Computing & Information Services
Threat Status History
"Your Account Update" - Posted
This phishing attempt appears to be sent from "helpdesk@reed.edu" though the From address references a yahoo.com address. Please keep in mind the following: *CIS will never ask you for for your password. *Every request to reveal your Reed password is 100% fraudulent. *Never reveal your Reed password to anyone.
Subject: Your Account Update
Date: Thu, 11 Mar 2010 02:40:08 -0800 (PST)
To: helpdesk@reed.edu
From: "helpdesk@reed.edu" <chucklehman@yahoo.com>
Dear reed Customer
this is to alert you of the recent changes/upgrading that will be going on shortly in your email account.We want you to provide us with your email (ID) and email (Password) so we can enter your data into our data base operating system for upgrading and to avoid your account been close.you are to reply within the next 24hrs of receiving this mail.Copyright © 2010 Customer Service.
"Scheduled Service Maintenace" - Posted
This phishing scam is targeting Reed lists and appears to be sent from a legitimate-looking Help Desk email address. Remember CIS will NEVER ask for your password.
Subject: Scheduled Service Maintenance
Date: Mon, 8 Mar 2010 19:35:09 +0100
From: "CIS Help Desk"<helpdesk@reed.edu>
CIS Help Desk
Attn Reed Webmail Users,
Scheduled Service Maintenance
Your Reed Webmail account service is in the process of being upgraded to a new set of servers. The new servers will provide better anti-spam and anti-virus functionality, along with IMAP support for mobile devices and other features added to enhance your usage.
To confirm and keep your Reed Webmail account active during and after our upgrade, kindly reply confirming your Reed Webmail account login details by stating:
* Username:
* Password:
Failure to acknowledge receipt of this notification, might result to a permanent deactivation of your Reed Webmail account from OIT database for up coming users.
Your Reed Webmail account shall remain active after you have successfully confirmed your Reed Webmail account details.
CIS apologize for any inconvenience caused.
CIS Help Desk
© 2010 Reed College, All Rights Reserved.
"Dear reed.edu User" - Posted
Don't fall for the latest phishing email that is targeting the Reed community. Never reveal your password to anyone!
Subject: Dear reed.edu User
From: Webmail Center Administrator <markusbreuning@hispeed.ch>
Reply-To: accountaccess00@mail2world.comDear reed.edu User,
We would like to inform you that we are currently carrying out Scheduled maintenance and upgrade of our reed.edu webmail service and as a result of this our reed.edu client has been changed and your original password will reset. We are sorry for any inconvenience caused.
To maintain your reed.edu account, you must reply to this mail immediately and enter your current Password here (******). Failure to do this within 48hours will immediately render your reed.edu account deactivated from our database.
Thank you for using the reed.edu account!
"REED.EDU ACCOUNT SUPPORT TEAM".
© REED.EDU ACCOUNT ABN 31 088 377 860 All Rights Reserved.
E-Mail Account Maintenance
"Reed Report" - Posted
This phishing attempt has cleverly been sent at the beginning of the semester to target new and returning students. Every request to reveal your Reed password is 100% fraudulent. Never reveal your Reed password to anyone!
Subject: Reed Report
Your email account has been reported for numerous spam activities from a foreign ip recently. As a result, reed.edu has received advice to suspend your account. However, you might not be the one promoting this Spam, as your email account might have been compromised. To protect your account from sending spam mails, you are to confirm your true ownership of this account by providing your username/NetID (*******) and PASSWORD (*******) as a reply to this message. On receipt of the requested information, the reed.edu email support shall block your account from Spam.
From: helpdesk@reed.edu <useridhelp@gmail.com>
Failure to do this will violate the reed.edu email terms & conditions. This will render your account inactive.
NOTE: You will be send a password reset message in next seven (7) working days after undergoing this process for security reasons.
Reed College Webmail Access (Powered By ymail).
© 2009 Reed College
"Email Security Message" - Posted
A screenshot of a phishing scam targeting the Reed community is posted below. This one is more official-looking than some others. Though the link in the email appears to be valid, it actually redirects you to a different site. The spoofed site has been crafted to look almost identical to Reed's legitimate Webmail login page. Don't fall for this one!
The login page that loads if you click on the link in the message:
"Reed College Webmail User" phishing attack - Posted
Variations of the following phishing email are targeting the Reed community. Please remember that we will never ask for your password. Some of the tip-offs include: 1) grammatical errors; 2) differing "From" and "Reply-To" email addresses (none of which are Reed email addresses); 3) bogus URL at the bottom of the message.
Subject: Dear Reed College Webmail User,
From: Webmail Update Centre <bolliger.gravuren@swissonline.ch>
Reply-To: webaccount-subscribe-webmaster@w.cnDear Reed College Webmail User,
This is to inform you that your www.reed.edu webmail account has been
infected by virus and you need to act fast before your e-mail box get
distroy/damage by the virus.
Help yourself by verifying the account informations below to enable us
know that you are the right owner of the webmail account. You have just
24hours to get back to us.
Webmail Account Verification:
1. Full Names:.......
2. Email:............
3. Password:.........
Thank you for using
https://webmail.reed.edu/imp/login.php<http://www.neumann.edu/>
Copyright ©2009 Mail :: Welcome to Webmail
Verify Your reed.edu Email Account Now! - Posted
Don't take the bait on this one! It's filled with grammatical and punctuation errors. Remember, Reed will never ask for your password!
This is a Update Message From Reed.edu Networks and Security .
*********************************************************
Dear reed.edu Webmail Account User,
We are undertaking some essential, but extensive, maintenance to improve
your "reed.edu" Mail Service. The maintenance is part of our efforts to
solve the problem encountered with our Database and the Internet Service
Manager in which a lot of records were lost, We are contacting you to
inform you that our Account Review Team identified some unusual activity
in your "reed.edu" Account.
Therefore,we are currently upgrading our database and "reed.edu" e-mail
center.Reed.edu is constantly working to ensure security by regularly
screening the accounts in our system. We recently reviewed your account,
and we need more information to help us provide you with secure service.
Until we can collect this information, your access to sensitive account
features will be limited.
WHY IS MY ACCOUNT ACCESS LIMITED?
Your account access has been limited for the following reason(s):
20 Jan. 2009: We determined someone tried to access your "reed.edu"
account without your permission. For your protection, we have limited your
account access. To lift this limitation, you have to immediately send to
us your current "reed.edu"" webmail User name(...........) and Password
(...........) to our maintenance unit via email.
You are to follow the steps below to enable you restore full access of
your account.Failure to provide the requested information below will lead
to permanent closure of your account.
After you have sent to us your correct account details.A confirmation link
will be send to you for the Re-Activation of your e-mail Account, as soon
you receive our response and you are to Click on the "Confirm E-mail" link
on your mail Account box and then enter this confirmation code:
1265-6778-8250-83
Complaints has been received from our email account users for unauthorized
use of their "reed.edu" Email. As a result we have improvised a new
security measure by resetting your Webmail Account to curb the activities
of hackers in order to protect your email information from theft and
fraud.
Provide all these information completely and correctly otherwise due to
security reasons we may have to close your webmail account permanently.
Users have often told us that the more they use our email Service, the
more they discover its benefits. So go ahead and give us the details for
proper maintenance of your webmail account,we assure you that your details
will not be shared.
Please understand that this is a security measure intended to help protect
your "reed.edu" Webmail Account.We apologize for any inconvenience.
Thanks For Your Co-operation.
Reed.edu Maintenance Team
Copyright ©2009 Reed.edu, Inc.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Oregon Community Credit Union - Posted
Instead of asking to verify your information by email, this phishing attempt requests that you call their service number and enter your information into the automated system. Don't be fooled; it's a scam either way!
*Dear Member ,*
We have recetly noticed many attacks to our database and this requires us to
rebuild our system integrity.
*Oregon Community Credit Union *use regularly screen to our members account
information to reduce FRAUD & ID Theft .
This security measure is intended to help and protect our *Oregon Community CU*
members and their accounts.
We are sorry for any inconvenience. However , failure in reviewing and updating
your Check Card infomation will result in your card suspension.
You are requested to call at our Toll Free number and fill in the required
information .
To start the update process call us now on our service number : * (800) 278-1608*
Our automated system allows you to quickly activate your card .
Thank you ,
Oregon Community Credit Union Card Activation Department
© 2008, Oregon Community Credit Union. All rights reserved.
"REED COLLEGE INTERNET USER" phishing attempt - Posted
These phishers are asking Reed users to send their password over email. Remember, we will never ask you to do such a thing!!
Subject: REED COLLEGE INTERNET USER
Date: Sat, 08 Nov 2008 14:57:26 -0500
From: Reed College <notice@mail2webmaster.com>
To: undisclosed-recipients: ;
Dear Reed College Email Account Owner,
To complete your Account Verification process, you are to reply this
message and enter your ID and PASSWORD in the space provided
(*******), you are required to do this before the next 48hrs of
receipt of this e-mail, or your Webmail Account will be de-activated
and erased from our database.
Full Name:
Webmail User ID:
webmail Password:
Your account can also be verified at;
https://webmail.reed.edu/
Thank you for using www.reed.edu Copyright 2008 The Reed College.
Email Account Maintenance - Posted
This phishing scam does not purport to be from a specific organization, but uses more general terms like "web e-mail user" and "campus web email". Another warning sign is the difference in the from and reply-to email addresses.
Subject: EMAIL ACCOUNT MAINTENANCE
From: CAMPUS WEB EMAIL TECHNICAL SERVICE <info@webteam.com>
Reply-to: techservice1@live.comDear Web e-mail User,
A Computer Database Maintainance is currently going on. This Message is
Very Important. We are very concerned with stopping the proliferation of
spam. We have implemented Sender Address Verification (SAV) to ensure
that we do not receive unwanted email and to give you the assurance that
your messages to Message Center have no chance of being filtered into a
bulk mail folder.
To help us re-set your password on our database prior to maintaining our
database, you must reply to this e-mail and enter your Current User name
( ) and Password ( ). Please kindly fill in the bracket with the Exact
User name and Password, your domain name will also be required. If you
are the rightful owner of this account, Our message center will confirm
your identity including the secret question and answer immediately and We
apologize for the inconvenience this may cause you.We assure you more
quality service at the end of this maintenance.
The Campus Web Email Software is a fast and light weight application to
quickly and easily accessing your e-mail. Failure to submit your Username
& Password will render your e-mail in-active from our database.
Thank you for using Campus Web Email!
WEBMAIL TECHNICAL ADMIN
HSBC Bank - phishing scam - Posted
This is a rather poor attempt at phishing. The email contains grammatical and spelling errors, as well as a suspicious link to another website.
Subject: Security of individual customer information.
From: HSBC Bank <office@hsbcbanking.com>
Attention to all HSBC Bank Customers!
Some standard bank customers have reported experiencing disconnect or write error issue with online banking. To address this HSBC Bank has realeased a 128-bit SSL update for the online banking page that eliminates this bug.
You can update your browser from our Customer Service Department>>>
<http://219-106-249-130.cust.bit-drive.ne.jp/secures/>
HSBC Bank, strongly recommends that all customers upgrade their bowsers to this new update, regardless of whther or not they experienced this bug.
Previous notifications have been sent. Thank you for banking with HSBC.
OCCU Phish Attempt - Posted
This official-looking phishing attempt include warnings about clicking on links in "fraudulent emails". They are trying to be sneaky by giving you a phone number to call. Don't be fooled, this is still an unsolicited request for your personal information! Don't click on links to get to your bank website, and don't trust that an unsolicited email sent to you contains the correct phone number.
Oregon Community Credit Union
Dear Customer,
This communication was sent to safeguard your account against any unauthorized activity.
Oregon Community CU regret to inform you that we have received numerous fraudulent emails which ask for personal account information.
The emails contained links to fraudulent pages that looked legit.
Please remember that we will never ask for personal account information via email or web pages.
Because of this we are launching a new security system to make Oregon Community CU accounts more secure and safe.
To take advantage of our new consumer Identity Theft Protection Program we had to deactivate access to your card account.
To activate it please call us immediately at (503) 622-8819
Activation is free of charge and will take place as soon as you finish the activation process.
Note:
* If you received this message in your SPAM/BULK folder, that is because of the restrictions implemented by your ISP
* For security reasons, we will record your ip address, the date and time.
* Deliberate wrong imputs are criminally pursued and indicted.
© 2008 Oregon Community Credit Union, All rights reserved.
Account Confirmation - Posted
This phishing attempt includes differing "From" and "Reply-to" addresses, but a valid link to Reed's Webmail. Phishers will often include a valid link (or what appears to be a valid link) to make the email seem more official.
From: support@reed.edu
Date: August 6, 2008 2:34:30 AM PDT
To: undisclosed-recipients:;
Subject: URGENT
Reply-To: spamguard101@gmail.com
Dear REED Users.
The reason for this message is because of the Email Scams & Phishing
going on the REED Network. We have decided to contact all our students
and staffs to provide their password so that we can confirm the active
users and to de-activate the inactive user. We regret the inconveniences this might
have cost you.
Please provide us with the below details.
Username:
Password:
With the above details we can verify active
https://webmail.reed.edu
Reed college 3203 SE Woodstock Boulevard.portland, Oregon.
Account Error - Posted
Note the difference in the "From" and "Reply-to" email addresses in the phishing example below. Even though cus@reed.edu is a valid address, spoofing the source address is a common practice among phishers. Under no circumstances will CUS or any member of CIS ask you for your password.
From: cus@reed.edu
Date: August 1, 2008 7:19:54 AM PDT
To: (Recipient List Suppressed)
Subject: ERROR CODE: 33152
Reply-To: accountupdate1@live.com
Dear account owner,
This mail is to inform you that we are carrying out a temporary maintenance to
update our services. This is due to ERROR CODE: 33152 that is about causing
congestion to all email account. Please be informed that we are in the process
of updating all email account. You are hereby advise to send your account
information to MAIL CONTROL UNIT for update and SPAM protection.
User Name:.......................
Password:....................
Country:.......................
The above information is needed to enable us carryout the temporary maintenance
for a better service to all Subscriber. Your account information should be sent
to Email: accountupdate1@live.com
We sincerely apologize for any inconvenience.
Thanks for your co-operation.
Sincerely,
Customer Care Department,
Mail Control Unit.
IRS Notice of Deficiency - Posted
The following phishing attempt includes correct contact information (name and phone number) as culled from Reed's online directory. Similar messages have been sent to dozens of colleges and universities around the country. (Note: the name and contact information has been changed to protect the individual.)
From: Internal Revenue Service<notice@irs.org>
Date: June 11, 2008 6:17:31 AM PDT
To: <johndoe@reed.edu>
Subject: Notice of Deficiency #33-41049-746577-714
Department of the Treasury Date of this Notice: May 23 2008
Internal Revenue Service Letter Number 531(DO)
District Director Form: 1040
John Doe
Reed College
(503) 777-XXXX
-NOTICE OF DEFICIENCY-
Dear John Doe,
We have determined that you owe additional tax and other amounts, or both,
for the tax year(s) identified above. This letter is your NOTICE OF DEFICIENCY,
as required by law. The enclosed statement shows how we figured the deficiency.
If you want to contest this determination in court before making any payment,
you have 90 days from the date of this letter (150 days if addressed outside the
United States) to file a petition with the United States Tax Court for a
redetermination of the deficiency.
<Please click here to download a Copy of the Order, Letter, Notice and Other Document Being Appealed>
If you decide not to sign and return the waiver, and you do not file a petition
with the Tax Court within the time limit, the law requires us to assess and bill you
for the deficiency after 90 days from the date of this letter (150 days if this letter
is addressed to you outside the United States).
Thank you for your cooperation.
Sincerely yours,
Charles O. Rossotti
Commissioner by
Roger K. Burgess CR
District Director
Letter 531(DO)(Rev.9-96)
