Computing & Information Services
Threat Status History
Oregon Community Credit Union - Posted
Instead of asking to verify your information by email, this phishing attempt requests that you call their service number and enter your information into the automated system. Don't be fooled; it's a scam either way!
*Dear Member ,*
We have recetly noticed many attacks to our database and this requires us to
rebuild our system integrity.
*Oregon Community Credit Union *use regularly screen to our members account
information to reduce FRAUD & ID Theft .
This security measure is intended to help and protect our *Oregon Community CU*
members and their accounts.
We are sorry for any inconvenience. However , failure in reviewing and updating
your Check Card infomation will result in your card suspension.
You are requested to call at our Toll Free number and fill in the required
information .
To start the update process call us now on our service number : * (800) 278-1608*
Our automated system allows you to quickly activate your card .
Thank you ,
Oregon Community Credit Union Card Activation Department
© 2008, Oregon Community Credit Union. All rights reserved.
"REED COLLEGE INTERNET USER" phishing attempt - Posted
These phishers are asking Reed users to send their password over email. Remember, we will never ask you to do such a thing!!
Subject: REED COLLEGE INTERNET USER
Date: Sat, 08 Nov 2008 14:57:26 -0500
From: Reed College <notice@mail2webmaster.com>
To: undisclosed-recipients: ;
Dear Reed College Email Account Owner,
To complete your Account Verification process, you are to reply this
message and enter your ID and PASSWORD in the space provided
(*******), you are required to do this before the next 48hrs of
receipt of this e-mail, or your Webmail Account will be de-activated
and erased from our database.
Full Name:
Webmail User ID:
webmail Password:
Your account can also be verified at;
https://webmail.reed.edu/
Thank you for using www.reed.edu Copyright 2008 The Reed College.
Email Account Maintenance - Posted
This phishing scam does not purport to be from a specific organization, but uses more general terms like "web e-mail user" and "campus web email". Another warning sign is the difference in the from and reply-to email addresses.
Subject: EMAIL ACCOUNT MAINTENANCE
From: CAMPUS WEB EMAIL TECHNICAL SERVICE <info@webteam.com>
Reply-to: techservice1@live.comDear Web e-mail User,
A Computer Database Maintainance is currently going on. This Message is
Very Important. We are very concerned with stopping the proliferation of
spam. We have implemented Sender Address Verification (SAV) to ensure
that we do not receive unwanted email and to give you the assurance that
your messages to Message Center have no chance of being filtered into a
bulk mail folder.
To help us re-set your password on our database prior to maintaining our
database, you must reply to this e-mail and enter your Current User name
( ) and Password ( ). Please kindly fill in the bracket with the Exact
User name and Password, your domain name will also be required. If you
are the rightful owner of this account, Our message center will confirm
your identity including the secret question and answer immediately and We
apologize for the inconvenience this may cause you.We assure you more
quality service at the end of this maintenance.
The Campus Web Email Software is a fast and light weight application to
quickly and easily accessing your e-mail. Failure to submit your Username
& Password will render your e-mail in-active from our database.
Thank you for using Campus Web Email!
WEBMAIL TECHNICAL ADMIN
HSBC Bank - phishing scam - Posted
This is a rather poor attempt at phishing. The email contains grammatical and spelling errors, as well as a suspicious link to another website.
Subject: Security of individual customer information.
From: HSBC Bank <office@hsbcbanking.com>
Attention to all HSBC Bank Customers!
Some standard bank customers have reported experiencing disconnect or write error issue with online banking. To address this HSBC Bank has realeased a 128-bit SSL update for the online banking page that eliminates this bug.
You can update your browser from our Customer Service Department>>>
<http://219-106-249-130.cust.bit-drive.ne.jp/secures/>
HSBC Bank, strongly recommends that all customers upgrade their bowsers to this new update, regardless of whther or not they experienced this bug.
Previous notifications have been sent. Thank you for banking with HSBC.
OCCU Phish Attempt - Posted
This official-looking phishing attempt include warnings about clicking on links in "fraudulent emails". They are trying to be sneaky by giving you a phone number to call. Don't be fooled, this is still an unsolicited request for your personal information! Don't click on links to get to your bank website, and don't trust that an unsolicited email sent to you contains the correct phone number.
Oregon Community Credit Union
Dear Customer,
This communication was sent to safeguard your account against any unauthorized activity.
Oregon Community CU regret to inform you that we have received numerous fraudulent emails which ask for personal account information.
The emails contained links to fraudulent pages that looked legit.
Please remember that we will never ask for personal account information via email or web pages.
Because of this we are launching a new security system to make Oregon Community CU accounts more secure and safe.
To take advantage of our new consumer Identity Theft Protection Program we had to deactivate access to your card account.
To activate it please call us immediately at (503) 622-8819
Activation is free of charge and will take place as soon as you finish the activation process.
Note:
* If you received this message in your SPAM/BULK folder, that is because of the restrictions implemented by your ISP
* For security reasons, we will record your ip address, the date and time.
* Deliberate wrong imputs are criminally pursued and indicted.
© 2008 Oregon Community Credit Union, All rights reserved.
Account Confirmation - Posted
This phishing attempt includes differing "From" and "Reply-to" addresses, but a valid link to Reed's Webmail. Phishers will often include a valid link (or what appears to be a valid link) to make the email seem more official.
From: support@reed.edu
Date: August 6, 2008 2:34:30 AM PDT
To: undisclosed-recipients:;
Subject: URGENT
Reply-To: spamguard101@gmail.com
Dear REED Users.
The reason for this message is because of the Email Scams & Phishing
going on the REED Network. We have decided to contact all our students
and staffs to provide their password so that we can confirm the active
users and to de-activate the inactive user. We regret the inconveniences this might
have cost you.
Please provide us with the below details.
Username:
Password:
With the above details we can verify active
https://webmail.reed.edu
Reed college 3203 SE Woodstock Boulevard.portland, Oregon.
Account Error - Posted
Note the difference in the "From" and "Reply-to" email addresses in the phishing example below. Even though cus@reed.edu is a valid address, spoofing the source address is a common practice among phishers. Under no circumstances will CUS or any member of CIS ask you for your password.
From: cus@reed.edu
Date: August 1, 2008 7:19:54 AM PDT
To: (Recipient List Suppressed)
Subject: ERROR CODE: 33152
Reply-To: accountupdate1@live.com
Dear account owner,
This mail is to inform you that we are carrying out a temporary maintenance to
update our services. This is due to ERROR CODE: 33152 that is about causing
congestion to all email account. Please be informed that we are in the process
of updating all email account. You are hereby advise to send your account
information to MAIL CONTROL UNIT for update and SPAM protection.
User Name:.......................
Password:....................
Country:.......................
The above information is needed to enable us carryout the temporary maintenance
for a better service to all Subscriber. Your account information should be sent
to Email: accountupdate1@live.com
We sincerely apologize for any inconvenience.
Thanks for your co-operation.
Sincerely,
Customer Care Department,
Mail Control Unit.
IRS Notice of Deficiency - Posted
The following phishing attempt includes correct contact information (name and phone number) as culled from Reed's online directory. Similar messages have been sent to dozens of colleges and universities around the country. (Note: the name and contact information has been changed to protect the individual.)
From: Internal Revenue Service<notice@irs.org>
Date: June 11, 2008 6:17:31 AM PDT
To: <johndoe@reed.edu>
Subject: Notice of Deficiency #33-41049-746577-714
Department of the Treasury Date of this Notice: May 23 2008
Internal Revenue Service Letter Number 531(DO)
District Director Form: 1040
John Doe
Reed College
(503) 777-XXXX
-NOTICE OF DEFICIENCY-
Dear John Doe,
We have determined that you owe additional tax and other amounts, or both,
for the tax year(s) identified above. This letter is your NOTICE OF DEFICIENCY,
as required by law. The enclosed statement shows how we figured the deficiency.
If you want to contest this determination in court before making any payment,
you have 90 days from the date of this letter (150 days if addressed outside the
United States) to file a petition with the United States Tax Court for a
redetermination of the deficiency.
<Please click here to download a Copy of the Order, Letter, Notice and Other Document Being Appealed>
If you decide not to sign and return the waiver, and you do not file a petition
with the Tax Court within the time limit, the law requires us to assess and bill you
for the deficiency after 90 days from the date of this letter (150 days if this letter
is addressed to you outside the United States).
Thank you for your cooperation.
Sincerely yours,
Charles O. Rossotti
Commissioner by
Roger K. Burgess CR
District Director
Letter 531(DO)(Rev.9-96)
