Re: Phishing emails about "Invoice"

[Frank Barton <bartonf () HUSSON EDU>]

We have seen a similar uptick in this type, along with a decrease in the
number of targeted phishing attacks



On Fri, Dec 4, 2015 at 7:42 AM, Beyette, Jeremy <
jeremy.beyette () rochester edu> wrote:

> We have seen an uptick here with several different attachments and several
> different virus definitions.  Attachments have either been .zip or .doc.
>
> Jeremy Beyette, GSEC, GCWN, NCA
> University IT Security and Policy
> University of Rochester
> http://www.rochester.edu/it/security
>
> On Dec 3, 2015, at 6:30 PM, McCrary, Barbara <bmccrary () OSRHE EDU
> <bmccrary () osrhe edu>> wrote:
>
> Yes!
>
>
>
> Symantec is detecting it as Downloader.Upatre!gen9 and the attachment is
> named bash seedtime.zip.
>
>
>
> *Barbara McCrary*
> Chief Information Security Officer
> *MCSE, MCSE:Security, +Messaging*,* CompTia:Security+*
>
> *bmccrary () osrhe edu* <bmccrary () osrhe edu>
>
>
>
> Protecting data is a shared responsibility!
>
>
>
> INSTALL antivirus and antispyware software.
>
> USE strong passwords.
>
> KNOW who you are dealing with online.
>
> STORE confidential and sensitive data on encrypted devices only.
>
> SHUT DOWN home computers or disconnect from the Internet when not in use.
>
>
>
> Oklahoma State Regents for Higher Education
> 655 Research Parkway
>
> Suite 200
>
> Oklahoma City, OK  73104
> 405 225.9316 office
> 405 234.4321 cell
> 405 234.4588 fax
>
>
>
> Note:  This communication and attachments, if any, are intended solely for
> the use of the addressee hereof.  In addition, this information and
> attachments, if any, may contain information that is confidential,
> privileged and exempt from disclosure under applicable law, including,
> but not limited to, the Privacy Act of 1974.  If you are not the intended
> recipient of this information, you are prohibited from reading, disclosing,
> reproducing, distributing, disseminating, or otherwise using this
> information.  If you have received this message in error, please promptly
> notify the sender and immediately, delete this communication from your
> system.
>
>
>
>
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [
> mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On
> Behalf Of *Pedersen, Krystal
> *Sent:* Thursday, December 03, 2015 5:07 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () listserv educause edu>
> *Subject:* [SECURITY] Phishing emails about "Invoice"
>
>
>
> Hello Everyone – we’ve seen an uptick in phishing emails with ransomeware
> attachments with the word “invoice” in the subject, with other text
> describing the invoice. Has anyone else seen this same uptick? Looks to be
> Tesla 2.2.0.
>
>
>
> Thanks!
>
>
>
> Krystal Pedersen, CISA
>
> Information Technology
>
> Information Security, Risk and Compliance Analyst


-- 
Frank Barton
ACMT
IT Systems Administrator
Husson University