Tuesday, January 06, 2015

Universities Targeted with "Library Account" phish

Many universities across the country have been targeted with phishing emails that warn their students that their "Library Account" is going to expire. As with so many cybercrime issues, these crimes could be addressed much differently if the Powers That Be were aware that these were not individual cases, but an on-going campaign across victims across the country!

Towards that end, I've collected full text examples of many of these phish, with links to the University web pages where there students have been warned. Hopefully we can start warning people of national on-going campaigns like this BEFORE they are victimized!

While I was reviewing University Phish for this project, I was especially impressed with the phishing details shared at University of Michigan (Go Blue!) and University of Pennsvylvania. Both are great examples of giving students enough details to understand the scope of the risk at hand.

January 2014 Library Account phish


January 9, 2014 - George Washington University
Subject: Library Account
Dear User,

Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once! To reactivate your account, simply visit the following page and login with your university account. After logging in, your account is reactivated and it will redirect you to your Library Account.

February Library Account phish


February 21, 2014 - Flinders University
Have you received an email asking you to “validate” your Library Account? This email is attempting to steal Flinders user credentials and is not legitimate.

Don’t follow the links in the email, just delete it. The library will never ask you to login to verify your details or activate your account.

May Library Account phish


May 23, 2014 - Lehigh University

June Library Account phish


June 26, 2014 - University of Minnesota
From: Library
Date: Thu, Jun 26, 2014 at 8:47 AM
Subject: Library Account
To:
Dear User,
Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!

To reactivate your account, simply visit the following page and login wilth your library account.

Login Page:
xxxxxxxxxxxxxxxxxx
Sincerely,
University of Minnesota Libraries
499 Wilson Library
309 19th Avenue South
Minneapolis, Minnesota 55455
(612) 624-3321 (voice)
(612) 626-9353 (fax)

September Library Account phish


September 10, 2014 - University of Pennsylvania
From: Jonathan Heller < jheller@pobox.supenn.edu > 
Subject: Library Account Access 
Date: Wed, Sep 10, 2014 2:11 PM 

Dear User, 
Your access to your library account is expiring soon and it won't be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

(LINK REMOVED)

If you are not able to login, please contact Library Services Manager at jheller@pobox.upenn.edu .


Sincerely, 
Jonathan Heller 
Library Services Manager 
Access & Delivery Services 
Penn Libraries 
University of Pennsylvania 
(215) 898-8956 
jheller@pobox.upenn.edu 

September 17, 2014 - University of North Carolina Health Sciences Library
Alert: Phishing Emails Impersonate UNC Library

Some members of the UNC community have received false emails that appear to be from the Library.

These emails state that “access to your library account is expiring soon and it won’t be accessible for you.” The email directs the recipient to a link that appears to be from the Library.

October Library Account Phish


October 8, 2014 - UC Denver's Auraria Library
October 9, 2014 - University of Colorado Health Sciences Library
The University has been recently subjected to a phishing attack. The subject line of these new phishing messages is “Library Account Access”. These emails are designed to appear as if they are coming from the library concerning a library account activation. The phishing emails also contain links to malicious web sites that ask for your University information (Name and student/employee ID).


October 10, 2014 - Miami University of Ohio
    From: XXX XXX [mailto:xxxxxxxx@miamioh.edu]
    Sent: Friday, October 10, 2014 12:45 PM
    To: xxxxxxxx@miamioh.edu
    Subject: Library Account Access

    Dear User,

Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

(LINK)

If you are not able to login, please contact Library Services Manager at xxxxxxxx@miamioh.edu.


    Sincerely,
    
    Alison Withers
    Library Services Manager
    Access and Delivery Services
    University Library
    Miami University
    513-529-2938
 

October 30, 2014 - Virginia Commonwealth University
To:
From: Access Services Manager 
Date: 10/30/2014 11:54AM
Subject: Library Account Access

Dear User,
Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library account.

(Link redacted, actual link goes to login.vcu.edu.cavc.tk)

If you are not able to login, please contact Library Services Manager at kbonis@vcu.edu.


Sincerely,

Kerry Bonis
Library Services Manager
Access & Delivery Services
Main Library
Virginia Commonwealth University
(804) 827-3968

November Library Account phish


November 13, 2014 - Illinois Institute of Technology
IIT faculty, staff and students may have received an email to “All Members of the University of Illinois” notifying you about a new library system that requires you to activate a new library account. Do not respond to this email. It is a phishing attempt to collect IIT campus-wide ID numbers (CWIDs).

Library users affiliated with Illinois Tech gain access to subscription databases when off-campus by entering their CWID. Releasing that information to a third-party may result in access to our databases being limited or cut off. You can always safely access the library website by using the IIT Portal links, or going directly to the library website. If you believe your CWID has been compromised, please contact the OTS support desk.


November 17, 2014 - Southern Methodist University
Sample Phishing Email

Subject: Library Account Access
Sender: Jane Sippell 

Dear User,
Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

Note – this link appears in the email:

https://libcat.smu.edu/cgi_bin/ldapauth.cgi_loginType=E25JFHNfCD7…

The actual destination does not point to the SMU library catalog but to a web address at http://libcat.smu.edu.cvre.tk

http://libcat.smu.edu.cvre.tk/cgi_bin/ldapauth.cgi_loginType=E25JFHNfCD7v…

If you are not able to login, please contact Access Services Manager at jsippell@smu.edu.


Sincerely,

Jane Sippell
Access Services Manager
Access & Delivery Services
Central University Libraries
Southern Methodist University
(214) 919-5931
jsippell@smu.edu
November 17, 2014 - University of Arizona
From: library (EMAIL ADDRESS REMOVED)
Subject: Library account
Date: November 17, 2014 at 8:46:39 AM MST
Reply-To: (EMAIL ADDRESS REMOVED)

Dear User,
Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!

To reactivate your account, simply visit the following page and login with your library account.

Login Page:

(URL REMOVED)

Sincerely,

The University of Arizona Libraries
(ADDRESS, PHONE NUMBER AND URL REMOVED)


November 18, 2014 - Washington University in St. Louis
Dear User,

Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

(LINK)

If you are not able to login, please contact Access Services Manager at *********@wustl.edu.

Sincerely,


November 19, 2014 - Ball State University Library
University Libraries was alerted that some members of the Ball State community received an email message stating their library account was soon to expire. The email said to reactivate the account by clicking on a web address included in the message. This was a phishing scam and the campus Office of Information Security took steps block access to the phony site.

December Library Account Phish


December 1, 2014 - Harvard University
December 1, 2014 - McGill University (Canada)
    From: Library  
    Subject: Library Account
    Sent: Monday, December 01, 2014 8:49 AM
    To: 

    Dear User,
    Your library account has expired, therefore you must reactivate 
    it immediately or it will be closed automatically. If you intend 
    to use this service in the future, you must take action at once!

    To reactivate your account, simply visit the following page 
    and login with your library account.

    Login Page:

    Sincerely,

    McGill Library
    McLennan Library Building
    3459 rue McTavish
    Montreal, Quebec
    H3A 0C9
 
December 1, 2014 - Cornell University
Subject: Library Account
Date: December 1, 2014

Dear User,

Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once! To reactivate your account, simply visit the following page and login with your library account.

Login Page:
(BAD LINK)

Sincerely,

Cornell University Library, Ithaca, NY 14853 | (607) 255-4144


December 3, 2014 - University of Tennessee Knoxville
Dear User,

Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!

To reactivate your account, simply visit the following page and login with your library account.

Login Page:

http://www.lib.utk.edu/reactivation?service

Sincerely,


    University of Tennessee
    University Libraries
    Email: library@utk.edu
    Tel: (865) 974-4351
 

December 15, 2014 - California State University Long Beach
December 18, 19, 20, 2014 - University of Michigan - (Hail to the Victors! Go Blue! WELCOME COACH HARBAUGH! Watched you play in 1985 while I was a Wolverine myself!!!) (oops) (blush)
Date: Thursday, December 18, 2014
Subject: Library Account Access

Dear User,

Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to the library services. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

[LINK REMOVED]

If you are not able to login, please contact [LINK REMOVED] for immediate assistance.

Sincerely,


Access Services Manager
University of Michigan Library
(734) 936-2921
[LINK REMOVED]
Date: Friday, December 19, 2014
Subject: U-M library System Problem
Dear [Your Name],

You are receiving this message because your login and off-campus access may have been compromised.

Your access will be inactive in 3 days. Because of some security problems, we decided to make some changes (Upgrade) and this is due to the implementation of a new version of Central Authentication System(CAS) and Umich WebLogin.
This means while you are off-campus or on-campus you will have no access to library's internal web services.

You can activate it by going again simply login to University of Michigan Library Weblogin System with your U-M LoginID and reactive your access.
Offer that Logout your account and close your browser.

Please note: If you get an Authentication Error ,just try 2 times to login again. Because System will automatically block your IP and Account and you should contact Systems Help Desk to Unlock.

University of Michigan Library
818 Hatcher Graduate Library South
913 S. University Avenue
Ann Arbor, MI 48109-1190
(734) 764-0400
[LINK REMOVED]
Date: Friday, December 19, 2014
Subject: ADMIN

Dear Web-mail Account User,

Your e-mail Account have Exceed the 20 GB e-mail Storage Set-Up by your Service Provider/Admin. You have to contact your Service Provider on Help Desk Support Portal below in less than 48 hours to avoid Suspension of your Web-mail Account if you dont Verify your e-mail account. To keep your Account Safe, Kindly Click the Help Desk Support Blue Portal below:

umich.edu-helpdesk [LINK REMOVED]

SERVICE DESK - IT HELP DESK
©COPYRIGHT 2014 WEB-TEAM. ALL RIGHT RESERVED.

December 23, 2014 - Wake Forest University
Dear User,

Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to the library services. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

(LINK)

If you are not able to login, please contact James Hart at hartja@wfu.edu for immediate assistance.

Sincerely,

James Hart
Access Services
ZSR Library
Wake Forest University
336-758-4967
hartja@wfu.edu

December 23, 2014 - UAB Library