MIT, one of the things we do is verify that the emails actually came from an MIT account. If not, we ask people to block or just delete these emails. To be sure people are staying aware of bogus emails, we remind people that MIT will never ask for personal information or ask our constituents to verify their account information via email.

It happens at times that unwanted messages DO come from an MIT email account. If so, the next question is whether the messages were sent deliberately (misuse of a mailing list, for example) or whether the email account was hacked (compromised).

In the case of a compromised MIT account, the spammers have taken over the use of the account by logging in to the account as that user. They have the user’s email address and password and are able to send out messages pretending to be the account holder. This makes it trickier to prevent emails from arriving in our inboxes, because our servers will not block emails coming from within MIT.

Before responding to these emails by messaging the sender, be aware that the legitimate account holder has nothing to do with the spam being sent. A reply to their spam will also likely not be received by the account holder, but by another email account because the sender has modified the “reply-to” field.

There are a few indicators in full email headers that the message was sent by a spammer using a compromised MIT account. Find out how to spot the signs.

Increase in Spam Attacks at MIT this Weekend

Over the weekend, two MIT Kerberos accounts were compromised, leading to a spike in spam in our email inboxes. The emails were not sent by anyone at MIT, but were sent using the compromised users’ accounts, to make it look like they came from MIT.

When spam comes from a compromised email account at MIT, the spam filters at MIT are less likely to block them than if they come from an account outside of MIT. The only action MIT can take is to notify the user and temporarily suspend the account, preventing it from sending further emails. The user must change their account password before it is reactivated by MIT.

To prevent your MIT account from compromise, it is important to have a strong password and to protect it appropriately. Do not use your Kerberos password for other accounts. Do not use your password on an insecure network. When off-campus, be sure to use an encrypted wireless network or use VPN.

Hackers Exploiting Recent Breaking News Stories

Unfortunately, despite all the positive that can come out of a horrendous situation, there can also be some disturbingly negative responses. Cyber criminals were once again taking advantage of last week’s news stories to spread malware.

The criminals are using the population’s interest in finding information related to the Boston Marathon bombing and the explosion at the Texas fertilizer plant to catch you unawares. Links to videos on YouTube may seem harmless enough, but the web page attempts to suck in malicious content from another site, designed to infect your computer (see examples here and here).

The advice is to be careful when going online to search for information relating to news breaking events. Be sure to visit your regularly trusted news sources so that you can avoid web pages that contain malware and be sure to delete email messages from unknown sources that claim to have the latest news on the events.

Emails Disguised as Coupons or Deals on the Rise

Be sure to double check that Groupon (www.groupon.com) you received in your email. Spammers are using the popularity of emailed advertisements for group discount deals to send malware.

The rise of malware through fake email advertisements and notifications are on the rise, according to a study released by security firm Kaspersky Lab.

“They are primarily doing so by sending out malicious emails designed to look like official notifications,” according to the report. Kaspersky Lab is seeing more and more of this malicious spam. Other types of popular emails disguised as notifications from official sources include letters from hosting services, banking systems, social networks, online stores, and hotel confirmations.

Read the full story in the news.

Phishing Emails Appear to Come from MIT

You may receive emails in your inbox that appear to come from MIT, warning you about your email quota being reached, or requiring a response to the “MIT Help Desk.”

These emails are spoofed, written to look like they come from a legitimate source, but were actually sent by cyber criminals who are trying to get you to click on a link or to provide your personal information (such as your email account information). See some examples of these fake emails.

Unfortunately, many of these emails make it through the spam-filtering tools of MIT. The best way to handle the emails is to not reply, or click on the links or attachments provided, but to delete them immediately. If you are concerned about spam, please contact the IS&T Help Desk.

IMPORTANT: IS&T will never send a request via email to MIT users to either update their email account or follow a link to verify their account.