Duke ITSO Alerts

Reports of a new  phishing attack are cycling into the ITSO. The attack is specifically asking for banking account information which mimics attacker activity associated with past direct deposit fraud. If you receive the following message (or one of similar nature), be advised this is not a legitimate communication and should be discarded.

 

 

Clicking the link in that message results in the following cloned shibboleth / single sign-on page:

 

Please notify the OIT Service Desk at 919.684.2200 immediately if you receive this attack, click the link, and supply personal information.

Reports of a new BlackBoard targeted phishing attack have begun filtering into the ITSO. In this attack, the sending party routes an email with an attachment (CourseAdviser.htm).

 

Opening this attachment launches a web browser that shows the html document and presents us with the typical phishing message (see below):

 

The URL in this message redirects to the hosted form used to harvest credentials (see below):

 

This attack is targeting higher ed institutions using BlackBoard. While not Duke specific, we ask that anyone who has received this message, clicked the attachment and the link in the html file, and lastly entered NetID credentials in the phishing page, to please notify the OIT Service Desk immediately by calling 919.684.2200.

The Duke University IT Security Office has received multiple alerts of the below Phishing email, and others very similar to it in the last week, that is being circulated throughout the Duke community. If you received the email, clicked the link and submitted your NetID and Password then we recommend you contact the OIT Service Desk immediately for assistance with resetting your NetID password, they can be reached at 919.684.2200.
 

Below is a copy of the email that is being sent to Duke users. Note that if you hover over "Click" it will reveal the actual location of the page, it is not on the duke.edu domain.
 


 

Below is a screen shot of the site that the link in the email redirects the user to, again note that the url in the address bar shows that this site is not on the duke.edu domain.
 

The Duke University IT Security Offices have received multiple alerts of the below Phishing email that is being circulated throughout the Duke community. If you received the email, clicked the link and submitted your NetID and Password then we recommend you contact the OIT Service Desk immediately for assistance with resetting your NetID password, they can be reached at 919.684.2200.
 

Below is a copy of the email that is being sent to Duke users.
 

Below is a screen shot of the Phishing page. Note the url is on the .com.pl domain and not the duke.edu domain as it would be for a legitimate Duke service.
 

If you have any questions or concerns contact us at security@duke.edu.

Multiple reports have been filing in this morning concerning a new phishing attack. A screen capture of the message is posted below:

 

 

The destination URL appears to be a hosted Google Docs file. We are working to see if the form can be taken down by Google.

 

If you've received this message, clicked the link, and logged in with credentials please notify the OIT Service Desk immediately at 919.684.2200

The Duke University IT Security Offices have recevied multiple notifications of new Phishing messages circulating through the Duke community. We ask that if you received any of these messages, clicked the link and submitted you credentials, that you contact the OIT Service Desk for assistance with resetting your password. The OIT Service Desk can be reached at 919.684.2200

 

Below is a copy of the email:

The link in the email redirects to the below site. Note that this is not hosted on the duke.edu domain.

A report of the following phishing attack (Subject: MyDuke update") has been received by the ITSO:

 

 

As indicated in the screenshot above, hovering over the URL indicates a non-Duke hosted domain as the target destination. Clicking the link takes one to the following page:

 

 

We ask that anyone who has received the message, clicked the link, and supplied credentials the the fraudulant Outlook Web App page to please contact the OIT Service Desk immediately at 919.684.2200

The Duke University IT Security Offices have recevied multiple notifications of new Phishing messages circulating through the Duke community. We ask that if you received any of these messages, clicked the link and submitted you credentials, that you contact the OIT Service Desk for assistance with resetting your password. The OIT Service Desk can be reached at 919.684.2200.
 

These are copies of the variations of these emails.


 

Note the website URL, these forms are not hosted on the duke.edu domain.


 

The Duke IT Security Offices have received multiple notifications of a suspicious email that is has been sent to all Faculty and Staff in regards to Sexual Harassment training. While these emails are generic in content and presentation, they are legitimate and we ask that you click the link and take the required training. For further information about the emails and training please see the following DukeToday article http://today.duke.edu/2015/04/harassment

The following are screen shots of the emails that have been sent out:

For staff in non-supervisory roles:

For Supervisors:

 

It's time for an update!
 

Adobe has release their newest update to Adobe Reader, Adobe Acrobat Reader DC. In this update Adobe offers a free upgrade to their cloud solution which allows users to store their PDFs on Adobe’s cloud and access their PDFs on any device.

 

But should you use it?
 

Many of our business documents contain sensitive electronic information that should not be sent to cloud providers. Duke staff should be particularly careful with systems offering device syncing to make sure cloud sharing is allowed. Staff should familiarize themselves with the Duke Data Classification Standard (http://security.duke.edu/protect-your-information/data-classification-duke) and only sync documents classified Public.
 

More information about the new features included can be found on Adobe's site - https://acrobat.adobe.com/us/en/pricing/pricing-compare-plans.html
 

Contact the Duke IT Security Office @ security@duke.edu with any questions or concerns that you may have.

_____________________________________________________________________________________________________________________________________________________________________________________________________________

Pages