Alerts

Security Alert
May 19, 2014 - 11:00 am

Beware of an email from Blackboard Systems <blackboard-alerts@systems.com> that has been sent to Brown users. Like similar phishing emails, this one attempts to get you to click on the provided link to view the new article that was supposedly "posted to you." Below is an example, with one of the clues highlighted: rolling over the link (but don't click on it) directs you to the site for the Euromed Civil Society.

If you receive one, report it as phishing to the Gmail team (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing") or simply delete it. More about phishing at www.brown.edu/go/phishing and What to do When You Spot a Phish.

Security Alert
May 19, 2014 - 10:59 am

Various reports this morning of phishing emails with the subject lines UPDATE YOUR IRS IMMEDIATELY and View Return Status (IRS.gov). These are bogus and should be reported as phishing (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing") or simply delete it.

From http://www.irs.gov/uac/Report-Phishing: The IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.

More about phishing at www.brown.edu/go/phishing + What to do When You Spot a Phish 

Examples:

---------- Forwarded message ----------
From: Internal Revenue Service < NAME VARIES @brown.edu>
Date: Wed, Apr 30, 2014 at 6:42 AM
Subject: UPDATE YOUR IRS IMMEDIATELY
To:

Update your IRS e-file immediately, To Update -  < Click Here >

USA.gov is the U.S. government's official web portal.

==================================

---------- Forwarded message ----------
From: Taxslayer.com < NAME VARIES @brown.edu>
Date: Wed, Apr 30, 2014 at 4:14 AM
Subject: View Return Status (IRS.gov)
To:

Verify and Update your IRS e-file immediately, To Update -  < Click here to update >

USA.gov is the U.S. government's official web portal.

Security Alert
May 1, 2014 - 11:41 am

Be on the lookout for the latest phish, this one supposedly from "Internal Revenue Services" promising you a view of you tax return status. An example is provided below.

If you received one of these phishing emails and have not already deleted it, report it as phishing to Google (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing").

More about phishing at www.brown.edu/go/phishing + What to do When You Spot a Phish 


Security Alert
Apr 28, 2014 - 10:44 am

A variety of phishing email messages were reported this afternoon, with subject lines like "Account Information!", "View And Verify IRS Status" and "Attention ::: View Return Status (Brown University)".  Do NOT respond to or click on any links in these emails.

If you received one of these phishing emails and have not already deleted it, report it as phishing to Google (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing").  Below are a couple of examples from today's catch. 

More about phishing at www.brown.edu/go/phishing + What to do When You Spot a Phish



From: Brown University <jacques_susset@brown.edu>
Subject: Account Information!
Date: April 21, 2014 at 12:23:23 PM EDT
To: undisclosed-recipients:;

Your Mailbox has exceeded Its storage limit as Set By Your Administrator, and you will not be able to receive new emails until you Re-Validate it.

To  Re-Validate-  < Click Here >
 
Signed By Webmaster.
Maintained by the Technology Department. Copyright 2014

-------------------------------
From: Brown University (IRS) <mackenzie_daly@brown.edu>
Date: Mon, Apr 21, 2014 at 2:43 PM
Subject: View And Verify IRS Status (Brown University)
To:

Internal Revenue Service.

Verify and Update your IRS e-file immediately, To Update -  < Click Here >

USA . gov is the U.S. government's official web portal.
***************************
IRS e-file. Since 1990
This U.S GOVERNMENT SYSTEM IS FOR AUTHORIZED USE ONLY!
Copyright 2014.
***************************

Security Alert
Apr 9, 2014 - 1:24 pm

First reported in December, the Googledoc phishing scam has been spotted again. Today's variation has the subject line "Edward Wing Sent You a Google Doc." Do NOT click on the link. If you have not already deleted it, mark the email as phishing and then delete it. An example follows. 

If you received this (or other phishing emails), report it as phishing to Google (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing"). Doing so forwards the message to the GMail Team for analysis and filtering.

More about phishing at www.brown.edu/go/phishing + What to do When You Spot a Phish

Security Alert
Apr 9, 2014 - 1:24 pm

​Another round of phishing emails tonight from a few different Brown addresses, with some of the the usual hallmarks (grammar and formatting errors with request to view a Google Doc). Do NOT click on the link provided.

If you do receive a phish, report it as phishing to Google (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing"). This will send that message immediately to the GMail Team for analysis and filtering.  An example follows.

More about phishing at www.brown.edu/go/phishing + What to do When You Spot a Phish

---------- Forwarded message ----------
From: Jacobs, Nancy <nancy_jacobs@brown.edu>  OR  "Cook, Harold" <harold_cook@brown.edu>
Date: Wed, Apr 2, 2014 at 5:45 PM
Subject: IMPORTANT NEWSLETTER
To:  < long list of email addresses >

Hi All,

Kindly view this newsletter i uploaded for you using Google Docs secure File uploader.

Click here to open: Newsletter -DA06 and sign in with your email for your secure access, it's a very important news.

Thanks, 


Security Alert
Apr 9, 2014 - 1:23 pm

Be on the lookout for an email  from "Blackboard Articles <articles@www.blackboard.com>", which was reported this weekend (example below). Like similar phishing emails, it attempts to trick you to click on the link (hovering over it displays a very suspicious non-Blackboard URL). Don't fall for it!

If you received this (or other phishing emails), report it as phishing to Google (from within the message, click on the down arrow to the right of the REPLY button and select "Report phishing"). Doing so forwards the message to the GMail Team for analysis and filtering.

More about phishing at www.brown.edu/go/phishing + What to do When You Spot a Phish

Blackboard PhishBlackboard Phish

Security Alert
Apr 7, 2014 - 10:37 am

Several reports this morning of a common phishing email, with the subject line "Your Mailbox has exceeded Its storage limit {Required Action}." Do NOT do so. If you haven't already deleted it, mark it as phishing.

Below is an example of this email. Note that like similar ones, the TO field does not contain your name but is directed to "undisclosed-recipients:;" and the message contains multiple grammar errors. Read more about phishing http://www.brown.edu/go/phishing.

Security Alert
Apr 1, 2014 - 11:13 am

There have been multiple sightings of a variation on the "View a Google Doc" phishing email, this one with the subject line "View project document!" Do NOT do so. Instead, if you haven't already deleted it, mark it as phishing.

Below is an example of this email. Note that like similar ones, the TO field is blank. It unfortunately looks like it can be real because it comes from a Brown address, which has probably been compromised. Read more about phishing http://www.brown.edu/go/phishing.

Security Alert
Mar 31, 2014 - 9:15 am

Symantec has reported a "sophisticated scam" targeting Google Docs and Google Drive users. Like similar ones already reported at Brown, the phishing email urges the receiver to click on a link to view an important Google Doc.

What to look out for: The link doesn't go to Google Docs, but redirects you to a log-in screen that doesn't recognize you as a Google user, asking you to login again. If this seems strange, it is and a big clue that this is fake and to go no further.

Google's response when alerted about this: "We've removed the fake pages and our abuse team is working to prevent this kind of spoofing from happening again. If you think you may have accidentally given out your account information, please reset your password."

Related Links
http://www.symantec.com/connect/blogs/google-docs-users-targeted-sophisticated-phishing-scam
http://gizmodo.com/beware-of-this-dangerously-convincing-google-docs-phish-1546278702/@whitsongordon

Security & Google
Gmail security checklist: https://support.google.com/mail/checklist/2986618?rd=1
Compromised Gmail account: https://support.google.com/mail/answer/50270?hl=en
Using two-factor authentication:  http://www.google.com/landing/2step/