Alerts

Security Alert
Dec 4, 2013 - 10:43 am

Beware of an email from secure @ brown.edu sending an "Important Message About Your Brown University Account." This is a phishing email, attempting to get you to click on the link and/or open the attachment. Do not do either. If you have not already deleted it, mark the email as phishing and then delete it.

Clues that the email is bogus include:  use of the generic "Recipients" in the TO field, an empty address line ("Dear ,"), when mousing over the link its address is other than shown, missing punctuation and a suspicious attachment. An example follows:

---------- Forwarded message ----------
From: Brown University Account
Date: Mon, Nov 11, 2013 at 6:30 AM
Subject: Important Message About Your Brown University Account
To: Recipients 

Dear,

We regret to inform you that recently we are unable to verify your webmail account with us

We therefore implore you to confirm your webmail details by clicking our secure site link below

https: // www . brown . edu

To avoid permanent webmail account suspension

Thank you.

Brown University

Security Alert
Dec 4, 2013 - 10:43 am

You may have read of a major breach of account at Adobe Systems, which has been called a “very sophisticated hack” resulting in a compromise of over 38 million accounts.  Adobe provides many commonly used applications (including Acrobat, Flash, etc.), and so it may come as no surprise that some Brown users are going to have Adobe accounts that are affected.  We are aware of least 2,200 accounts that were from a Brown address. If you were affected, you should have been contacted by Adobe directly.

The list of exposed email addresses and encrypted passwords was anonymously posted online, presumably by those who hacked the Adobe site.  As a result, multiple hackers are reportedly actively working to decrypt the passwords.  Decrypting a 6-character password can take as little as 3 to 5 minutes, even if it is a "complex" password with a combination of upper and lower case letters, numbers and symbols.  Longer passwords take more time to crack but with enough computational power and time, any password shorter than 15 or so characters is probably at risk.

We strongly urge everyone to you to change your Adobe password as soon as possible, whether you have been contacted or not.  In addition, if you used the same password for other accounts (e.g. your Brown or Google password, or your bank account password) you should change those immediately as well.  Reports have surfaced detailing that passwords are already being unencrypted.  Please note that you should never use your Brown password on an external website, and it is never a good practice to use the same password in all of your locations.

Security Alert
Dec 4, 2013 - 10:42 am

This global spam message contains a malicious virus in the attachment.  Code named “Crypto Locker”, it is already considered to be an historically devastating virus because it holds your computer hostage until you pay a fee.  This latest effort is part of a growing area of computer crime known as “ransom ware”.  If the virus is allowed to run on the computer, it encrypts all of the files, attached USB and backup drives, as well as files on department files shares that may be open. A notice appears indicating what has happened, and demanding payment of various amounts between $100-$500 in order to get the key to unlock the data.  Even when paid, it has been reported that the key does not always work.  Evidence indicates that the encryption can not be undone.

The emails arrive in legitimate-looking formats from companies such as Fedex, UPS, and DHL, and contain a zip attachment in the file under the disguise of a PDF.  Please be on a heightened state of awareness for any such messages that may make it to your inbox, and report them as phishing to Google.  We remind you that you should always be aware and cautious of opening any attachments that you receive.  In addition to these two baseline defenses, having a backup of your files in case of such an attack is the only sure way that you do not experience a complete loss. Your DCC or ITSC can discuss backup options available to you.

Security Alert
Nov 6, 2013 - 9:09 pm

Emails from "IT Service Help Desk" about an "Upgrade Alert!" have been reported, warning about account deactivation if not responding. Do not click on or respond to this phishing scam.

Instead, before deleting it, open the original copy of the email you received and then click on the down arrow, to the right of the REPLY button, and select "Report phishing." This will send that message immediately to the GMail Team for analysis and filtering. Read more about how to spot a phish. 

---------- Forwarded message ----------
From: Chauna Banks-Daniel (DISTRICT 2) <CBanks-Daniel@brgov.com>
Date: Mon, Nov 4, 2013 at 8:59 AM
Subject: Upgrade Alert!
To:

This Email is sent from your IT Service Help Desk. We are conducting an email sweep upgrade,

All users are to verify his/her account for upgrade to avoid account deactivation. CLICK HERE to go to verification page.

Failure to verify your account will render your mailbox account in-active from our database service. Thank you for your understanding.
IT Service Help Desk.

Security Alert
Oct 18, 2013 - 2:26 pm

Emails from "Brown University, service@brown.edu" have been reported, warning about account expirations. Do not click on or respond to this phishing scam.

Instead, before deleting it, open the original copy of the email you received and then click on the down arrow, to the right of the REPLY button, and select “Report phishing.” This will send that message immediately to the GMail Team for analysis and filtering. Read more about how to spot a phish.

---------- Forwarded message ----------
From: Brown University <service@brown.edu>
Date: Wed, Oct 9, 2013 at 7:39 AM
Subject: Letter From Brown University
To:

Dear User,

Your account profile will expire today.

Kindly Click Here to validate.

Sincerely,
Brown University

All rights reserved. Copyright © 2013 Brown University

Security Alert
Oct 9, 2013 - 9:48 am

A phishing email from the "System Administrator Team" has hit the Brown campus asking the receiver to click on a link to remove two emails on pending status.  This is bogus and is orginating from a compromised Brown account.  DO NOT CLICK on the link. Instead, before deleting it, open the original copy of the email you received and then click on the down arrow, to the right of the REPLY button, and select “Report phishing.” This will send that message immediately to the GMail Team for analysis and filtering. Read more about how to spot a phish.

Security Alert
Oct 9, 2013 - 9:47 am

Several reports on campus of the same phishing email seen earlier this summer with the subject line: Your Mailbox has exceeded Its storage limit. See the earlier post for details.

Security Alert
Oct 3, 2013 - 1:11 pm

The Help Desk has been receiving inquiries regarding a legitimate email that was received yesterday from the Benefit's office. The way the message was composed and sent to users makes it appear as if it is SPAM. Also, when reading the email, there is a delay that has caused some machines reading the message to freeze. Please note that we have been in touch with the Benefits Office and are working closely with them to ensure that future messages from their office are received with out issue and also written in a manner that ensures the customer of its legitimacy. Please contact our office with any questions or concerns, we are here to help if needed.

CIS Help Desk


Security Alert
Sep 13, 2013 - 3:50 pm

Several reports on campus of the same phishing email last seen on the 19th, subject line: Your Mailbox has exceeded Its storage limit. See the July 19th post for details.  We’ve also seen the “IRS.gov” emails, a variation on Phishing Alert: Notice from IRS on June 5.

Security Alert
Aug 21, 2013 - 11:14 am

The Help Desk has received multiple reports of a phishing email that warns recipients that “Your Mailbox has exceeded Its storage limit as Set By Your Administrator, and you will not be able to receive new emails until you Re-Validate it.”

It includes all the tell-tale signs of a phish: it attempts to create a false sense of urgency, requests you click on a suspicious link to address the problem, is from a non-Brown account and not sent directly to your email account, and contains grammar and formatting errors. DO NOT CLICK on the link.

Instead, before deleting it, open the original copy of the email you received and then click on the down arrow, to the right of the REPLY button, and select “Report phishing.” This will send that message immediately to the GMail Team for analysis and filtering. Read more about how to spot a phish.