Blog - Page 21 of 26 - Security MattersSecurity Matters

[Phish] Exploitation attempt

July 19, 2018

Details:

From: Franchot Bickel <nfkoraziogn@outlook.com>
Subject: [redacted]odine[redacted]

Text:

I do know lodin[redacted] your passphrase. Lets get directly to the purpose. You may not know me and you are most likely thinking why you’re getting this mail? Absolutely no one has paid me to check about you.

In fact, I setup a software on the X video clips (pornographic material) website and there’s more, you visited this website to have fun (you know what I mean). While you were watching video clips, your browser started out operating as a Remote control Desktop that haa key logger which provided me with access to your display and also webcam. after that, my software gathered your complete contacts from your Messenger, social networks, as well as e-mail. Next I made a video. First part displays the video you were watching (you have a fine taste hahah), and next part displays the recording of your web camera, and it is u.

There are 2 choices. Why dont we understand the solution in details:

First alternative is to neglect this e-nail. As a result, I most certainly will send your video recording to just about all of your personal contacts and also you can easily imagine regarding the embarrassment you will see. Moreover if you are in a romance, precisely how it will affect?

Next solution should be to compensate me 3000 USD. We are going to think of it as a donation. Then I will instantaneously eliminate your video footage. You can keep on going everyday life like this never occurred and you will never hear back again from me.

You will make the payment by Bitcoin (if you do not know this, search for “how to buy bitcoin” in Google).

BTC Address: 1HfBDo6rtwH2zNA83xwQGmqLY3Y8YGc4q5
(case sensitive, copy & paste it)

In case you are curious about going to the authorities, anyway, this e mail cannot be traced back to me. I have dealt with my moves. I am also not trying to ask you for money a whole lot. I would like to be compensated. I have a special pixel in this e mail, and right now I know that you have read this e-mail. You have one day in order to pay. If I do not get the BitCoins, I will certainly send your video to all of your contacts including close relatives, coworkers, and so on. Having said that, if I receive the payment, I’ll erase the video immidiately. If you need proof, reply Yeah and I will certainly send our your video to your 13 contacts. It is a nonnegotiable offer, so don’t waste my personal time and yours by replying to this e mail.

Anti-phishing campaign

June 28, 2018

The education and awareness team alongside information security will be ramping up their anti-phishing campaign this summer to target one department/area per month. Read about tips to keep you safe online.

If your department is interested in participating and in turn improving their online safety and security, reach out to its.eda@utoronto.ca.

Save time with self service password recovery

June 26, 2018

Do you need help recovering your password? Have you ever said or thought:

“I can’t remember my password and need it reset.”
“I think someone changed my password.”
“Someone may be using my account.”

Use the UTORid account recovery password reset service found at https://recover.utorid.utoronto.ca.

The service will save you time and is efficient. Once you sign up then you won’t experience the delays or inconveniences of filling out web services tickets or walking over to your campus help desk for a reset.

Follow these easy steps:

First set up your recovery method

Go to https://www.utorid.utoronto.ca
Set up your password reset/account management options. Choose where to send your password reset authentication code
- Alternate email; or
- SMS phone text

Then recover your account password whenever you need to

Go to https://recover.utorid.utoronto.ca
Enter your UTORid
Enter the security code sent to your mobile phone or alternate email
Change your password, and you’re ready to login

Click here for a more detailed guide with screenshots.

[Phish] Problem with your Netflix membership

June 19, 2018

Details:

From: Netflíx <service@lnetflowx.com>
Subject: Problem with your Netflíx membership

Text:

Please Update Your Payment Method

Dear Customer,

Sorry for the interruption, but we are having touble authorizing your credit card.
Please click here to enter your payment information again or to use a different
Payment method. When you have finished, we will try to verify your account again.
If it still dos not work, you will want to contact your credit card company.
If you have any questions, we are happy to help. Simply call us anytime at 1-800-585-7265.

-The Netflix Team

[Phish] Account Temporary Blocked

June 9, 2018

Details:

From: Email Administrator <b_sanjeev33@rediffmail.com>
Subject: Account Temporary Blocked

Text:

Dear [redacted],

Your email account will Expire on 11 Jun 2018,,
If you want to continue using your email address: [redacted] You will need to verify immediately to prevent your account from terminating

All messages and files will be lost if you do not immediately verify

This service is free of charge

[Phish] DO NOT IGNORE THE WARNING

June 4, 2018

Details:

From: Mail Service <no-reply@administrator.com>
Subject: DO NOT IGNORE THE WARNING

Text:

Email blacklist

Dear [redacted] Our records indicate your account has been detected in spam activities, it has been included in the blacklist. Failure to confirm and update your account within 24 hours will result in a permanent suspension .

Confirm your account below.

Science Rendezvous outreach reveals a generation of security savvy kids

May 29, 2018

On Saturday, May 12th a generation of budding scientists took over St. George Street to celebrate Science Rendezvous, a family-friendly science festival. Information Technology Service’s education and awareness team was there to educate young people about information security through three activities: our pom pom survey, our prize wheel and our web game, “Patch vs the Nefarious Code”. After speaking with over 170 children, we were amazed by how many of these kids were already security savvy.

The education and awareness team has been running information security pop up booths for students, staff and faculty at the University of Toronto for over a year and this was our first opportunity to connect with school-age children. They blew us away with their security and privacy know-how: they knew to double check permission settings before downloading apps and to be familiar with social media platforms’ privacy policies. This is a refreshing departure from the reactions we received from some of the adults we spoke to that same day. Some of these adults seemed to have a laissez-faire attitude about security, saying: “Well, they’re going to collect my data anyways aren’t they?” or “Who cares, I have nothing to hide?” These kids on the other hand, were thoughtful and engaged, clearly mindful of their digital safety. It looks like the next generation is ready to face the security and privacy challenges of the future.

Want to try playing “Patch vs. The Nefarious Code”? Visit https://securitymatters.utoronto.ca/InfoSec/src/intro.html.

Websites without HTTPS will be marked as “not secure” by Google Chrome

May 29, 2018

As of July 2018, Google’s Chrome web browser will display non-HTTPS sites as ‘not secure’. This is a victory for the IT security conscious, and users concerned about the privacy of their data.

Google has been advocating for webmasters to switch over to the HTTPS protocol, and have been encouraging this by indexing secure pages (HTTPS) over unsecured pages (HTTP), which will increase prominence and awareness for internet security and privacy. This prevents outside monitoring by encrypting your browser activity data and verifying website addresses without any third-party interference. It means all communications between your browser and the website are encrypted.

HTTP sites will still be accessible and functional from the Chrome browser, however, they will be marked as unsecured. If you are a webmaster or want more information please visit the advisory article for secure certificate authorization here

[Phish] FINAL WARNING

May 25, 2018

Details:

From: “Pereira, Samuel” <spereira@nsf.org
Subject: RES: Final Warning

Text:

Important Staff Notice:

Please Click STAFF-PAYROLL to enable us update your Payroll as all staff and members are getting payroll update now.

If you do not update within the next 48hours, your account will be deactivated.

Thank You.

NOTICE: This email and its contents/attachments may be confidential and are intended solely for the individual to whom it is addressed. If you are not the named addressee or if this email is otherwise received in error, please immediately notify the sender without reading it and do not take any action based on its contents or otherwise copy or disclose it to anyone. Any opinions or views expressed in this transmission are solely of the author and do not necessarily represent those of NSF International or its affiliates.

[Phish] Voice Message

May 21, 2018

Details:

From: 415-028-9377 <Office365@office365a.com +448488493311 leeds@bestbuybathrooms.co.uk>
Subject: Notice! Fwd: Voice Message from 1803301966

Text:

You have a new voice message from phone 6253-039-XXXX