Re: Phishing emails about "Invoice"

["McCrary, Barbara" <bmccrary () OSRHE EDU>]

Yes!

Symantec is detecting it as Downloader.Upatre!gen9 and the attachment is named bash seedtime.zip.

Barbara McCrary
Chief Information Security Officer
MCSE, MCSE:Security, +Messaging, CompTia:Security+
bmccrary () osrhe edu<mailto:bmccrary () osrhe edu>

Protecting data is a shared responsibility!

INSTALL antivirus and antispyware software.
USE strong passwords.
KNOW who you are dealing with online.
STORE confidential and sensitive data on encrypted devices only.
SHUT DOWN home computers or disconnect from the Internet when not in use.

Oklahoma State Regents for Higher Education
655 Research Parkway
Suite 200
Oklahoma City, OK  73104
405 225.9316 office
405 234.4321 cell
405 234.4588 fax

Note:  This communication and attachments, if any, are intended solely for the use of the addressee hereof.  In 
addition, this information and attachments, if any, may contain information that is confidential, privileged and exempt 
from disclosure under applicable law, including, but not limited to, the Privacy Act of 1974.  If you are not the 
intended recipient of this information, you are prohibited from reading, disclosing, reproducing, distributing, 
disseminating, or otherwise using this information.  If you have received this message in error, please promptly notify 
the sender and immediately, delete this communication from your system.


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Pedersen, Krystal
Sent: Thursday, December 03, 2015 5:07 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Phishing emails about "Invoice"

Hello Everyone – we’ve seen an uptick in phishing emails with ransomeware attachments with the word “invoice” in the 
subject, with other text describing the invoice. Has anyone else seen this same uptick? Looks to be Tesla 2.2.0.

Thanks!

Krystal Pedersen, CISA
Information Technology
Information Security, Risk and Compliance Analyst