Security Bulletin of October 15, 2009
Overview
Full Text of One Known Scam
Tips for Safer Computing
Further Assistance
Other Bulletins
Recent CERT Alerts
|
COMPUTING ALERT: Malicious Email Still Common; Know the Signs
OVERVIEW
October is National Cyber Security Awareness Month. Malicious email messages continue to be a problem at Haverford and elsewhere.
Recently, many users got a bogus email from "administrator [mailto:administrator@haverford.edu]" with the subject "Please note" asking them to run a "certificates update procedure" from a seemingly secure server. However, that server was not secure. Secure servers always have https:// at the start of their web address. The "https" protocol ensures that the server is encrypted and verified by an independent third party.
The full text of this bogus email is below. However, because of the volume and variety of malicious messages, we ask all members of the Haverford community to follow these tips when reading email.
GENERAL TIPS:
(These tips are also posted at https://www.haverford.edu/acc/protect/malicious_email.html.)
- If the Haverford Computing Center asks for you to take action, we will reference a page on our secure web site. This will help you determine whether an email that appears to come from the Computing Center is legitimate. How can you tell the site is secure? Notice that the URL begins with HTTPS and that your browser displays an image of a padlock on the URL line or the status bar, indicating the site is verified and encrypted.
- Verify email requests. In a phishing attack, somebody pretending to be a trustworthy source tries to trick you into revealing sensitive information such as email passwords or bank account information. Common phishing attempts come from sources pretending to be IT departments, banks, government agencies and Internet Service providers. Confirm any suspicious email messages by phone, a secure web site, or other trusted contact information. Do not open attachments, click on web links, or reply to bogus emails; instead, delete the message.
- Be selective about the web links and attachments you open. Attachments and web pages can house malicious code, leaving your computer vulnerable to viruses or remote attacks. Although an email or web site might seem very official, emails and web pages can be spoofed.
- Never send passwords or other sensitive information via email. Email is not secure. It is against Computing Center policy to request your password or other sensitive information via email. In fact, reputable sources should never ask you to send sensitive information by email.
- If you accidentally reply to an email requesting your Haverford account password, reset your password immediately. Our password changing tool is on our secure web site, https://accounts.haverford.edu/. Note, the Computing Center will reset your password if we learn that you responded to a phishing email. If you have trouble accessing your email account, please call the Help Desk.
- Be alert to unusual computer behavior. If you notice anything unusual, such as the wrong name appearing in your SquirrelMail account, your computer running unusually slow, or your browser loading the wrong web pages, please contact the Help Desk immediately. These are common symptoms of a compromised computer or email account.
- Use common sense. There are many other potential email hazards. Be wary of get-rich-quick and quick-fix emails. If you have any doubt about a message, check with the sender or with the Computing Center.
For more details, see the excellent document, Recognizing and Avoiding Email Scams, on the United States Computer Emergency Response Team web site (https://www.us-cert.gov/reading_room/).
HELP:
If you have any questions, please contact the Computing Help Desk:
Telephone: 610-896-1480
Email: helpdesk@haverford.edu
FULL TEXT OF RECENT SCAM
The full text this bogus email message is below.
From: administrator [mailto:administrator@haverford.edu]
Sent: Monday, October 12, 2009 12:54 PM
To: jpollardd@haverford.edu
Subject: Please note!
Attention!
On October 16, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.
The changes will concern security, reliability and performance of mail service and the system as a whole.
For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.
This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That's all.
http://updates.haverford.edu.secure.1ssl-certs.com/core/id=7738567-jpollardd@haverford.edu-patch826550.aspx
Thank you in advance for your attention to this matter and sorry for possible inconveniences.
System Administrator
|
MORE INFORMATION
Additional information about computer
security and current threats can be found at the following sites:
- United States Computer Emergency Readiness Team (US-CERT )
- <https://www.us-cert.gov/nav/nt01/>
- McAfee Avert Threat Center
- <https://www.mcafee.com/us/threat_center/default.asp>
- Microsoft Security
- <https://www.microsoft.com/security/>
- Apple Product Security
- <https://www.apple.com/support/security/>
ACC EMAIL POLICY:
ACC will never request passwords or other confidential information via email. Email is not secure. We will never email an executable file. Instead, if we ask you to take action, we will always refer you to our web site, using an address that starts with the secure "https" protocol -- that way, you know you are downloading a safe file from us.
VERIFY THIS ALERT IS LEGITIMATE:
Before taking an action recommended in an email, please confirm that the email is legitimate. ACC posts a detailed description of all our alerts on our web site, https://www.haverford.edu/acc/bulletins/. |
