Phishing@UNL

Subscribe to Phishing Listserv

Don't get reeled in by phony emails!

Information Technology Services is providing this central location of phishing emails that are received by the campus. We make every effort to prevent these types of scams from entering our email gateways and can often block them once they are reported to us.

Emails reported to Cybersecurity

10/20/2020 Threat Alert: Election Scams

The University of Nebraska Cybersecurity team has been notified about a recent election-themed phishing campaign which has been distributing malicious software to hundreds of organizations in the U.S. These phishing emails contain malicious attachments that can infect your device with malware and compromise data and systems.

 How the Attacks Work

Emails in this campaign have been mimicking legitimate messaging from the Democratic National Committee (DNC). One message in the campaign used the subject line “Team Blue Take Action.” Recipients were encouraged to open the attached Word document, which presumably contained information about volunteer opportunities with Team Blue, an established organizing effort of the DNC. The malicious file, “Team Blue Take Action,” contained macros which, if enabled by the intended recipient, triggered the installation of very dangerous malware.

How to Protect Yourself

It’s critical to remember that phishing attacks can be timely, relevant, and sophisticated. Surface clues can be deceiving. Malicious messages can look right, sound right, and appear to come from trusted sources.  You must also recognize that threat actors often use multiple methods and messages to spread malware. For example, the message referenced above was just one of many sent by the same group of attackers. Below are some additional subject lines and file names that were used in the same phishing campaign (Subject Line/File Name of attachment):

Valanters 2020/Team Blue Take Action.doc
Detailed Information/List of works.doc
List of works/Valanters 2020.doc
Volunter/Detailed information.doc
Information/Volunter.doc

Election-themed phishing campaigns are likely to surge in the coming weeks. Here are key pieces of advice for avoiding attacks like these:
  • If you receive an unexpected email that prompts you to download a file, do not interact with it. You must confirm the file is safe before interacting with it.
  • Never enable macros in an attachment or a cloud-based document (unless you have received the OK from our IT team to do so).
  • At work, report suspicious emails by clicking the “Report Phish” button in your email toolbar.
  • At home, delete suspicious messages or reach out to a known, trusted source if you wish to confirm the legitimacy of an email.

Remember: You are the last line of defense against phishing attacks. Scammers use many methods to fool email recipients. But you don’t have to fall for these tricks. If you want to learn more about phishing and social engineering, check out the security awareness videos available in the Proofpoint Security Education Platform (aka Wombat).  Go to https://firefly.nebraska.edu and login, click on the SECURITY AWARENESS TRAINING tile.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

FBI Alert:  Fraudulent Unemployment Claims, Job Scams, Gift Card Scams

The ITS Cybersecurity team has received information that a large collection of phishing kits are for sale on a hacker forum. This collection includes phishing for well-know, top-rated websites and financial organizations.[1] in addition, be on the lookout for gift card scams and job scam emails.  In add, the FBI has reported a high number of fraudulent unemployment claims.[2] Tips on suspicious emails include:

  • Be skeptical of links provided in emails.  The link may look like it is going to the correct site, but the hyperlink could be redirected to a different website when clicked. 
  • If you click on a link, before logging in, make sure you are at the correct website – if you don’t know if it’s the correct website, click the REPORT PHISH button to have the security team look at the email.  Once you report the email as phish, the email will be moved to the JUNKMAIL folder. 
  • Banking institutions will not email you asking for your personal information be sent through email.
  • If you get alerts about your bank account, do not click on the link in the email, instead go directly to their website from the browser and login from there. 
  • Be skeptical of unsolicited email promising money or a job.  Job scams may include promises and details for a personal assistant, pet sitter, or some other temporary job.  The clue that it is not a valid job is when they tell you they will send you a check for more than you are to be paid, and you will use the extra money to pay for supplies, etc.  The check that is sent to you is a fraudulent check, and the bank will not know it until they try to collect on the check.  If you have spent the money, you will be responsible for paying the money back to the bank.
  • Be on the lookout for communications regarding unemployment insurance forms when you have not applied for unemployment benefits.  Also if you receive emails about any fees involved in filing or qualifying for unemployment insurance.

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Pet Sitting, Tutor, Personal Assistant

Several emails have been reported offering a pet sitting, tutoring or personal assistant job. These emails have subject lines such as Pet Sitting Job or Dog Sitting, Tutor, Opportunity and ask the recipient to contact a different email account, not the sender of the email, with information such as name, phone number, address, or alternative email.

If you receive an email like this one, please do not open the message or try to contact the person – they will attempt to get your bank account information and do check fraud or steal personal information. If an offer seems too good to be true, it likely is. Always check with IT Support or the security team before responding to suspicious emails with subject lines like the ones reported.

We appreciate everyone reporting phish emails. Please remember to use the REPORT PHISH button.

UNK ITS Helpdesk 308-865-8363
UNL ITS Help Center 402-472-3970
UNO ITS Help Desk 402-554-4357

Example-How to spot phishing

Phishing email example

Need additional help?

Contact the Computer Help Center

October is National Cyber Security Awareness Month. Check out the events scheduled at https://its.unl.edu/security/national-cyber-security-month/

  • Start of school and tax season are PRIME TIMEs for phishing scams
  • ITS will never ask you for your login or passwords or other personal information.
  • Do not respond to "phishy" emails
  • Do not open attachments without verifying first
  • If you get caught by a phishing email please change you password immediately by visiting TrueYou.

RECEIVE A SUSPICIOUS EMAIL?

Report a Phish from Outlook desktop client:

 Report Phish Outlook desktop version

Report a Phish from Outlook Mobile, when the email is open on your phone, select the ellipsis of the email, then select REPORT PHISH:

 Report phish Outlook mobile touch elipses        Report Phish Outlook mobile touch report phish


When you use the REPORT PHISH button in Outlook the email will be forwarded to the ITS Security team automatically.

Email flowchart