[Plantsci] Increased Email Phishing Activity Targeting Leadership

Marquez, Mario A - (marquezm) marquezm at email.arizona.edu
Wed Jan 23 15:08:37 MST 2019 

Increased Email Phishing Activity Targeting Leadership

Continued Direct Email Phish Activity

We continue to experience an increased level of phishing attempts specifically requesting users to purchase gifts cards, send funds, or change banking account information to accounts controlled by the malicious actors.  Please share this information with your local departments. We are specifically seeing leadership targeted as well as any staff who may have access to financial accounts, this includes the president’s office, the provost‘s office, FSO, and other staff. Below, please find examples of the latest attacks we have seen at UA. [Sending the examples below in an image to try to get through our SPAM filters.]

[cid:image001.png at 01D4B323.FDCC5100]


Report these Emails

Please forward phishes you receive to phish at arizona.edu<mailto:phish at arizona.edu> as described here:  https://security.arizona.edu/content/phishing. If you have any additional questions, please contact the Information Security Office at security at arizona.edu<mailto:security at arizona.edu>.


Chris Demetriou, GCIH
Assistant Director Security Operations and Incident Response
University of Arizona
520-626-2055


From: "Demetriou, Christopher Gregory - (cdemetriou)" <cdemetriou at email.arizona.edu<mailto:cdemetriou at email.arizona.edu>>
Reply-To: "Demetriou, Christopher Gregory - (cdemetriou)" <cdemetriou at email.arizona.edu<mailto:cdemetriou at email.arizona.edu>>
Date: Tuesday, January 8, 2019 at 11:21 AM
To: "uits-announce at list.arizona.edu<mailto:uits-announce at list.arizona.edu>" <uits-announce at list.arizona.edu<mailto:uits-announce at list.arizona.edu>>
Subject: [uits-announce] Increased Email Phishing Activity. New Filter Enabled.

Increased Email Phishing Activity – FUNDS REQUESTS

UITS and other Universities have detected an increase in email phishing activity on campus, specifically spear phishing attempts seeking to have users purchase gift cards or send funds immediately.  We want to make you and your units aware of this issue, as well as additional steps UITS has taken to remediate the situation.

Current situation:

  *   Malicious emails were detected starting early December and appear to come from the President, a Dean, or other senior official at the university requesting an ‘Urgent reply’.
  *   The body of the message contains ‘Hello, are you available?’
  *   If the recipient responds to the email, the hacker asks the recipient to purchase a gift card or provide a personal loan.

Resolution:
UITS has implemented a content filter to 1) scan the subject line and body of incoming emails and 2) identify emails that are considered SPAM based on the criteria mentioned above.
If the filter detects a match, 1) “[SPAM?]” will automatically be added to the email subject line to notify the recipient it is not a legitimate email message and 2) the filter will set the ‘from’ address to the originating email address, removing the friendly recognized sender name.

For example: the correct address for the president is president at arizona.edu<mailto:president at arizona.edu>, the fake address may look something like ‘president.arizona.edu at gmail.com<mailto:‘president.arizona.edu at gmail.com>’.  The filter will replace the name with the actual email address.

The content filter will indicate which emails are suspected to be SPAM but emails will still be delivered to the inbox as normal. The filter will help ensure legitimate emails are not impacted.

Please forward phishes you receive to phish at arizona.edu<mailto:phish at arizona.edu> as described here:  https://security.arizona.edu/content/phishing. If you have any additional questions, please contact the Information Security Office at security at arizona.edu<mailto:security at arizona.edu>.

Further Resources:
What’s Phish? security.arizona.edu/node/335
Phishing Alerts: security.arizona.edu/phishing_alerts
Report a Phish: security.arizona.edu/content/report-phish


Chris Demetriou, GCIH
Assistant Director Security Operations and Incident Response
University of Arizona
520-626-2055

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://list.cals.arizona.edu/pipermail/plantsci/attachments/20190123/e5d48bb6/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 96138 bytes
Desc: image001.png
URL: <https://list.cals.arizona.edu/pipermail/plantsci/attachments/20190123/e5d48bb6/attachment.png>

More information about the Plantsci mailing list