本日下記のようなフィッシングメールが本学あてに送信されて来ています。
件名:
ドキュメント「支払確認領収書.pdf」がOneDrive経由で共有されました
メール本文のリンクはクリックしないようにしてください。
うっかりフィッシングサイトにパスワードを入力してしまった場合は、すぐにパスワードを変更し、最寄りの情報イノベーション課までご連絡ください。
検索サイトから本学に関連するキーワードを検索すると、本学を騙る偽サイトが検索結果に表示されることを確認いたしました。
本件に限らず、最近検索結果に偽サイトが表示されることが散見されます。
偽サイトの中にはアクセスをするとWebブラウザに感染するものや、マルウエアがダウンロードされるものも存在しますので、常に検索結果に不審なものが含まれていないか確認することを心掛けてください。
また、偽サイトを発見した場合は、SIT-CSIRTまでご報告いただけます様お願いいたします。
SIT-CSIRT
csirt@shibaura-it.ac.jp
We have confirmed that a fake website impersonating our university appears in the search results when you search for keywords related to our university through search engines.
Not only in this case, but also in other recent cases, fake sites have been appearing in search results.
Some of the fake sites may infect web browsers or download malware when accessed, so please be sure to always check your search results for suspicious items.
If you find a fake site, please report it to SIT-CSIRT.
SIT-CSIRT
csirt@shibaura-it.ac.jp
Example of search results
 |
Examples of Fake Sites
 |
Dear students, faculty and staff
This is a notice from the Information Systems Division.
There has been an increase in the number of phishing e-mails sent to you by people trying to defraud you of your account information for commercial Internet services or for the University.
Some of these emails may slip through our email security system and be delivered to you.
Users have reported receiving suspicious e-mails.
If you receive a suspicious e-mail, be careful not to access the URL in the body of the message.
Do not open any attached files.
The sender (From:) is often spoofed and may be the sender's own email address or the administrator's email address (e.g., admin@~).
An example of a subject line: sic.shibaura-it
sic.shibaura-it.ac.jp New Webmail service is now available
mail delivery failure: storage is almost full
ow.shibaura-it.ac.jp mail service update Case ID: ?????
You have [13] pending incoming emails
SYSTEM NOTIFICATION ~ Your 8 unreceived emails are stuck on the sic.shibaura-it.ac.jp Server.
Your ow.shibaura-it.ac.jp Account will be disabled soonest.
Your Outlook storage is full
Verify User
Mail Notice: De-activation
Account Termination
Email Termintaion Request
Undeliverable: Incoming messages failure
Check Password
Email Verification ~ VERIFY YOUR EMAIL ACCOUNT TODAY
~Unknown Login Notification
Password Expiration Notice!
~ Email Notification
Required Action: Email Deactivation Notification for
Required Action: Important Notification for Tuesday, June 27, 2023
Required Action: Important Notification for Monday, June 26, 2023
Required Action: Important Notification for Sunday, June 25, 2023
You have received a new voicemail memo.
Error receiving mail
Notification: Mailbox size has reached quota limit
Sic mailbox size has reached quota limit
Mailbox storage space is low
~ Received Mail Error
Mailbox storage is full, account is suspended
If you receive a suspicious email, please contact SIT-CSIRT.
SIT-CSIRT (Shibaura Institute of Technology Computer Security Incident Response Team)
Email: csirt@shibaura-it.ac.jp
Translated with www.DeepL.com/Translator (free version)
Emotet is malware that is often infected by opening Word files attached to emails.
It was seized and stopped by EUROPOL (European Organization of the Criminal Police) on 1/27/2021, but there are signs of resumption of activity since around 11/14/2021.
The attached files are not only Word and Excel files, but also zip files with passwords.
Emotet malware, which was popular in Japan from the end of August 2019 to January 2020, seems to have temporarily resumed its activities in Japan since July 2020. Please be aware that activities may become more active in the future.
When infected with Emotet, not only is the e-mail information of Outlook (authentication information to the e-mail server, e-mail address of the inbox, subject etc.) stolen, but also other malware (Qbot, TrickBot, Ryuk ransomware, Ursnif banking malware etc.) ) May cause additional infections.
The stolen email information may be used to scatter emails to spread infection.
Please note that there are various subject lines for emails, and some may take the form of replies to stolen emails.
If you receive such an email, please do not open it and contact the Center for Science Information.
If you open it and activate the content, immediately disconnect from the network.
Please check if the antivirus software on your device is working properly.
【Attention】
For the emails scattered,there are those that take the form of replying by quoting stolen mail in the body (reply type), and those that embed the stolen name/email address etc. in the subject and signature of the body.
Please be careful.
It has been confirmed that there is no attached file and a link is written in the email body.
Please be careful not to access the link destination as the Word file etc. of the Emotet downloader will be downloaded when you click the link.
!!!Do not run macros in Word files with macros (do not press enable content)!!!
【Information about Emotet】
Sender
(People who have exchanged in the past)
Example of subject
Request to send invoice (number etc.)
This is the invoice. (Numbers, etc.)
Re: (Subject of previously received email)
Example of attachment file name
(Alphabet and numbers) Please send invoice. doc
(Alphabet or number) This is the invoice. .doc
(Alphabets and numbers) Notification of payment amount and issuance of invoice.doc
Dear Faculty and Staff
This is a notice from the Information Network Service Section.
During the year-end and New Year holidays, security incidents are more likely to occur due to the lack of system management.
As the volume of e-mails checked will increase, please be especially careful of suspicious e-mails after the holidays,
In recent years, A number of cyber-attacks confirmed by fake e-mails sent to Japanese academics, think tank researchers, and the press, pretending to be requests for lectures or interviews, etc., and leading to be compromised by executing malware, then attempt to steal the contents of emails and computer files exchanged by these individuals.
For details, please refer to the information provided by the National Police Agency's Cybercrime Countermeasures Project.
( https://www.npa.go.jp/cyber/ )
Our university introduced an e-mail targeted attack countermeasure system for full-time faculty and administrative staff.
Suspicious e-mails are automatically quarantined and a notification e-mail is sent at 15:00 daily,
so please make sure to check the contents.
https://web.sic.shibaura-it.a
If you receive a suspicious email, please contact SIT-CSIRT.
SIT-CSIRT (Shibaura Institute of Technology Computer Security Incident Response Team)
Email: csirt@shibaura-it.ac.jp
Dear Students, Faculty and Staff
Warning from the Information Network Service Division
We have received many reports of suspicious Emotet malware email from several people today.
We announced this on November 25 last year, but we would like to ask you to check again.
Please also check the security information on the Center for Science Information website.
1. Warning against phishing e-mails
Recently, there have been many cases of phishing e-mails aimed at fraudulently obtaining account information for webmail services.
We have also received reports of suspicious emails from users of our university.
If you receive a suspicious email, please be careful not to access the URL in the text.
If you receive a suspicious e-mail, please do not access the URL in the text, and do not open any attachments.
Please check the security information on the Center For Science Information website.
Example of subject line:
メールプラン、セキュリティ強化第2弾リリースのお知らせ
【重要】2021年XX月XX日(X)のサービス復旧のお知らせ。
【重要】使用制限によるサービス停止のお知らせ- {メールアドレス}
【重要】サービス停止のお知らせ - {メールアドレス}
【お知らせ】メール配信通知 - {メールアドレス}
[メール接続サービスの終了について_shibaura-it.ac.jp] - {メールアドレス}
[からの通知_Shibaura-it]_{メールアドレス}
【バージョンアップ】メンテナンス作業のお知らせ
【重要】sic.shibaura-it.ac.jp メール送信機能停止のお知らせ
If you receive a suspicious email, please contact SIT-CSIRT.
SIT-CSIRT (Shibaura Institute of Technology Computer Security Incident Response Team)
Email: csirt@shibaura-it.ac.jp
2. Warning about Emotet malware email
The Emotet malware was seized and stopped by EUROPOL (European Criminal Police Organization) on January 27, 2021.
However, it has tended to resume its activities since around November 14, 2021.
It seems that emails targeting Japan are also being sent.
For more information about the Emotet malware, please check the security information on the Center For Science Information website.
If you receive a suspicious email, please contact SIT-CSIRT.
SIT-CSIRT (Shibaura Institute of Technology Computer Security Incident Response Team)
Email: csirt@shibaura-it.ac.jp 3.
3. Warning about attacks on the CMS of web servers
If you are running a web server in your laboratory and using CMS (WordPress, Movable Type, etc.)
Please check for suspicious access.
In Japan, there have been cases of illegal content being embedded, phishing e-mails being sent out in large numbers, and unauthorized server intrusions.
Please take measures such as managing passwords for the web servers you use, updating vulnerable software, and stopping unnecessary services.
If you find any suspicious access, please contact SIT-CSIRT.
SIT-CSIRT (Shibaura Institute of Technology Computer Security Incident Response Team)
Email: csirt@shibaura-it.ac.jp
There have been reports of suspicious e-mails being sent from your own e-mail address.
The sender's email address may have been spoofed to match that of the recipient.
Reference Information(Japanese):
There are many different subject lines, as shown below. (Japanese)
These are threatening or fraudulent emails. If you receive such an email, please discard it.
Example 1(Japanese):
それが起こったのです。ゼロクリックの脆弱性と特別なコードを使用して、Webサイトを介してあなたのデバイスをハッキングしました。私の正確なスキルを必要とする複雑なソフトウェア。このエクスプロイトは、特別に作成された一意のコードを使用してチェーンで機能し、このようなタイプの攻撃は検出されません。Webサイトにアクセスしただけで感染してしまいましたが、残念なことに、私にとっては非常に容易いことです。あなたは標的にされたのではなく、そのWebページを介してハッキングされた多くの不運な人々の一人になったのです。これはすべて8月に起こりました。そのため、情報収集には十分な時間がありました。次に何が起こるかはもうご存知だと思います。数ヶ月間、私のソフトウェアは、あなたの習慣、あなたが訪問するウェブサイト、ウェブ検索、あなたが送るテキストなどの情報を静かに収集していました。他にもまだまだありますが、これがどれほど深刻であるかを理解していただくために、いくつかの理由を挙げました。
(以下省略)
That's what happened. Using a zero-click vulnerability and special code, I hacked your device through a website. Complex software that requires my exact skills. This exploit works in a chain using a specially created unique code and this type of attack is undetectable. just visiting the website infected me, unfortunately it is very easy for me. You were not targeted, but became one of the many unlucky people who were hacked through that web page. This all happened in August. Therefore, there was plenty of time to gather information. I think you already know what will happen next. For months, my software has been quietly collecting information about your habits, websites you visit, web searches, texts you send, and so on. There are many more, but I have listed a few reasons to help you understand just how serious this is.
(Omitted below)
Example 2(Japanese):
それが起こったのです。ゼロクリックの脆弱性と特別なコードを使用して、Webサイトを介してあなたのデバイスをハッキングしました。 私の正確なスキルを必要とする複雑なソフトウェア。 このエクスプロイトは、特別に作成された一意のコードを使用してチェーンで機能し、このようなタイプの攻撃は検出されません。 Webサイトにアクセスしただけで感染してしまいましたが、残念なことに、私にとっては非常に容易いことです。 あなたは標的にされたのではなく、そのWebページを介してハッキングされた多くの不運な人々の一人になったのです。 これはすべて8月に起こりました。そのため、情報収集には十分な時間がありました。 次に何が起こるかはもうご存知だと思います。 数ヶ月間、私のソフトウェアは、あなたの習慣、あなたが訪問するウェブサイト、ウェブ検索、あなたが送るテキストなどの情報を静かに収集していました。 他にもまだまだありますが、これがどれほど深刻であるかを理解していただくために、いくつかの理由を挙げました。 明確に言うと、私のソフトウェアはあなたのカメラとマイクも制御しました。
(以下省略)
That's what happened. Using a zero-click vulnerability and special code, I hacked your device through a website. Complex software that requires my exact skills. This exploit works in a chain using a specially created unique code and this type of attack is undetectable. I got infected just by visiting a web site, unfortunately, it is very easy for me. You were not targeted, but became one of the many unlucky people who were hacked through that web page. This all happened in August. Therefore, there was plenty of time to gather information. I think you already know what will happen next. For months, my software has been quietly collecting information about your habits, websites you visit, web searches, texts you send, and so on. There are many more, but I have listed a few reasons to help you understand how serious this is. To be clear, my software also took control of your camera and microphone.
(Omitted below)
例3:
"Let's resolve it like this: All you need is $1750 USD transfer to my account (bitcoin equivalent based on exchange rate during your transfer), and after the transaction is successful, I will proceed to delete all that kinky stuff without delay. Afterwards, we can pretend that we have never met before. In addition, I assure you that all the harmful software will be deleted from all your devices. Be sure, I keep my promises." I think that about sums it up.
Dear Students, Faculty and Staff
Warning from the Information Network Service Division
We would like to inform you that we have received three reminders from the Cyber Security Division of the Ministry of Education, Culture, Sports, Science and Technology.
1. Warning against phishing e-mails
Recently, there have been many cases of phishing e-mails aimed at fraudulently obtaining account information for webmail services.
We have also received reports of suspicious emails from users of our university.
If you receive a suspicious email, please be careful not to access the URL in the text.
If you receive a suspicious e-mail, please do not access the URL in the text, and do not open any attachments.
Please check the security information on the Center For Science Information website.
Example of subject line:
メールプラン、セキュリティ強化第2弾リリースのお知らせ
【重要】2021年XX月XX日(X)のサービス復旧のお知らせ。
【重要】使用制限によるサービス停止のお知らせ- {メールアドレス}
【重要】サービス停止のお知らせ - {メールアドレス}
【お知らせ】メール配信通知 - {メールアドレス}
[メール接続サービスの終了について_shibaura-it.ac.jp] - {メールアドレス}
[からの通知_Shibaura-it]_{メールアドレス}
【バージョンアップ】メンテナンス作業のお知らせ
【重要】sic.shibaura-it.ac.jp メール送信機能停止のお知らせ
If you receive a suspicious email, please contact SIT-CSIRT.
SIT-CSIRT (Shibaura Institute of Technology Computer Security Incident Response Team)
Email: csirt@shibaura-it.ac.jp
2. Warning about Emotet malware email
The Emotet malware was seized and stopped by EUROPOL (European Criminal Police Organization) on January 27, 2021.
However, it has tended to resume its activities since around November 16, 2021.
It seems that emails targeting Japan are also being sent.
For more information about the Emotet malware, please check the security information on the Center For Science Information website.
If you receive a suspicious email, please contact SIT-CSIRT.
SIT-CSIRT (Shibaura Institute of Technology Computer Security Incident Response Team)
Email: csirt@shibaura-it.ac.jp 3.
3. Warning about attacks on the CMS of web servers
If you are running a web server in your laboratory and using CMS (WordPress, Movable Type, etc.)
Please check for suspicious access.
At other universities, there have been cases of illegal content being embedded, phishing e-mails being sent out in large numbers, and unauthorized server intrusions.
Please take measures such as managing passwords for the web servers you use, updating vulnerable software, and stopping unnecessary services.
If you find any suspicious access, please contact SIT-CSIRT.
SIT-CSIRT (Shibaura Institute of Technology Computer Security Incident Response Team)
Email: csirt@shibaura-it.ac.jp
If your laboratory operates a web server and uses a CMS (WordPress, Movable Type, etc.), please check for suspicious access.
In Japan, incidents such as the embedding of malicious content, mass transmission of phishing e-mails, and unauthorized intrusion into servers have occurred.
Please take measures such as managing passwords for the web server you are using, updating vulnerable software, and stopping unnecessary services.
WordPress Vulnerability Information
Movable Type Vulnerability Information
不審なアクセスを発見した場合は、SIT-CSIRTに連絡してください。
SIT-CSIRT (Shibaura Institute of Technology Computer Security Incident Response Team)
Email: csirt@shibaura-it.ac.jp
Recently, phishing e-mails posing as e-mail systems have been sent to many organizations.
Subject Example:
The following screen is not the login screen for the system used by the university.
Never enter your email address or password.
Please contact the Information System Division if you have inadvertently typed something.
We have received a report that phishing e-mails are being sent to several e-mail addresses of the University of Tokyo at around 8:33 a.m. on September 29, 2021, falsely claiming to be notices of maintenance work on the Webmail system.
If you enter your user name and password into this site, your credentials may be exploited and unauthorized access may be gained.
If you have inadvertently entered your username and password, please change your password and contact the Information System Division.
If you have inadvertently entered your username and password, please change your password and contact the Information System Division.
・Example subject line(Japanese)
|
【アップグレード】メンテナンス工事のお知らせ(2021年9月29日(水)) 【重要】2021年9月29日水曜日のサービス復旧の通知。 |
・Example of main text(Japanese)
|
お客様各位 平素は弊社shibaura-it.ac.jpインターネットサービスをご利用いただきまして誠にありがとうございます。 2021年9月29日 **:**-**:**~ 以下の対象サーバーを使用しているお客様で障害が発生しました。 現在は復旧しております。 ■対象サーバー ■時間 ■内容 ■原因 メールサーバーを認証するには、以下のリンクをクリックしてください https://~~~.xyz/1Lulu/access/online/user?uid=~~~@shibaura-it.ac.jp 認証されていない場合、[[-Domain-]]インターネットルーティングのすべてのサービスが中断されます。 |
|
発生しておりましたが、修復作業は、2021年9月29日水曜日の午前8時頃に始まりました。 ウェブメールサービスを復元するには、次のURLを参照してください。 https://~~~~~~~~.com/Hos/Hos2?uid=~~~~@shibaura-it.ac.jp
今後もお客さまの期待と信頼にお応えするため、運営ならびにサービスの充実に |
・Example of a phishing site screen
We have received several inquiries like this.
"When browsing internet sites, screens such as "Access to this PC is blocked for security reasons" or "Windows was blocked due to suspicious activity" are displayed with alarm sounds."
Both will prompt you to call a phone number starting with 050, and when you call, you will be instructed to install remote control software or go to a convenience store to buy a prepaid card.
This is a support scam.
Virus infection warning and support phone number displayed
https://www.keishicho.metro.tokyo.jp/sodan/nettrouble/jirei/warning_screen.html
Click here for how to close the fake warning screen.
Microsoft :
https://news.microsoft.com/ja-jp/2021/01/29/210129-information/
If the display does not stop even after closing the browser, please contact SIT Center for Science Information.
How to contact us :
https://web.sic.shibaura-it.ac.jp/otoiawase?lang=en
We've received calls that suspicious emails with attachments were sent to SIT email addresses from 2020/07/08 1:55.
This attached file make your computer infected to ransomwarewhen you open the file.
When you receive this email, please delete the email WITHOUT open/download attached file.
When you inadvertently open the attached file, please call Center for Science Information!
Examples of Subject
Examples of attatched file name
IMG[Numbers].jpg.js.zip
2020/04/21 From around 11:47, there were reports that the phishing emails of the Webmail-like system were distributed to multiple email addresses of our university.
If you enter your user name and password on this site, your authentication information may be exploited, which may lead to unauthorized access.
If you receive this email, please delete it without accessing the link.
If you accidentally enter your user name and password, please change your password and contact the Information Systems Division.
| [Version up] Notification of maintenance work [April 21, 2020] |
|
Dear customer Thank you for using [Sic] Internet service. We are carrying out server maintenance. Follow the link below to upgrade your service https: //~~~ems.ru/jp/webmail-op.jp? uid = ~~~ Copyright (C) Sic Co., Ltd. All Rights Reserved. |
2020/04/19 From around 02:26 to around 02:30, and from around 04:04 to around 04:09, phishing e-mails disguised as the University's WebActive! Mail were scattered to multiple e-mail addresses. Was reported.
When you access the link in the body of the email, you will see a website that looks just like the University's Webmail system.
If you enter your user name and password on this site, your authentication information may be exploited, which may lead to unauthorized access.
If you receive this email, please delete it without accessing the link.
If you accidentally enter your user name and password, please change your password and contact the Information Systems Division.
| Re: Active! Email update! |
| Re: Confirmation Mail |
|
Dear users, Your active! Email. Mailboxes have exceeded the storage limits set by the administrator and new mail cannot be sent or received until the mailbox is revalidated. And it costs you nothing. To revalidate-click here
|
|
Dear User, Your Active!mail. mailbox has exceeded it's storage limit as set by your administrator and you will not be able to send and receive new mails until you re-validate it. And it will not cost you anything. To re-validate - click here Thank you. |
2020/04/15 From around 12:06, there were reports that phishing e-mails, which seem to be web mails, were distributed to multiple e-mail addresses of our university.
If you enter your user name and password on this site, your authentication information may be exploited, which may lead to unauthorized access.
If you receive this email, please delete it without accessing the link.
If you accidentally enter your user name and password, please change your password and contact the Information Systems Division.
| [Upgrade] Notification of maintenance work [April 14, 2020] |
|
Dear customer Thank you for using [Sic] Internet service. We are carrying out server maintenance. Follow the link below to upgrade your service https://~~~.com/jp/webmail-op.jp?uid=~~~ Copyright (C) Sic Co.,Ltd. All Rights Reserved. |
From around 2020/02/11 12:08, there were reports that phishing emails spoofing the University's WebActive! Mail were being scattered to multiple university email addresses.
When you access the link in the body of the e-mail, a site similar to the university's Web mail system will be displayed.
If you enter your username and password on this site, your credentials will be exploited and unauthorized access may be possible.
If you receive this email, please delete it without accessing the link.
If you accidentally enter your user name and password, change the password and contact the Information System Section.
| RE: Please confirm your account |
|
Your mailbox is almost full. 9407MB 3GB Click https://mailactive.legalsaudi~(省略)~ to verify your account. |
Around 8:30 2020/02/08 and around 12:31 2020/02/11 there have been reports that suspicious e-mails with emoticons in the subject and body have been scattered to multiple e-mail addresses of the University. did.
When the attached file is opened, it is infected with ransomware (NEMTY), the data is encrypted and a ransom is required.
If you receive this email, please delete the attachment without opening it.
If you accidentally get infected and your data is encrypted, please contact the Information Systems Section.
Report that phishing e-mails spoofing the University's WebActive! Mail are distributed to multiple e-mail addresses of the University around 2020/01/30 23:47 and 01/31 01: 20-02: 28 had.
When you access the link in the body of the e-mail, a site similar to the university's Web mail system will be displayed.
If you enter your username and password on this site, your credentials will be exploited and unauthorized access may be possible.
If you receive this email, please delete it without accessing the link.
If you accidentally enter your user name and password, change the password and contact the Information System Section.
| Upgrade an active email account |
|
Your MALLB0X is out of date https: //activemail.amsteel-finance.~~~ Thank you, active! Webmail team |
Since the end of August 2019, Emotet Malware has been in fashion in Japan. Emotet is malware that is often infected by opening Word files attached to e-mails.
If you get infected with Emotet, you will not only steal Outlook email information (email server authentication information, inbox email address, subject, etc.) but also to other malware (TrickBot, Ryuk ransomware, Ursnif banking malware, etc.) Additional infection may occur.
The stolen email information may be used to disseminate emails for spreading infection.
Please note that the subject line of emails varies and some of them take the form of replies to stolen emails.
If you receive such an email, please do not open it and contact the Information Systems Division.
If you open it and activate the content, disconnect from the network immediately.
Please make sure that the anti-virus software on your device is operating correctly.
件名の例
| Cambiar los terminos de pago de sus servicios de Ma Jose Cambion de su tarifa de Ma Jose Su tarifa para confirmacion de Ma Jose Agreement Application pack ~ (date and name) Comments Comments for Compliance report Compliance report-(date and name) Confirmation-(date and name) Customer Feedback Information-(date and name) Customer Feedback Information for (Name) Customer Statement Documents Enquiry (date and name) Inquiry for Facturacion Naturgy Feedback Information Files (date and name) FW: Scan from a Huawei MFP Fwd: RE: Re: Shipment Document General Inquiry for (Name) Hello INFO (PRODUCTION)-(Name) INVOICE JLL2019-0095 Invoice n (date) La documentation d'avril d ’(date) List List-(Name) Mail from (date and name) Notice Notice for Notre reponse-(date) Notre reponse d ’(date) RE: ***** SPAM *****-Thanks For Your Effort So !! RE: *** SPAM *** Thanks For Your Effort So !! Re: Darlehen! Re: Hello RE: SOA-Long Overdue Invoices Renewals-(Name) Report (date) Request for quotation RFQ for (Name) RV: ***** SPAM *****-Thanks For Your Effort So !! Scan Data-(Date and name) Scan Data for (Name) Service (date) Signed Agreement (date) Statement-(name) Statement (date) (name) URGENT MESSAGE URGENT MESSAGE (date) comment Comment (Name) data Data (Name) document Document (date and name) message Message (date or name) Repeat message Repeat message (name) reminder List (Name) Remarks Remarks (date and name) help Help (date and name) information Information (date and name) New version New version (date and name) Last option Last option (date or name) Current version Current version (date and name) |
Around 2020/01/10 19: 40-19: 53, there were reports that phishing emails spoofing the University's WebActive! Mail were being distributed to multiple email addresses of the University.
When you access the link in the body of the e-mail, a site similar to the university's Web mail system will be displayed.
If you enter your username and password on this site, your credentials will be exploited and unauthorized access may be possible.
If you receive this email, please delete it without accessing the link.
If you accidentally enter your user name and password, change the password and contact the Information System Section.
| IT Notification Service Center |
|
YOUR MAlLB0X IS OUT OF DATE
|
From around 2020/01/09 15:32 to 15:55, there were reports that phishing emails spoofing the University's WebActive! Mail were being distributed to multiple email addresses of the University.
When you access the link in the body of the e-mail, a site similar to the university's Web mail system will be displayed.
If you enter your username and password on this site, your credentials will be exploited and unauthorized access may be possible.
If you receive this email, please delete it without accessing the link.
If you accidentally enter your user name and password, change the password and contact the Information System Section.
| Please confirm your account |
|
Your mailbox is almost full. 9407MB 3GB https://activemail.gdhjtzi~(省略)~
|
At around 14:41 and 17:18 2020/01/06 and around 17:18 and around 06:50 to 07:45 2020/01/07, phishing emails spoofing the University's WebActive! Mail are distributed to multiple email addresses of the University There was a report that he had been.
When you access the link in the body of the e-mail, a site similar to the university's Web mail system will be displayed.
If you enter your username and password on this site, your credentials will be exploited and unauthorized access may be possible.
If you receive this email, please delete it without accessing the link.
If you accidentally enter your user name or password, change the password and contact the Information System Section.
| Active! mail Team 2020 |
|
Your mailbox is almost full. 9407MB 3GB
|
There are only a few places left in 2019. Suspicious emails (including SMS) have increased since the second half of 2019.
According to information from the Tokyo Metropolitan Police Department, illegal remittance damage related to Internet banking, which seems to be phishing, has increased rapidly since September 2019.
The period of the year-end and New Year holidays is also a period when security response is weak, and attacks targeting that period usually tend to increase. We have compiled a list of matters that you should be aware of regarding security, so students, faculty and staff should read the following materials and be careful not to be damaged.
In case of damage, please contact the Information System Division by email.
contact information :goiken <at> sic.shibaura-it.ac.jp
From December 18th, 2019, around 09:23 to 9:32, there was a report that phishing emails pretending to be WebActive! Mail were distributed to multiple email addresses of the University.
When you access the link in the email text, you will see a site that looks just like the University's Web mail system.
If you enter your username and password on this site, your authentication information will be exploited and unauthorized access may occur.
If you receive this email, please delete it without accessing the link.
If you have accidentally entered your user name or password, please change your password and contact the Information Systems Division.
| 受信メールが失敗しました |
12/18/2019 At 8:23:00 AM, delivery of three incoming emails to ~ mail address ~ inbox failed.
Restore email
|
Shibaura Institute of Technology Media Center, |
2019/12/04 From around 8:47 to 10:45, there was a report that emails with suspicious Excel attachments were being scattered.
The subject is as follows.
This attachment is malware. Discard it without opening it.
| Correction 12/04 Business Report |
| Business Report Input for 2019.xls |
2019/12/03 From around 18:12 and around 20:56, it was reported that phishing emails for Webmail administrators were scattered.
The subject is as follows.
The URL listed in this email is a phishing site. Never access the link destination. Also, do not enter your email address, username or password carelessly.
| Security Alert: Important notice about your webmail account |
 |
Click to enlarge
2019/12/03 From around 7:38, there was a report that emails with attachments of suspicious Excel were being scattered.
The subject is as follows.
This attachment is malware. Discard it without opening it.
| 令和元年度職員録 |
添付ファイル名
| SKM_C30819111574023.xls (The number part is random) |
Around November 29, 2019 at 10:07, there was a report that phishing emails pretending to be WebActive!
When you access the link in the email text, you will see a site that looks just like the University's Web mail system.
If you enter your username and password on this site, your authentication information will be exploited and unauthorized access may occur.
If you receive this email, please delete it without accessing the link.
If you have accidentally entered your user name or password, please change your password and contact the Information System Section as soon as possible.
| 返されたメールを復元する |
Click to enlarge
From November 20, 2019, around 7:30, it was reported that emails with shortened URLs for downloading suspicious xls files were being distributed.
There are three types of subject lines:
This URL is a site for downloading malware. Discard without accessing the View and View File buttons in the email.
| HRM sent you a file "shortlisted_11.2019.xls" on Box HRD sent you a file "shortlisted_11.2019.xls" on Box HR sent you a file "shortlisted_11.2019.xls" on Box hrd sent you a file "shortlisted_11.2019.xls" on Box hr sent you a file "shortlisted_11.2019.xls" on Box |
Click to enlarge
From 19/11/2019 8:06, it was reported that emails with shortened URLs for downloading suspicious xls files were being distributed.
There are three types of subject lines:
This URL is a site for downloading malware. Please discard the URL (Open button) in the email without accessing it.
| Receptionさんが"KJ181119.xls"をあなた Accounting is inviting you to collaborate on payroll_nov_19.xls accountant is inviting you to collaborate on payroll_nov_19.xls |
Click to enlarge
2019/11/18 6:32頃より、自分自身のメールアドレスから迷惑メールが受信されていると報告がありました。
件名は下記の様に様々あります。
これは脅迫詐欺メールです。このようなメールが届いた場合は破棄してください。
| 緊急対応! |
| AVアラート すぐにお読みください あなたの心の安らぎの問題。 |
|
こんにちは! 私のニックネームは~です。 その後もパスワードを変更したとしても、それは問題ではありません。私のウイルスはあなたのコンピュータ上のすべてのキャッシングデータを傍受しました 私はすべてのあなたのアカウント、ソーシャルネットワーク、電子メール、ブラウジング履歴にアクセスできます。 私はあなたが時折訪れる親密なコンテンツサイトに最も襲われました。 あなたの喜びと娯楽の間、私はあなたのデバイスのカメラを通して、あなたが見ているものと同期してスクリーンショットを撮りました。 私はあなたの連絡先のすべてがこれらのスクリーンショットを取得するのを望まないと思いますよね? 指定された金額を私のBTCウォレット(Bitcoin)に送ってください: ******************************** そうしないと、これらのファイルとサイト訪問の履歴があなたのデバイスからすべての連絡先に送信されます。 あなたがそれを読むとすぐに - 私はそれについて知るでしょう! 私はあなたのことを覗き込む多くの仕事をしてきました! あなたはセキュリティを見ない! |
In Lumin PDF app that can edit PDF files on Google Drive, 15.5 million user information leaked in April 2019.
The leaked data includes API access token (* 1), email address, name, password, etc. to Google Drive.
We have received information that the University account is included in the leaked data.
You can check whether your user information is included in the leaked data on the Have I Been Pwnded site.
(* 1) If you authenticate with API access token, you can access the file without password or 2-step verification.
2019/10/31 around 11:22
There were reports that phishing emails pretending to be University WebActive! Mail were distributed to multiple university email addresses.
When you access the link in the email text, you will see a site that looks just like the University's Web mail system.
If you enter your username and password on this site, your authentication information will be exploited and unauthorized access may occur.
If you receive this email, please delete it without accessing the link.
If you have accidentally entered your user name or password, please change your password and contact the Information Systems Division.
| Dear: Active!Mail pending account Owner |
| Dear: Active!Mail Webmail account Owner, This message is from Active! Webmail messaging center to all Active! email account owners. We are currently upgrading our data base and e-mail account center .We are deleting all Active! Webmail email account to create more space for new accounts. To prevent your account from closing you will have to update it so that we will know that it's a present used account. Your response should be sent to admin manager click HERE http://-URL of phishing site- Thanks, Active!. Webmail Team =-=-=-=-=-=-=-Disclaimer Notice-=-=-=-=-=-=-=-= The information in this E-mail is intended to be confidential and only for use of the indi |
2019/10/28
From around 5:45, there was a report that spam was being received from my own email address.
There are various subject lines as follows.
This is a threatening scam email. If you receive such an email, please discard it.
| Emergency response! |
|
Hello, Dear user of shibaura-it.ac.jp. I posted my virus on a porn site and installed it on your operating system. For now, the software collects all contact information from social networks and email addresses. ********************************
After your transaction I will erase all your data. And be more careful in the future! |
2019/10/22At around 08:30, there was a report that phishing emails pretending to be University WebActive! Mail were distributed to multiple university email addresses.
When you access the link in the email text, you will see a site that looks just like the University's Web mail system.
If you enter your username and password on this site, your authentication information will be exploited and unauthorized access may occur.
If you receive this email, please delete it without accessing the link.
If you have accidentally entered your user name or password, please change your password and contact the Information System Division.
| Dear customer Active! Reply to Mail |
| Dear customers, The account has been temporarily disabled. Don't worry, just check some information Please login from the link below https: // ~ URL of phishing site ~ Customer Service Support Active! Mail |
On September 29, 2018, there was a report that spam was being received from your own email address.
The subject is “~ (email address) hacked! Please change your password immediately!”, But there may be other cases.
This is a threatening scam email. If you receive such an email, please discard it.
subject
~ Email address ~ It is hacked! Change your password immediately!
Subject of similar email
Text example
|
How was it: After that, I have saved the complete data on your disk (I have all your address book, site browsing history, all files, phone numbers, addresses of all your contacts).
I say-you are a big pervert. Infinite fantasy! Then the idea came to my mind. I strongly believe that you don't want to show this photo to your relatives, friends or colleagues. I accept only Bitcoins. My BTC wallet: ***************************** Don't know how to refill Bitcoin wallet? If you pay, we will provide you with more than 2 days (exactly 50 hours). After payment, my virus and dirty photos will be self-destructed automatically. I hope you are wise. P.S. I guarantee that you will not disturb you again after payment. From now on, we recommend using good antivirus and updating it regularly (several times a day)! Don't get mad at me, everyone is doing their job. |
About 2019/9/25 11:22 There was a report that phishing emails fake the University's WebActive! Mail were distributed to multiple email addresses of the University.
When you access the link in the email text, you will see a site that looks just like the University's Web mail system.
If you enter your username and password on this site, your authentication information will be exploited and unauthorized access may occur.
If you receive this email, please delete it without accessing the link.
If you have accidentally entered your user name or password, please change your password and contact the Information Systems Division.
As of 9/25/2019 08:22:00 AM, Shibaura Institute of Technology Email System was unable to deliver 4 new messages to your ~@~.shibaura-it.ac.jp inbox
To recover rejected emails, please visit the link below and log in
Recover_mails <- Link to phishing site
Shibaura Institute of Technology Medi= a Center,
2019 Information Media Center, Shibaura Institute of Technology.
Please be careful about dissemination of ransomware by e-mail disguised as DHL.
Subject example
Text example
Attached file example
The content of the attached file is Malware (Sodinokibi ransomware).
Please note that if you accidentally open it, the hard disk files will be encrypted and you will be asked for a ransom.
Currently, when spam emails are detected and quarantined in the email security system, quarantine notification emails are sent once a week (Monday at 0 o'clock). Because it has occurred, the notification interval will be changed every day (15:00).
The spam quarantine enable / disable setting can be changed from AMI Settings Change-> Spam Protection.
Around May 18th, 2019, suspicious emails containing the president's name in the body of the text are distributed to multiple users.
If you receive such an email, please delete it without opening it.
|
subject: SIofT has the duty to popularize my four big inventions to save all Japanese lives! Text: Please to see the full text of letter at attachments, and you can to If the related of web page cannot to open for moment, you maybe Because this email was very significant for any Turk, but come from Therefore, please to hand around this attachments for anyone of your Thank you! ~ Attached file: 190517-SIofT.pdf |
On May 14, 2019 (local time), a security update program (emergency) for a vulnerability in the remote desktop service was released by Microsoft.
This vulnerability allows an attacker to execute programs remotely. If attacked, the damage may spread, just like the WannaCry that prevailed in 2017.
Due to the significant impact this time, an update program for Windows XP / 2003, which is no longer supported, is also available.
If you are using a vulnerable OS, please apply the update immediately.
Target OS
Please see the information below
A large amount of phishing emails have been sent to remind you of Amazon Prime notifications.
The link in the text is a phishing site that is a copy of the Amazon login screen.
Please be careful not to click the link.
Subject example
・ [Urgent notice] Your credit card has expired for your Amazon id prime payment!
・ [Urgent notice] We have canceled the automatic update setting for Amazon Prime!
・ [Urgent notice] Your account will be closed soon!
・ [Urgent notice] Enter an updated expiration date or new credit card information
・ (Name) Your Amazon account is logged in by a third party and your account is blocked.
・ Confirming the account (name, password, other personal information) registered with Amazon.co.jp
・ Amazon.co.jp account information has expired, please update soon and lock after 24 hours (username)
・ [Account Lock] Confirmation of A account (name, password, other personal information) registered in Amazon.co.jp
・ Your Amazon ID is locked. Service number: (numeric)
・ Notice of cancellation of Amazon Prime member registration
・ Your Amazon ID membership registration will end soon.
・ Update Amazon payment method information!
・ [Emergency notification for Amazone] The credit card specified for the payment of the prime has expired!
Text example
|
The automatic update setting for Amazon Prime has been canceled at the request of the customer. You can check the status of automatic renewal settings and the end date of the membership period on the Amazon Prime Member Information Management page. At the end of the period, you will not be able to use Prime member benefits such as free rush flights or unlimited viewing of prime videos. (Click here to see key Prime member benefits) Earn 400 points that were planned to be used from 4/6/2019 with continued Prime membership. If you would like to continue enjoying Prime Member benefits, please click “Continue Membership” on the “Manage Amazon Prime Member Information” page. Thank you for using Amazon Prime. Check on the member information management page http: //www.~~~-update-amazon.jp/website/ (URL is partially masked) Amazon.co.jp customer service |
