Archives for August 2016

abc123@psu.edu 2 new Blackboard messages from IT Admin

August 23, 2016 by Paul Carlisle Kletchka

From: Pennsylvania State University I Blackboard <xxxxxx@uconn.edu>
Date: Tuesday, August 23, 2016 at 10:37 AM
To: <xxxxxx@psu.edu>
Subject: xxxxxx@psu.edu 2 new Blackboard messages from IT Admin

Dear xxxxxx@psu.edu,

You have 2 new messages from your University Technology Admin

posted to you through the Blackboard Learning System.

www.blackboard.com/blackboard/course/messagecenterxxxxxx@psu.edu36344331 (<– Link leads to a fake Blackboard login page)

Regards,
MY UNIVERSITY.
Admin Management

Phish from August 23, 2016 at 10:37 a.m.

This phishing message gives the impression that Penn State uses Blackboard for its LMS and there are messages waiting there for the recipient. However, Penn State uses Canvas and ANGEL, so that is one clue this is a bogus message. Additionally, the “from” address is a UConn email address, whereas a message about a central Penn State service would come from an official Penn State address. The link that is shown in the message is not the URL one is taken to if it’s clicked – the page it links to is in the ortopedicosfuturo.com domain, and is a fake Blackboard login page. And finally, while the message states that the recipient has 2 new messages, it doesn’t give any clear instructions on what needs to be done with them.

You have 1 document sent to you via Dropbox shared folder

August 5, 2016 by Paul Carlisle Kletchka

From: “Dropbox” <no-reply@dropboxmail.com>
To: “Recipients” <no-reply@dropbox.com>
Sent: Friday, August 5, 2016 3:50:42 PM
Subject: You have 1 document sent to you via Dropbox shared folder

You have 1 document sent to you via Dropbox shared folder

Log in with your Access ID ***@psu.edu to view shared document.

View Folder <– Link leads to a fake Dropbox log-in page hosted in the boxjewelry.ru domain

NOTE: You are accessing a highly secured shared documents.

Enjoy,
– The Dropbox Team

Dropbox keeps your files safe, synced, and easy to share. To view the document, open folder and sign in with your email to continue to Dropbox.
© 2016 Dropbox

Phish from August 5, 2016 at 3:50 p.m.

This phish is an almost identical repeat of a phish with the same subject from last week. The signs that it’s a phish are pretty much the same:

The generic “Recipients” in the To field
The lack of any mention of a specific person’s name in the greeting or information about the sharing properties of the supposed file
Penn State has no official affiliation with Dropbox, so you would never use your Access Account to log in to their service (Penn State uses Box, instead)
The address linked in the message is not a Dropbox URL, it is in the boxjewelry.ru domain and leads to a fake Dropbox login page

Important message

August 2, 2016 by Paul Carlisle Kletchka

This phish provides several clues revealing it as a scam message:

The “From” address is not actually a Penn State address
The “To” address is the same as the “From” address, meaning that recipients were on a Bcc list
The greeting is a generic “Dear User”
The link appears to be a Penn State link when you look at it, but it actually goes to an address in the joshuafitzgerald.com domain, which has nothing to do with Penn State

Phish from August 2, 2016 at 4:22 p.m.

From: “psu.edu” <xxxxxx@ccri.edu>
Date: Tuesday, August 2, 2016 at 4:22 PM
To: Recipients <xxxxxx@ccri.edu>
Subject: Important message

Dear User,

You have received a new message from Pennsylvania State University Admin System sent to you via Blackboard Learning System.

http://www.psu.edu/blackboard//messagecenter%0118157 <– Links to a fake Blackboard login page in the joshuafitzgerald.com domain

Greetings,

Pennsylvania State University