Current Security Alerts Page

Latest Phishing Alerts

Hotmail, Gmail, and Yahoo! Passwords Posted Online

Another Phishing scam is active in which webmail messages with links to fake web sites that look like the Hotmail, Gmail, Yahoo!Mail, or other webmail service sites are being sent to lure people into revealing important private data: email account addresses and passwords. Millions of Hotmail, Gmail, and Yahoo!Mail users have received the 'phishing' emails with links to the fake web sites and tens of thousands have supplied their email addresses and passwords.

A list of more than 10,000 Hotmail email addresses and passwords acquired from this phishing scam and another list of more than 30,000 Gmail, Yahoo!Mail, AOL, Comcast, and Earthlink accounts have been posted on the web and circulated.

If you believe your email account info has been illegally acquired via an webmail message that asked you to click on a link to supply your password, change your password immediately. For more details about this scam: read Gmail, AOL, Yahoo! All Hit by Webmail Phishing Scam (www.theregister.co.uk)

In this version of the Nigerian Bank Scam a "huge amount of money" is floating in an unspecified bank system with no beneficiary's name attached to it. If you are extremely gullible, then you will send a bank account number to the scam artist who will proceed to empty out your bank account. Never send bank account or other confidential information via email. Never reply to any unsolicited email message asking for confidential information. You can read more about this type of scam at: http://www.snopes com/crime/fraud/nigeria.asp.

A sample of the phishing scam follows.

Date: Tue, 06 Oct 2009 17:48:40 +0400
From: Fred Kelley
Reply-To: kkelley_001@yahoo.cn
To: undisclosed-recipients: ;
Subject: Get back to me

Good day

I am the chief computer operator in my bank and account manager to a huge
amount of money; the fund in question has been floating in our system for
couple of years without a beneficiary's name affix to it. You may ask me
why? It was so because some members of Nigeria National Petroleum
Corporation NNPC contract awarding committee during their tenure in office,
over invoiced a contract awarded to a foreign firm. The original contract
value was suppose to be US 0 million, but those government officials over
invoiced it with the sum of million, hence bringing the contract value to
the tune of 5 million with the view of sharing the excess among themselves.

The contract was perfectly executed, and the main contractor has been paid
of their due amount of 0 million, leaving the access amount of million in
the account. Soon after the main contract was paid, luck ran out of those
government officials as a new government took over the mantle of leadership
in the country. Hence there was drastic change in various government
ministries and retrenchment of many government officials. This brought
about the removal those government officials from office; as a result they
have no access of this money again. For this reason this money has been
lying in this bank over the years without any beneficiary.

Take note that the ministry in question has no knowledge of this money, as
it was assumed that the entire amount of $ 175 million has been used to pay

Take note that the ministry in question has no knowledge of this money, as
it was assumed that the entire amount of $ 175 million has been used to pay
the main contractor. Also it may also interest you to know that my bank is
not aware of the mystery behind the existence of this money, which I am the
account manager.

All I need from you is that you provide an account where this money could
be transferred into for our mutual benefit. A foreigner is needed due to
the nature of the deposit as it was meant for foreign contract payment.

Anticipating your prompt response!

Fred Kelley

Malicious Code Spreading via IRS Scam

US-CERT is aware of public reports of malicious code circulating via spam email messages related to the IRS. The attacks arrive via an unsolicited email message and may contain a subject line of "Notice of Underreported Income." These messages may contain a link or attachment. If users click on this link or open the attachment, they may be infected with malicious code, including the Zeus Trojan.

US-CERT encourages users and administrators to take the following measures to protect themselves:

• Review the How to Report and Identify Phishing, E-mail Scams and Bogus IRS Web Sites document on the IRS website.
• Do not follow unsolicited web links or attachments in email messages.
• Maintain up-to-date antivirus software.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Social Engineering and Phishing Attacks document for more information on social engineering attacks.

PayPal Inc - Limited Account Access Alert
Yet another phishing attempt that tells users to download an attached form and open it in a web browser in order to restore account access. Do not, of course, download the attached form: this is a phishing attempt to get you to supply personal information on the form to the scammers.

Here is the message:

Date: 21 Sep 2009 03:17:26 -0700
From: PayPal Inc
To:
Subject: Notification of Limited Account Access RXI792
----------------------------------------

As part of our security measures, we regularly screen activity in
the system.
We recently contacted you after noticing an issue on your
account.
We requested information from you for the following reason:
We have observed activity in this account that is unusual or
potentially high risk.

Case ID Number: PP-571-827-951

Please download the form attached to this email and open it in a
web browser.
Once opened, you will be provided with steps to restore your
account access.
We appreciate your understanding as we work to ensure account
safety.
Sincerely,
PayPal Account Department. All rights reserved.
[ Part 2, Application/OCTET-STREAM (Name: "PayPal - Security ]
[ Measures.html") 34KB. ]

August 2009

IRS Identity Theft Consumer Alert: Avoid Phishing and Tax Fraud Schemes
The IRS warns taxpayers to be on the alert for emails and phone calls they may receive which claim to come from the IRS or other federal agencies and which mention their tax refund or economic stimulus payment. The purpose of these messages is to obtain personal and financial information, such as SSN, bank account, credit card, and PIN numbers, from taxpayers that can then be used by the scammers to commit identity theft. The emails and calls may state that the IRS needs the information to process a refund or stimulus payment or deposit it into a taxpayer's bank account.

These identity theft scams use the IRS name, logo, or Web site address in an attempt to convince taxpayers that the scam is a genuine communication from the IRS or the Department of the Treasury.

The IRS does not send taxpayers emails about their tax accounts. The way to get a tax refund or stimulus payment, or to arrange for direct deposit, is to file a tax return.

For more info on consumer scams, see the IRS web page: Suspicious Emails and Identity Theft

July 2009

Email Phishing Scam - Subject: Your email account has been suspended?
An email phishing attempt is currently circulating through the UB email system. This email is a hoax and is attempting to gain access to your UB account information. If you receive this email (or any similar messages), please ignore the message and delete it immediately.

Never send your login credentials (username and password) to anyone by email, and be very suspicious of email messages that ask you to "verify" your credentials by going to a web site and supplying your username and password. Plain text email messages should never include confidential information such as passwords, bank account/credit/debit card numbers, social security numbers, protected health information, or any other private information.

A sample of the phishing email has been included below.

From: Killoran, Angela [mailto:info@google.com]
Sent: Wednesday, July 08, 2009 8:29 AM
To: info@google.com
Subject: Your email account has been suspended?

Your email account has been suspended? We are contacting you in regards to
an unusual activity that was identified in your Mailbox. As a result,
access to your mailbox has been limited. You
are required verify your mailbox by providing the following information IT Service
Mail to: (it.upgradeservice222@gmail.com)

Username:
Password:
Retype password:

Please verify your mailbox otherwise due to security reasons we may have
to close your mailbox temporarily.

Regards,
Killoran, Angela
IT Service

June 2009
Email Phishing Scam - Subject: Important Information ** UBmail Alert **

The UB community is receiving email messages that vary slightly from other recent email phishing scams. In this scam you receive a message, purporting to be from "UBMail Support," that requests that you "Click Here" on a link in the message and then "log in" (supplying your UB IT username and password) to "update your account.". Do NOT click on unknown links in email messages! And--never login to an unknown web site, supplying your UB IT username and password to the unknown web page. Finally, never download software to your computer system from unknown web sites. You may be downloading malware. Here is the full email message.

Subject: Important Information ** UBmail Alert **
Date: Thu, 25 Jun 2009 07:15:16 -0400
From: UBmail Support
Reply-To: chuether@buffalo.edu
To: <noreply@buffalo.edu>

Dear Subscriber,

UBmail will NEVER send e-mail asking for your password! We are NOT
asking people to verify their e-mail account.

UBmail has been receiving complaints of unauthorized use of the
e-mail system, with a reference to the above mentioned instances. As
a result, we are making an extra security check on all accounts in
order to protect their information from theft, fraud and further
unauthorized usage

Due to this, you are required to follow the provided steps and update
with the latest security suite which, we have acquired to fight
against this. All Users and Accounts are subject to this change.
Click Here and login to update your account.

Thank you for using UBmail!

UBmail Internet Support

Password phishing continues at UB: Do NOT reply to messages like the one below, purporting to be from the "UNIVERSITY AT BUFFALO HELP DESK." Never provide your password and other personal information in an unencrypted email message.

Subject: University at Bufallo Email Account Holder's
Date: Sun, 07 Jun 2009 04:41:02 -0500
From: UNIVERSITY AT BUFFALO HELP DESK <ubmail.help.desk@gmail.com>
Reply-To: ubmail.help.desk@gmail.com
To: ubmailhelpdesk@buffalo.edu

Attention:University at Bufallo Email Account Holder's

UNIVERSITY AT BUFFALO wish to notify all UBMAIL EMAIL ACCOUNT HOLDER'S of
the problem we are having on
your email account due to virus which infiltrate our server.We discovered
that in a few days from
now,subscriber using will not be able to access his or her email account
residing in TUniversity at
Bufallo central server system.

In that regards,You are advice to immediately send us the required
information so as to update your
account.

Full Name:...................
Email Address:...............
UBITName :...................
Password:....................
Telephone:................... Management

Copyright © 2005 University at Buffalo
Last Updated: July 26, 2006

May, 2009
Email Phishing Scam: Dear University at Buffalo Webmail Online Email Account Owner

Password phishing continues at UB: do not reply to messages like this, purporting to be from the "UB Webmaster."

Dear University at Buffalo Webmail online Email Account Owner,

Important notice, harmful virus was detected in your account which can be
harmful to our subscriber unit.You are to enter your UBIT Name and password
here {____________, __________} to enable us set in an anti virus in your
user account to clear up this virus. we do need your co-operation in this,
Providing us with this information we enable us insert in your account an
anti virus machine for clean up. We are sorry for the inconveniences this might have cost you. Failure to do
this, we are sorry to let you know that your account will be deleted
immediately to prevent it from arming our subscriber unit.

Thank you for using University at Buffalo,
We are glad at your service,
University at Buffalo Webmaster online.

Latest Facebook Phishing Scam/Identity Theft: Scammers Hit up "Friends" for Cash

CNN Alerts Scam, MSN Breaking News Alert Scam

These emails have been circumventing spam filters and utilizing html-based messages including the CNN web site logo and very enticing headlines to lure unsuspecting recipients into clicking on the links for news stories which are actually downloads of malware from various web sites. Reports indicate that hundreds of web servers may be compromised and hosting this malicious content. The use of news and current events are a proven and effective social engineering tool.

As the 2008 Olympics begin, we anticipate spammers, phishers, and other online attackers may use bogus "Olympic-themed" headlines in their scams.

On August 13th a new phishing attack emerged, using a bogus email that appears to be an MSNBC.com Breaking News Alert. This particular attack had a number of different Subject lines and contained a link that appeared to be for http://breakingnews.msnbc.com, but actually linked to a malicious web site.

Password Phishing Continues

In most cases the intent of this type of phishing scam is to acquire userids and passwords and then use them to access UB's email system to send spam. Please delete these messages, and, remember, NEVER provide your password to ANYONE.

Learn how to recognize phishing scams by playing CMU's Anti-Phishing Phil game.

Other current scams include attempts to trick you into providing credit card or bank account information by telling you your account has been breached or suspended. Please delete these messages, and, remember, NEVER provide your UB IT password, bank account or credit/debit card numbers, SSN, or any other sensitive personal information to ANYONE via email. Finally, do not respond to recorded phone messages by dialing a number supplied in the message. The phone message may be from an overseas scammer attempting to acquire your personal information for identity theft. Always use a phone directory or other official source to find the phone number of your bank/credit card company or other organizations who have asked your to contact them.

Latest UB Phishing Samples: Email Scams

Subject: UPDATE YOUR ACCOUNT DETAILS !!! - June 27, 2008

Do NOT reply to this message, and NEVER provide your password in the body of an email message. UB system administrators will NEVER ask for UB IT account information or any other personal information to be updated and sent to them in this way. The text of this phishing scam follows:

From: University at Buffalo (The State University of New York)
[mailto:customerservice@buffalo.edu]
Sent: Friday, June 27, 2008 12:46 PM
To: undisclosed-recipients:
Subject: UPDATE YOUR ACCOUNT DETAILS !!!

[University At Buffalo Web Banner displayed] 


Dear Webmail Account Owners,

This mail is from the school's web administration message centre to all
webmail account users. We are currently upgrading our data base and e-mail
account centre. We are cancelling unused and inactive webmail account to
provide more space for new accounts.

To prove your account is active and functional,you have to update it with
only the below details by filling each of the colon boxes;

     UBITName: 
     Password:
    Birth Year:

Warning!!!  Any account owner that failed to update his or her account
within three (3) days of this update notification,will loose his or her
webmail account permanently.

Thanks for using our webmail service,
Support Team.
Warning Code: ID67565432

IRS Rebate Phishing Scam - April 24, 2008

Do NOT click on the link and NEVER provide bank account or other personal information in response to an email message "phishing" for this type of information. Scam artists send email that is seemingly from a reputable credit card company, financial institution, or other organization, such as the IRS, that requests account information. When the info is supplied, the scam artists can gain access to the accounts. Reputable organizations will not send email messages to you requesting personal information.

If you believe you may have revealed sensitive info, such as a bank account number, report this to your financial institution immediately and close any accounts that may have been compromised. Monitor your account statements closely.

Dear E-mail Users - April 21, 2008

Dear E-mail Users,

The new UB Webmail is a fast and light-weight application to quickly and easily access your e-mail. We are currently upgrading our data base and e-mail center. We are deleting UB Webmail to create more space for new email.

To prevent your email from closing you will have to update it below so that we will know that it's a present used email.

***********************************************
CONFIRM YOUR EMAIL IDENTITY BELOW
Username : ......... .....
E-mail Password : ...............
***********************************************

Thank you for using UB Webmail!
Warning Code:VX2G99AAJ

Thanks,
UB Webmail Centre (or Center)

Dear Staff/Student, Please Confirm Your Account - April 8, 2008

A copy of the phishing email's text follows:

From: Support Team XX 2008 support2008@buffalo.edu>
To:
Sent: Tue Apr 8 5:35
Subject: Fwd: Dear Staff/Student, Please Confirm Your Account Immediately!!!

Dear Staff/Student,

To complete your buffalo account, you must reply to this email immediately
and enter your password here (*********)

Failure to do this will immediately render your Email Address deactivated
from our database as this is part of our security measures to serve you better.

Thank you for using for being a part of UNIVERSITY AT BUFFALO!

UNIVERSITY AT BUFFALO SUPPORT TEAM
From address: support2008@buffalo.edu
Reply to: support.team2008@alumni.com

Return to Top of Page

Dear BUFFALO Email Account Owner: Phishing Scam - April 6, 2008

Questions about this or other phishing attempts may be directed to the CIT Help Desk or to your local IT support provider.

A copy of the phishing email's text follows:

Dear BUFFALO Email Account Owner,

This message is from Princeton messaging
center to all BUFFALO email
account owners. We are currently upgrading our data base and
e-mail account center. We are deleting all
unused email account to create space for new accounts.
To prevent your account from being deactivated
you will have to update it.
CONFIRM YOUR EMAIL ACCOUNT
Email Username : ...............
Email Password : ..............
Date of Birth : ..................
Country or Territory : .........
Warning!!! Account owner that refuses to update
his or her
account within Seven days of receiving this
email will lose his or
her account permanently.
Thank you for using BUFFALO!
Warning Code:USV64MT1
Thanks,
BUFFALO WEBMAIL Team
BUFFALO BETA

Return to Top of Page

Your Account has been Suspended - Phishing Email Notification: March 31, 2008

From: Pentagon Federal Credit Union [mailto:notice@penfed.org]
Sent: Thursday, March 27, 2008 10:13 PM
Subject: Your Account has been Suspended
Importance: High

Dear Customer,

Pentagon Federal Credit Union , Security Departament temporarily suspended your account.
Reason: Fraud Atempts

We require you to complete an account update so we can unlock your account.

To start the update process please call at total free number : +1 856-431-1109

The information provided will be treated in confidence and stored in our secure database. If you fail to provide information about your account you'll discover that your account has been automatically deleted from our database.

Please note the total free number : +1 856-431-1109

Copyright C Pentagon Federal Credit Union, All Rights Reserved

Return to Top of Page

Dear valued customer - Phishing Email Notification: March 26, 2008

Questions about this or other phishing attempts may be directed to the CIT Help Desk or to your local IT support provider.

A copy of the phishing email's text follows.

Dear valued customer,

We are currently performing maintenance for our Digital Webmail Customers. We intend upgrading our Digital Webmail Security Server for better online services. In order to ensure you do not experience service interruption,Please you must reply to this email immediately your account in order to prevent any unauthorised account access following the network intrusion we previously communicated. and Check out your new features and enhancements with your new and improved Webmail account,

To enable us upgrade your Account for better online services please reply to this mail we have found the vulnerability that caused this issue, and have instigated a system wide security audit to improve and enhance our current security, in order to continue using our services you are require to update you account details below.

To complete your account verification, you must reply to this email immediately and enter your account details below.

Username: (**************)
password: (**************)

Failure to do this will immediately render your account deactivated from our database.

We apologise for the inconvenience that this will cause you during this period, but trust you understand that our primary concern is for our customers and for the security of their data.

Return to Top of Page

Dear BUFFALO>EDU Webmail Subscriber - Phishing Email Notification: March 21, 2008

The UB community needs to be alerted to the latest phishing attempt that is being received by some UB IT Account holders. Do NOT reply to this message. UB system administrators will NEVER ask you to enter personal email account information in an email message.

While email uses a password system, this one layer of protection is not secure and does not guarantee privacy; therefore, you should never send any private, personal, sensitive, or regulated information (e.g., passwords, credit/debit card numbers, social security numbers, state drivers' license or non-drivers' identification numbers, FERPA-regulated (student records) or HIPAA-regulated (health) info via unecrypted email.

Questions about this or other phishing attempts may be directed to the CIT Help Desk or to your local IT support provider. To learn more about email insecurity, see The Case for Email Security. You can learn more practical tips about Phishing, from OnGuard Online.

A copy of the phishing email's text follows.

Dear BUFFALO.EDU Webmail Subscriber,

This mail is to inform all our {BUFFALO.EDU} users that we will be upgrading our webmail site in a couple of days from now. So you as a Subscriber of our site you are required to send us your Email account details so as to enable us know if you are still making use of your mail box.

Further be informed that we will be deleting all mail account that is not functioning so as to create more space for new user. so you are to send us your mail account details which are as follows:

*User name:
*Password:
*Date of birth:

Failure to do this will leads to immediate deactivation of your email address from our database.

You can also confirm your email address by logging into your berry.edu account at https://ubmail.buffalo.edu/

Thank you for using ubmail.buffalo.edu!
FROM BUFFALO.EDU WEBMAIL TEAM

Return to Top of Page

Instant Messaging (IM) Phishing Scam From Individual Posing as FBI Agent

*fbiwesternunion1* (8:44:14 AM): Hello, this is EFCC
police here.We recover the sum of $200,000,000.00 from scammers and we
and federal govt are willing to give all the people that have been
scammed before the sum of $20,000 each and nigeria federal goverment
said we should give the sum of $20,000 to each AIM and yahoo IM, we see
on the scammer list ..and your IM is one of the SN we have to give the
sum of $20,000...I am here with my staff ID card for you to know that i
am a real member of FBI cuz i know that there are many fake FBI online
that scam people of there money..we have arrested many of them and they
are in our custody..be honest with us we dont like game and give us the
right information about you so that we will not give the money to wrong
person.

*fbiwesternunion1* (8:44:27 AM): good day

*fbiwesternunion1* (8:44:34 AM): am officer wale james

*John Q Public* (8:46:12 AM): Hello

*fbiwesternunion1* (8:46:31 AM): what is your name

*John Q Public* (8:46:37 AM): XXXXXX...

*John Q Public* (8:46:41 AM): are you an officer here at RIT?

*fbiwesternunion1* (8:47:18 AM): full name

*John Q Public* (8:47:56 AM): XXXXX XXXXXX

*fbiwesternunion1* (8:48:40 AM): what is your address

*John Q Public* (8:48:56 AM): it is NNN NNNN Rochester,Ny 14623

*John Q Public* (8:49:25 AM): hold on..why do you want my address?

*fbiwesternunion1* (8:50:23 AM): to know you are real

*fbiwesternunion1* (8:50:34 AM): what is your phone number

*John Q Public* (8:50:38 AM): no phone number

*fbiwesternunion1* (8:51:36 AM): so we can text you

*John Q Public* (8:51:48 AM): i have a cell but I am out of texts

*fbiwesternunion1* (8:52:04 AM): what is your ssn

*John Q Public* (8:52:32 AM): lol sorry, not giving out that info

*fbiwesternunion1* (8:52:58 AM): we want you to be honest with us ok

*John Q Public* (9:03:22 AM): is there a number I can reach you at?

*fbiwesternunion1* (9:03:43 AM): yes

*John Q Public* (9:03:51 AM): what is it?

*fbiwesternunion1* (9:04:21 AM): +2348034813948

*fbiwesternunion1* (9:04:30 AM): that is the number

*John Q Public* (9:04:48 AM): Where are you located?

Return to Top of Page

Phishing Scams: Some Quick Facts

UB currently receives in the neighborhood of 4 million spam messages each day. While our spam filters are very good, they are not perfect and they do take some time to identify new types of spam. You need to be on the lookout for identity theft and other scams.

Now that many users are familiar with phishing schemes, thieves are switching their efforts to "vishing" -- leaving recorded phone messages telling recipients that their credit card numbers have been breached and to call the following regional phone number immediately. When a user calls the number, they reach a Voice over Internet Protocol (VoIP) telephone system that recognizes telephone keystrokes, and another message tells them to provide their account number to verify their account.

Healthy skepticism is the best approach to anything you receive via email or telephone broadcast. Here's some specific recommendations:

• Don't open attachments or click on websites in unsolicited e-mail from sent from unknown sources.
• You should never email your password or any other private information (e.g. credit card number, driver's license number, bank account information or social security number), and UB will never ask you to do so.
• Don't be tricked - never reveal your password(s) to anyone.
• Reputable banks and financial institutions will never ask for your account numbers, pins or passwords by email.
• Never enter your credit information into a non-secured web page. A secured web page starts with https:// (note the "S" for "Secure") and will display a lock on the browser frame.
• Never contact a bank, credit card company, or other business using the phone number provided in an email or recorded phone message: many scam artists and identity thieves send messages that look or sound official, purporting to be from a reputable business or organization, seeking account or other personal information from you. Don't trust this type of message: look up phone numbers of your bank and other organizations in a phone directory or other official source.
• Don't fall for stories about winning the lottery, promises of money from newly discovered relatives or requests to act as an agent for a business or individual. If the story sounds too good to be true, it is a probably a scam.

Return to Top of Page

Fake Internal Revenue Service Notice of Deficiency Message - June 5, 2008

If you have any questions about this or any other phishing scams, please contact the CIT Help Desk or your local IT support provider.

A copy of the phishing email's text follows:

Subject:        Notice of Deficiency #55-27964-475324-661
Date:   Thu, 05 Jun 2008 10:35:55 -0500 (CDT)
From:   Internal Revenue Service
To: Some-UB-IT-Account@buffalo.edu    


Department of the Treasury                  Date of this Notice: May 23 2008
Internal Revenue Service                    Letter Number 531(DO)
District Director                           Form: 1040


XXXXXXXXX XXXXXXXXX
The University of Buffalo
(716) 645-3582

                                -NOTICE OF DEFICIENCY-
Dear XXXXXXXXX XXXXXXXXX,

      We have determined that you owe additional tax and other amounts, or
both,
for the tax year(s) identified above.  This letter is your NOTICE OF
DEFICIENCY,
as required by law.  The enclosed statement shows how we figured the
deficiency.

      If you want to contest this determination in court before making any
payment,
you have 90 days from the date of this letter (150 days if addressed outside
the
United States) to file a petition with the United States Tax Court for a
redetermination of the deficiency.

Please click here to download a Copy of the Order, Letter, Notice and Other
Document Being Appealed



      If you decide not to sign and return the waiver, and you do not file a
petition
with the Tax Court within the time limit, the law requires us to assess and
bill you
for the deficiency after 90 days from the date of this letter (150 days if
this letter
is addressed to you outside the United States).

     Thank you for your cooperation.
                            Sincerely yours,
                            Charles O. Rossotti
                            Commissioner by
                            Roger K. Burgess  CR
                            District Director

                                                               Letter
531(DO)(Rev.9-96)

Beware of links in email messages even when they appear to be legitimate and/or from a friend

Fake Federal Subpoena Phishing Scams