Internet Storm Center Infocon Status

Search ISU Security

RSSSubscribe to the RSS Feed
ISU Information Security

Jury Duty Phone Scam

Friday, April 1, 2016 15:14

Warn_GlobeA variation of the bogus computer support phone scam, the fake jury duty scam tries to pressure a victim into paying a fine or fee over the phone.

Scammers posing as federal marshals or court representatives call a target victim, claiming the victim failed to show up for jury duty. With a high pressure pitch, using tactics such as threats of arrest by federal marshals, the scammers attempt to con the victim into paying a “fine” via credit card or wire transfer. The scammers are relying on the average person’s lack of certainty with the law combined with the threat of legal actions to pressure the user into caving in and paying a bogus “fine”.

In truth, a court would not threaten an individual or make demands for immediate payments over the phone for failure to appear for jury duty.

Sophos Labs ( an IT security research company) has some common advice for any phone scam.

  1. Hang up. Now. You’re better able to make a calm, collected assessment of the call when you’ve put some distance between you and the caller.
  2. Find an official way to call back. Don’t rely on anything you’re told by the caller (even if you aren’t suspicious), especially if that’s a phone number or a web address that they gave you.
  3. Be aware of federal court policy on the failure to appear for jury service, of which the US Court says this: “Typically, jurors who miss jury duty will be contacted by the court Clerk’s Office and may, in certain circumstances, be ordered to appear in court before a judge. A judge will impose any fine for failure to appear for jury duty during an open session of court [our emphasis], and the summoned juror will be given the opportunity to explain the failure to appear before any fine would (or is) be imposed.”
  4. Hang up and contact your local court clerk’s office or US Marshals Service office to check for any potential charges.

Related Links

Sophos Lab Article on Jury Duty Phone Scams

FBI’s page on Jury Duty Scams

Bannock County Clerk’s Jury Duty Page

Malware email attack targeting FedEx customers

Wednesday, March 23, 2016 14:56

Warn_NetworkSecurity researchers report that scammers are targeting FedEx customers through email in order to infect victim machines with malware.

In an email, crafted to appear “official”, the scammers inform the victim that FedEx has attempted to deliver a package and that the package will be returned unless the victim claims it at the local FedEx office. In order to claim the package, the victim will have to download and print out an attached form.

The malware is in the attached document and is loaded onto the victims computer once it is opened. Researchers have not identified the specific malware, though it does not appear to be ransome-ware.

FedEx has explicitly stated, “FedEx does not send unsolicited emails to customers requesting information regarding packages, invoices, account numbers, passwords or personal information.”

Users are reminded to be wary of any unsolicited email. Check the sender’s email address, never click links in an email or download attachments from unsolicited sources. Never reply to unsolicited emails. If in doubt, contact the company through verified, publicly available means, never through contact info given in a suspect email.

Related Links

Security posting about the scam

FedEx’s response to the scam

More news on the scam

Phishing Scam Targeting ISU

Tuesday, February 9, 2016 14:51

Warn_ComputerPhishing scams are a continual threat to be aware of. Currently, an email scam is targeting ISU users attempting to coerce users into giving up their personal data. The attempted scam, while older, can still mislead the unwary to giving up their ISU credentials.

The email, from “ISU Admin-Desk”, announces that ISU is upgrading webmail security and invited the user to update their account via a link in the email. It also contains a warning that failing to do so will render the user’s account inactive.

Clicking the link in the email will take the user to a site that looks similar to ISU webpages in color palette and contains images/logos from ISU resources. From there the victim is invited to enter their user details. All of this is a scam, intended to fleece the unwary of their ISU computer account credentials.

ISU IT services has never asked users for their account information in order to upgrade our web and email services.

Related Links

Phishing – Avoid the net.

LastPass Password Management Service possibly vulnerable to web attack

Thursday, January 21, 2016 15:19

Warn_GlobeA security researcher has found password management service LastPass is vulnerable to a certain web attack. The attack uses compromised websites and phishing style trickery to fool a LastPass user into giving up their login information.

    The attack

  1. The attack has your browser send a request to log out LastPass, then sends a notice to your browser that LastPass was logged out using a fake browser-banner.
  2. Clicking on the banner notice takes the victim to a fake login for the LastPass plugin. Where, if the user fills in the login, the attacker can harvest the user’s Lastpass login info.
  3. If a user has two-factor authentication enabled for their LastPass account, the attacker’s script will re=direct the user to a two-factor prompt and continue the attack from there.
  4. Once the attacker has the user’s credentials, they can log in to the LastPass account as the user and access the victim’s data.
    How can a user defend against possible compromise.

  • When visiting a webpage, if you are informed that LastPass has logged you out, via a browser banner, do NOT click the banner link. Instead, close the webpage, then open the Lastpass browser extension directly or visit the LastPass webpage to log back in to LastPass.
  • If, when visiting the same page, you get a browser-banner notification that you’ve been logged out again, the webpage (not necessarily your LastPass account) may have been compromised.


The security researcher responsible for this information points to this as a failure in how LastPass handles login and logout. It should be noted that LastPass has implemented an email verification step to their login/logout process to mitigate against this attack.

It should also be noted that the attack appears to be most effective using Google Chrome, as the extension’s windows, banners, and URL can be mocked up pretty effectively using very simple tools. This does not mean the attack cannot successfully be pulled off in Firefox or Safari

Related Links

The original paper on the attack.

LastPass’ FAQ page on the attack

IRS Scam Now Includes Ransomeware

Monday, January 4, 2016 17:29

Warn_NetworkScammers have long posed as government officials, attempting to scam unwary victims into giving away personal info and bilk them out of money. In the last few years ransomeware, malware that infects the victim’s machine and encrypts the victim’s data, threatening to destroy the data if the victim doesn’t pay up, has become a serious threat. Now the two scams are being combined in a malicious form.

Scammers are sending out fake emails claiming to be frm the IRS. Security firm Heimdal Security reports on the common format the emails take:

From: [spoofed / fake return address]

Subject Line: Payment for tax refund # 00 [6 random numbers]

Attached: -> Tax_Refund_00654767.doc.js

Within the email is a malicious attachment that when opened runs a script that download the malware to infect the victim’s machine with the ransomeware.

Users should always be wary when opening emails purporting to be from an official source and never open attachments or links within any email from an unknown or questionable source. If a user has questions about a purported official source, call the local offices of the department in question to ask directly about the validity of any email contact. (All US government departments have contact information on their websites and many will not contact a person through unsolicited emails. Use the contact info on the government website, not any given in the email.)

More Information

News article with further details about this particular attack

IRS Official webpage

Four tips toward a safer holiday

Friday, December 4, 2015 15:29

Santa_GlobeThe holidays are upon us. And while the hustle and bustle of the season may keep us busy, it’s a great time of year to check and double check your personal info security.

    Here are four security tips to help secure your holiday peace of mind:

  1. Enable multi-factor authentication on online accounts

    Many online services, email, social sites, or online gaming sites, have multi-factor authentication services available. Multi-factor authentication consists of some combination of 1) Something you know (a password), 2) Something you have (a key), and 3) something you are (like a fingerprint). So, when logging into a site you may be presented with a password prompt (factor 1) and then sent a numerical key as a text to your phone (factor 2), which will confirm you are the person requesting the login.

    Multi-factor authentication can assist in preventing scammers from hijacking your online accounts.

  2. Enable pin/password protection on your mobile devices.

    With all of the holiday rushing about, it’s easy to lose track of smaller things, like a cell phone. If your phone is lost or stolen, a pin or password can provide some degree of protection from having personal information stolen. Check with the manufacturers documentation for instructions on enabling pin/passwords.

  3. Never reuse passwords.

    Keep the tokens you use to authenticate to services seperate and nonrelated. When setting up passwords and the recovery methods be aware of the security questions you choose and avoid those that could have easily verifiable information (ie “What is your mother’s maiden name”). If you’re worried about having to remember a large roster of passwords, there are several password-keeper type applications available. Just be sure the applicatin you use encrypts the data when not in use.

  4. Back up your valuble data.

    Protect your data from being lost, so even when disaster strikes, you know you can eventually recoverthat important information. Large external harddrives are getting cheaper every year, and the investment is well worth it. Applications for running consistant timely backups are readily available through an internet search. If you decide to back up online, be sure the service offers encryption as a feature, so the data is protected even if the service is compromised.

We will continue our holiday tips next time with advice on protecting yourself against scams and the grinches that would try to ruin your holiday.

Scam Notice

Tuesday, October 20, 2015 15:43

Warn_GlobePocatello Police report that ISU students are being targeted by scammers claiming to befrom the Federal Bureau of Investigation (FBI).

The scammers are calling students and telling them that there is an “issue” with their taxes or financial aid. The student is directed to report to Western Union to make payment to resolve the false issue or their financial aid will be cancelled. According to the police department the scammers are using the ISU directory to gain basic information about the student such as major, email and phone number.

If students want to unlist their phone number from the ISU Directory, they can go to BengalWeb, choose “Academic Tools,” and then under “Student Records” they can hit the link for “update address and phone number.” At this last link, they can click on the “primary phone” link and then can check the box “unlisted.” To get a full Family Educational Rights and Privacy Act (FERPA) block and have all student information blocked from the ISU Directory students can contact the Registrar.

If a student thinks they have been targeted in a scam they can contact ISU Public Safety at 282-2515.

Related Links

Bengalweb Login

ISU students were targeted in a similar scam last spring

Mac OS X, El Capitan now available

Wednesday, September 30, 2015 14:43

apple-logoApple has released the latest upgrade to its operating system for the Mac. Dubbed El Capitan, this latest version integrates some new fetures aimed at making the system more secure and safe for the average user. Mac users can find the new OS in the App Store.

As with any major system update, users are advised to research the update to ensure applications they use are compatible with Apple’s latest offering. In particular, some application developers have reported delayed and, in a few cases, possibly no updates to some products due to some of the security features within the new OS making updating the functionality of the product prohibitive.

Related Links

The Mac OS X page

Welcome Back ISU! Are you up-to-date?

Monday, August 24, 2015 16:12

Anonymous_NetworkThe campus is coming to life. Students are once again wandering the halls and sidewalks of ISU, and faculty and staff are returning from their summer breaks. With the break of summer many systems and machines on campus are being powered back on for the first time since the end of Spring semester. While these systems were powered down the world kept moving forward. Flaws in software were discovered and patched, new exploits were uncovered by persons with both good and bad intent, and in general updates to software were introduced over the summer. Have you checked to make sure your software is up-to-date?

The major operating systems, Windows, MacOS, and Linux have all released updates over the last few months involving updates to the security of the systems. Major flaws were patched in the protocols and platforms the systems used to connect and communicate with the local network and the internet. While, in general, these systems will update automatically when they’re turned on, err on the side of caution and double check that your system’s “Auto-update” features are enabled.

Many third-party applications also have updated over the summer and have sat dormant while shutdown for the summer. While some, like the major internet browsers, have auto-checking for updates enabled by default and will update as soon as it is turned on, some software needs to be prompted to look for updates. And some updates may require the user to actively look up and download updates for the software.

Below are some links on how to automate your system’s updates.

Related Links

Steps to get Windows 7 and 8 security updates automatically

Automatic updates for Mac OS X

Possible Phone Scam

Monday, August 3, 2015 15:42

Warn_GlobeAn old telephone scam appears to be resurfacing that we would like you to be aware of.

You receive a series of hang-up calls with no CallerID information.
You then receive a call with CallerID information.
You call the number back and it rings a long time and then you get a voicemail greeting and/or music.

What just happened?
You were tricked into calling back a number that is set up to charge-back to the originating number (you or ISU) a flat fee + a per minute additional fee.
The cost of the fees can be staggering and since you have no control over foreign governments or utilities, you/ISU will not have a recourse other than to pay whatever you/ISU were charged.

How to avoid many of the most common telephone scams:

– Never call back a hang-up-call from a number when you do not know who called you.
– Never return a call when you have received a voicemail message when you do not have a relationship with the caller.
– Never return a call when you receive a voicemail message stating you have won something.
– Never give out personal or sensitive information to anyone when you do not know who they are.
– If someone calls you and says they are your bank, credit union, utility, etc. and they say they represent a company you normally have dealings with and they ask you for personal
or sensitive information, (username, passwords, security phrases, security questions, etc) to verify they are talking to the right person, hang up. They would not ask those questions.
– If someone calls and leaves a voicemail message and says they are from your bank, etc. do not call back the number they leave if it is not the published customer service number of your bank, etc.