[2181] in Security FYI
[IS&T Security-FYI] SFYI Newsletter: The Fake Security Update
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Wed Jan 27 10:36:02 2010
Message-Id: <C8F14BBA-D264-4A81-AFE7-F837248913B1@mit.edu>
From: Monique Yeaton <myeaton@mit.edu>
To: ist-security-fyi@mit.edu
Mime-Version: 1.0 (Apple Message framework v936)
Date: Wed, 27 Jan 2010 10:34:41 -0500
Cc: itss@mit.edu
Content-Type: multipart/mixed; boundary="===============0289151822=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============0289151822==
Content-Type: multipart/signed; boundary=Apple-Mail-44-683956274; micalg=sha1;
protocol="application/pkcs7-signature"
--Apple-Mail-44-683956274
Content-Type: multipart/alternative;
boundary=Apple-Mail-43-683956218
--Apple-Mail-43-683956218
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
This morning many computer users at MIT noticed an email in their
inboxes with the following subject line:
MADATORY SECURITY UPDATE - JANUARY 2010 [spelling error intact]
The message goes on to request you to login in to your email account
to ensure your account information is up to date, due to an upgrade to
an "advanced server" to prevent spam from reaching your inbox. A link
is provided, with a URL that has mit.edu included in it.
THIS MESSAGE IS NOT FROM MIT!
Many of our users are aware that such messages are fraudulent and will
ignore them. But it is important to spread the word to those who may
fall for such messages. If the link is clicked, your username and
password to your email could be compromised. Within minutes, the
hackers can log in to your email and use it to send out the spam they
claim in their message they are trying to prevent.
This is just another phishing attempt. To educate our users on
phishing, you can point them to the IS&T knowledge base:
http://kb.mit.edu/
Enter "phishing" in the search bar or go to this link: http://kb.mit.edu/confluence/x/SBhB
which explains what is a phishing email.
Thank you!
Monique
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS OR PRIVATE INFORMATION!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you
for this information.
--Apple-Mail-43-683956218
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div><br></div><div>This =
morning many computer users at MIT noticed an email in their inboxes =
with the following subject line:</div><div><br></div><div><span =
class=3D"Apple-style-span" style=3D"font-family: Helvetica; font-weight: =
bold; ">MADATORY SECURITY UPDATE - JANUARY 2010 [spelling error =
intact]</span></div><div><font class=3D"Apple-style-span" =
face=3D"Helvetica"><b><br></b></font></div><div>The message goes on to =
request you to login in to your email account to ensure your account =
information is up to date, due to an upgrade to an "advanced server" to =
prevent spam from reaching your inbox. A link is provided, with a URL =
that has mit.edu included in it.</div><div><br></div><div>THIS MESSAGE =
IS NOT FROM MIT!</div><div><br></div><div>Many of our users are aware =
that such messages are fraudulent and will ignore them. But it is =
important to spread the word to those who may fall for such messages. If =
the link is clicked, your username and password to your email could be =
compromised. Within minutes, the hackers can log in to your email and =
use it to send out the spam they claim in their message they are trying =
to prevent.</div><div><br></div><div>This is just another phishing =
attempt. To educate our users on phishing, you can point them to =
the IS&T knowledge base:</div><div><a =
href=3D"http://kb.mit.edu/">http://kb.mit.edu/</a></div><div><br></div><di=
v>Enter "phishing" in the search bar or go to this =
link: <a =
href=3D"http://kb.mit.edu/confluence/x/SBhB">http://kb.mit.edu/confluence/=
x/SBhB</a> which explains what is a phishing =
email.</div><div><br></div><div>Thank you!</div><div><font =
class=3D"Apple-style-span" size=3D"4"><span class=3D"Apple-style-span" =
style=3D"font-size: 14px;"><span class=3D"Apple-style-span" =
style=3D"font-size: medium;"><br></span></span></font></div><div =
apple-content-edited=3D"true"><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: medium; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; =
white-space: normal; widows: 2; word-spacing: 0px; =
-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: =
0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: medium; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; =
"><div><div><div><div><div><div><div><div><div><div><div><div>Monique</div=
><div><br></div><div>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D</div><div>Monique Yeaton</div><div>IT Security =
Awareness Consultant</div><div>MIT Information Services & Technology =
(IS&T)</div><div>(617) 253-2715</div><div><a =
href=3D"http://ist.mit.edu/security">http://ist.mit.edu/security</a></div>=
</div><div><br></div><div>---------------------------------------</div><di=
v><div><font class=3D"Apple-style-span" color=3D"#FF0000">Important: DO =
NOT GIVE OUT YOUR PASSWORDS OR PRIVATE =
INFORMATION! </font></div><div><font class=3D"Apple-style-span" =
color=3D"#FF0000">Ignore emails asking you to provide yours. IS&T =
will *NEVER* ask you for this =
information. </font></div></div></div></div></div></div></div></div><=
/div></div></div></div></div></span></div></span></div></span> =
</div><br></body></html>=
--Apple-Mail-43-683956218--
--Apple-Mail-44-683956274
Content-Disposition: attachment;
filename=smime.p7s
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIDwjCCA74w
ggMnoAMCAQICEQCgVkmJt2RPZFjUToeFtLUNMA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAlVT
MRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMS4wLAYDVQQKEyVNYXNzYWNodXNldHRzIEluc3RpdHV0
ZSBvZiBUZWNobm9sb2d5MRUwEwYDVQQLEwxDbGllbnQgQ0EgdjEwHhcNMDkwNzA3MTkwNzQ1WhcN
MTAwNzMxMTkwNzQ1WjCBpTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAs
BgNVBAoTJU1hc3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxFTATBgNVBAsTDENs
aWVudCBDQSB2MTEXMBUGA1UEAxMOTW9uaXF1ZSBZZWF0b24xHjAcBgkqhkiG9w0BCQEWD215ZWF0
b25ATUlULkVEVTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL5YyEmHtimNf2l9Swh7
azen1VDYTAHPef/hu8pDiEdf51i6i/1uiI7RCvzmGt8SRR3gwx1MuJt3TCKKX7kedPK8owWHRDO1
SQTG+RJHEKa8IeG/7Fk8kXFJqBYbk5sA8YOQOwmlG2x5ssMhfoPAxc44rh9tk4VfDgASGZXQITa+
8SwLG2JSFgUlnvEJAOrw8XRXRX78mgPwkydJQNhfK+ikYm2JtyqM5cSwgLxHh0XldWAI7P4csM79
LQcG4HQZRmTCVeMuy67KgNjtg/94O5AfwLkbP6hwvqsDsfr8aTwhbrhkayJnvXeY0L2X4i9AasVP
aAC4apVYBbIQr5mW4S8CAwEAAaOBoTCBnjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAd
BgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRfbDIy
HJrY3A0bf+451r8D8oZXGjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY2EubWl0LmVkdS9jYS9t
aXRjbGllbnQuY3JsMA0GCSqGSIb3DQEBBQUAA4GBAIa1unH8mI8xbBDdr0Iqub03tHeb4/VWpsPq
GmhYH9vXRI6x7B+dAIwghm4gKo9y4d8qlgcx+1sLjRQ8DkZcXacX52a1eb1qYzXhzNGkxp4EEZIq
xYCHWJRYuitl+cpqVbS0Dxh/+gC5KL4LkMRJjQ6kP1ns99bdK132BxmyNX1+MYIDNjCCAzICAQEw
gYEwbDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNVBAoTJU1hc3Nh
Y2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxFTATBgNVBAsTDENsaWVudCBDQSB2MQIR
AKBWSYm3ZE9kWNROh4W0tQ0wCQYFKw4DAhoFAKCCAYkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH
ATAcBgkqhkiG9w0BCQUxDxcNMTAwMTI3MTUzNDQxWjAjBgkqhkiG9w0BCQQxFgQU7lv1rMvTT65D
XBXiSinMXVkS+HYwgZIGCSsGAQQBgjcQBDGBhDCBgTBsMQswCQYDVQQGEwJVUzEWMBQGA1UECBMN
TWFzc2FjaHVzZXR0czEuMCwGA1UEChMlTWFzc2FjaHVzZXR0cyBJbnN0aXR1dGUgb2YgVGVjaG5v
bG9neTEVMBMGA1UECxMMQ2xpZW50IENBIHYxAhEAoFZJibdkT2RY1E6HhbS1DTCBlAYLKoZIhvcN
AQkQAgsxgYSggYEwbDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNV
BAoTJU1hc3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxFTATBgNVBAsTDENsaWVu
dCBDQSB2MQIRAKBWSYm3ZE9kWNROh4W0tQ0wDQYJKoZIhvcNAQEBBQAEggEAsFMjayIFVq4JFR6E
WoKR4wQqvqJx0vejD+hcq/fyhy5DtYoBc1N7AzWy8PZYKuVSBVI4J4LqPnvA0oMkKrE/BYgujfGo
x3qWvfbCMQfYSFr54CPZaIV1qO8NRqu3O4orrU+V9+GYs5c250U/K8vCjs1eoNVvx0BlFZkzA07O
95MESK3te1voBChbDzDLIvkBH5lRXgl5ijkIVmXvK3sJNC5stWAK6vZF3V4ZnaT+pdoOnXvuUl0s
oLY+2U99ZTjkO9sdJ7skb+/YYZ1uOOnvJgaKCBDvwqWyGoSIr3lnwtmUdYx5X3sKzNFZ3mMAJcUq
AtJo+X4nmq0nXFjQSKocnwAAAAAAAA==
--Apple-Mail-44-683956274--
--===============0289151822==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0289151822==--
