<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri",sans-serif;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri",sans-serif;}
span.EmailStyle24
{mso-style-type:personal;
font-family:"Calibri",sans-serif;}
span.EmailStyle25
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle26
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle27
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle28
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:125317439;
mso-list-template-ids:-391637756;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:610825639;
mso-list-template-ids:-1248716438;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Increased Email Phishing Activity Targeting Leadership<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt">Continued Direct Email Phish Activity</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">We continue to experience an increased level of phishing attempts specifically requesting users to purchase gifts cards, send funds, or change banking account information to accounts controlled by the malicious
actors. Please share this information with your local departments. <i>We are specifically seeing leadership targeted</i> as well as any staff who may have access to financial accounts, this includes the president’s office, the provost‘s office, FSO, and other
staff. Below, please find examples of the latest attacks we have seen at UA. [Sending the examples below in an image to try to get through our SPAM filters.]</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><img width="1288" height="533" style="width:13.4166in;height:5.552in" id="Picture_x0020_1" src="cid:image001.png@01D4B32B.7FA432E0" alt="cid:image001.png@01D4B323.FDCC5100"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt"> </span></b><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt">Report these Emails</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="color:black">Please forward phishes you receive to<span class="apple-converted-space"> </span></span><a href="mailto:phish@arizona.edu"><span style="color:#954F72">phish@arizona.edu</span></a><span class="apple-converted-space"><span style="color:black"> </span></span><span style="color:black">as
described here: <span class="apple-converted-space"> </span></span><a href="https://security.arizona.edu/content/phishing"><span style="color:#954F72">https://security.arizona.edu/content/phishing</span></a><span style="color:black">. If you have any additional
questions, please contact the Information Security Office at<span class="apple-converted-space"> </span></span><a href="mailto:security@arizona.edu"><span style="color:#954F72">security@arizona.edu</span></a><span style="color:black">. </span><o:p></o:p></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<o:p></o:p></p>
<div>
<p class="MsoNormal"><b><span style="font-size:11.0pt"> </span></b><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt">Chris Demetriou, GCIH</span></b><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">Assistant Director Security Operations and Incident Response</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">University of Arizona</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">520-626-2055</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:black">From: </span></b><span style="color:black">"Demetriou, Christopher Gregory - (cdemetriou)" <</span><a href="mailto:cdemetriou@email.arizona.edu">cdemetriou@email.arizona.edu</a><span style="color:black">><br>
<b>Reply-To: </b>"Demetriou, Christopher Gregory - (cdemetriou)" <</span><a href="mailto:cdemetriou@email.arizona.edu">cdemetriou@email.arizona.edu</a><span style="color:black">><br>
<b>Date: </b>Tuesday, January 8, 2019 at 11:21 AM<br>
<b>To: </b>"</span><a href="mailto:uits-announce@list.arizona.edu">uits-announce@list.arizona.edu</a><span style="color:black">" <</span><a href="mailto:uits-announce@list.arizona.edu">uits-announce@list.arizona.edu</a><span style="color:black">><br>
<b>Subject: </b>[uits-announce] Increased Email Phishing Activity. New Filter Enabled.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
</div>
<p class="MsoNormal"><b><span style="color:black">Increased Email Phishing Activity – FUNDS REQUESTS</span></b><o:p></o:p></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black"> </span><o:p></o:p></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black">UITS and other Universities have detected an increase in email phishing activity on campus, specifically spear phishing attempts seeking to have users purchase gift cards or send funds immediately. We want to make you and your units
aware of this issue, as well as additional steps UITS has taken to remediate the situation.</span><o:p></o:p></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black"> </span><o:p></o:p></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<b><span style="color:black">Current situation:</span></b><o:p></o:p></p>
<ul style="margin-top:0in;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px" type="disc">
<li class="MsoListParagraph" style="color:black;margin-top:0in;margin-bottom:0in;margin-bottom:.0001pt;mso-list:l0 level1 lfo3">
<span style="font-size:12.0pt">Malicious emails were detected starting early December and appear to come from the President, a Dean, or other senior official at the university requesting an ‘Urgent reply’.</span><o:p></o:p></li><li class="MsoListParagraph" style="color:black;margin-top:0in;margin-bottom:0in;margin-bottom:.0001pt;mso-list:l0 level1 lfo3">
<span style="font-size:12.0pt">The body of the message contains ‘Hello, are you available?’</span><o:p></o:p></li><li class="MsoListParagraph" style="color:black;margin-top:0in;margin-bottom:0in;margin-bottom:.0001pt;mso-list:l0 level1 lfo3">
<span style="font-size:12.0pt">If the recipient responds to the email, the hacker asks the recipient to purchase a gift card or provide a personal loan.</span><o:p></o:p></li></ul>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black"> </span><o:p></o:p></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<b><span style="color:black">Resolution:</span></b><o:p></o:p></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black">UITS has implemented a content filter to 1) scan the subject line and body of incoming emails and 2) identify emails that are considered SPAM based on the criteria mentioned above.</span><o:p></o:p></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black">If the filter detects a match, 1) “[SPAM?]” will automatically be added to the email subject line to notify the recipient it is not a legitimate email message and 2) the filter will set the ‘from’ address to the originating email address,
removing the friendly recognized sender name. </span><o:p></o:p></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black"> </span><o:p></o:p></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black">For example: the correct address for the president is<span class="apple-converted-space"> </span></span><a href="mailto:president@arizona.edu"><span style="color:#954F72">president@arizona.edu</span></a><span style="color:black">,
the fake address may look something like<span class="apple-converted-space"> </span></span><a href="mailto:‘president.arizona.edu@gmail.com"><span style="color:#954F72">‘president.arizona.edu@gmail.com</span></a><span style="color:black">’. The filter will
replace the name with the actual email address. </span><o:p></o:p></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black"> </span><o:p></o:p></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black">The content filter will indicate which emails are suspected to be SPAM but emails will still be delivered to the inbox as normal. The filter will help ensure legitimate emails are not impacted.</span><o:p></o:p></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black"> </span><o:p></o:p></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black">Please forward phishes you receive to<span class="apple-converted-space"> </span></span><a href="mailto:phish@arizona.edu"><span style="color:#954F72">phish@arizona.edu</span></a><span class="apple-converted-space"><span style="color:black"> </span></span><span style="color:black">as
described here: <span class="apple-converted-space"> </span></span><a href="https://security.arizona.edu/content/phishing"><span style="color:#954F72">https://security.arizona.edu/content/phishing</span></a><span style="color:black">. If you have any additional
questions, please contact the Information Security Office at<span class="apple-converted-space"> </span></span><a href="mailto:security@arizona.edu"><span style="color:#954F72">security@arizona.edu</span></a><span style="color:black">. </span><o:p></o:p></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="color:black"> </span><o:p></o:p></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<b><span style="color:black">Further Resources:<span class="apple-converted-space"> </span></span></b><o:p></o:p></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<b><span style="color:black">What’s Phish?</span></b><span class="apple-converted-space"><span style="color:black"> </span></span><span style="color:black">security.arizona.edu/node/335</span><o:p></o:p></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<b><span style="color:black">Phishing Alerts:</span></b><span class="apple-converted-space"><span style="color:black"> </span></span><span style="color:black">security.arizona.edu/phishing_alerts</span><o:p></o:p></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<b><span style="color:black">Report a Phish:<span class="apple-converted-space"> </span></span></b><span style="color:black">security.arizona.edu/content/report-phish</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt">Chris Demetriou, GCIH</span></b><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">Assistant Director Security Operations and Incident Response</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">University of Arizona</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">520-626-2055</span><o:p></o:p></p>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</body>
</html>