Page Information

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Section

Current phishing scams


Column
width100%

December 2018 - Head of department iTunes gift card scam

Description: This email is a low-effort impersonation style email. The scammer attempts to coerce a target into sending valid gift card details by impersonating an urgent request from a department head. This scam uses the publicly available staff directory to target the reporting lines of the University's senior staff. By impersonating a position of authority, the scammers hope to illicit a swift response from the victim.

How to spot it: The "From" address is typically a gmail address that includes the impersonated person's first and last name. There is always urgency in the request to manipulate the victim and reduce the possibility of the victim thinking about the request.

Response: Since the scammers use the same text for each campaign, IT is able to block subsequent emails one we are aware of the content.

Action: Do not respond to the scammer. Report the email to the IT Service desk by sending the email as an attachment. Once sent, the email can be deleted. Always validate requests of a financial nature via an alternate trusted email address or phone number.

Volume: MQ IT has received thousands of this style of email from October 2018 to December 2018.

Example: The example below shows how the conversation proceeds if responding to the scammer. There are regular reminders in the conversation about the urgency of the request.

December 2018 - I know your password scam

Description: This email is a low-effort blackmail style email. The intention of the scammers is to scare the recipient into paying bitcoins to protect their account. The scammer attempts to gain legitimacy by using an old password obtained from a beach that might have happened years ago. Popular breaches are the LinkedIn breach or the MySpace breach. This can be intimidating for some users because the scammers have a password that the victim recognises and threatens to expose fictitious inappropriate online activity. However, the text is the same in all cases of this scam and there is no evidence of any access to personal equipment.

How to spot it: The email includes a past password, includes a threat and asks for a bitcoin payment.

Response: Since the scammers use the same text for each campaign, MQ IT is able to block subsequent emails once we are aware of the content.

Action: Do not respond to the scammer. Report the email to the IT Service desk by sending the email as an attachment. Once sent, the email can be deleted. If you are using the password, or similar, that features in the email, then it is recommended that your password is changed.

Volume: MQ IT has received thousands of this style of email from October 2018 to December 2018.

Example 1:

 

Example 2:

Image Added

Previous Phishing Samples

September 2018 - Infected Bill or Payment PDF Attachment

July 2018 - CEO Fraud

May 2018 - Invoice Fraud

January 2018 - Fake Office 365 Account Notice


January 2018 - Fake Dropbox Message


September 2017 - Infected Bill or Payment PDF Attachment