SlideShare a Scribd company logo

University Payroll Theft Scheme

W
worldwidebranding

Universities have been targeted by phishing campaigns for years that steal user credentials. Recently, stolen credentials have been used to alter direct deposit information and reroute funds to attacker-controlled accounts. Several universities have reported incidents where 15 to several hundred personnel were targeted. The phishing emails typically claim to be about salary increases and contain links to fake login pages that steal credentials when entered. Credentials are then used to access payroll systems and change direct deposit details. Universities are advised to implement multi-factor authentication, alert employees of changes, and educate about phishing risks.

Education
1 of 5
Download to read offline
TLP: GREEN TLP: GREEN Advisory University  Payroll  Theft  Scheme 18  August  2014   DISCLAIMER: This Bulletin is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service referenced in this bulletin or otherwise. This document is marked TLP: GREEN. Recipients may share TLP: GREEN information with peers within their sector or community, but not via publicly accessible channels. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp. Summary This advisory was prepared in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC), Multi-State Information Sharing and Analysis Center (MS-ISAC), and Research and Education Networking Information Sharing and Analysis Center (REN-ISAC). The purpose of this release is to provide relevant and actionable information for prevention and defense. Universities and colleges have been targeted by spearphishing campaigns designed to steal user credentials for many years. Stolen credentials are used for many purposes, including but not limited to sending spam from compromised e-mail accounts, optimizing search engine results for black market pharmaceutical web pages, gaining access to university-licensed resources, and hosting malware. For  roughly  the  past  year,  many  of  these  campaigns  have  used  harvested  credentials  to  alter  victim’s   direct deposit information. Targeted individuals include both faculty and administrators from various departments. Several of the attacks appear to have specifically targeted individuals in university medical and dental programs. These e-mails often, but not always, use subjects related to salary increases to lure victims into clicking on malicious links. Subject lines have included: Your Salary Review Documents Important Salary Notification Your Salary Raise Confirmation connection from unexpected IP RE: Mailbox has exceeded its storage limit. The malicious links contained in these e-mails direct victims to webpages controlled by the attackers that look  nearly  identical  to  their  university’s  legitimate  login  portals.    Once  the  attackers  harvest  the  user’s   credentials, the credentials are used  to  access  the  victim’s  payroll  information  and  re-route direct deposits to an account they control. However, in at least one case, insurance policy information was also changed. The number of personnel targeted in these attacks also varies but reports indicate targets range anywhere from 15 to several hundred. Documented Attacks In December 2013, a University of Western Michigan employee had their direct deposit information altered following a successful phishing attack. The victim claims that his single sign on (SSO) credentials National Cybersecurity and Communications Integration Center
TLP: GREEN TLP: GREEN were used to access his e-mail  and  delete  the  university’s  automatically  generated  e-mail notification. Open source reporting highlights several other universities that have been impacted by similar campaigns. These include: Boston University in early January 2014, Texas A&M in July 2013, the University of Iowa in November of 2013, and the University of Michigan in August of 2013.1,2,3,4 While only a few cases have been reported in the media, estimates of impacted universities and colleges are much larger. To address these attacks, several entities have released public and private alerts on this activity throughout the past year to include the MS-ISAC, the REN-ISAC, the FBI and The Internet Crime Complaint Center (IC3) among others.5 Attack Details While it is possible that the attackers behind these campaigns have been launching similar attacks on other sectors, there are several reasons why higher educational institutions would be an attractive target. Most universities and colleges provide access to a wide variety of information regarding their technology environment in an effort to support their global research and education missions. Access to this information allows attackers to more easily conduct reconnaissance prior to an attack. E-mail contact information for faculty and staff can also be easily accessed and used by attackers to create target lists for their campaigns. In at least one case, a university confirmed that the list of phishing recipients was generated using a scrape of email addresses on the public campus website. The university assessed that this was likely the reason  faculty,  rather  than  staff,  were  the  primary  targets  as  this  University’s  website  contains  faculty   profiles with email addresses, but few staff email addresses. Though attempting to harvest credentials through phishing is a common practice, certain aspects of this campaign indicate that attackers are specifically targeting university and college personnel and conducting some level of reconnaissance prior to their attack. Though it is unknown if these attacks are being conducted by a single group or multiple groups, the tactics, techniques, and procedures (TTPs) used in many of the attacks share very similar characteristics. Some TTPs Include: Examples of URLs created to resemble legitimate URLs include: Altering direct deposit account information Spoofed to appear as if message came from the appropriate  department,  e.g.  HR  for  “salary  increase”   lures  or  IT  department  if  “mailbox  exceeded” Spoofed login screens that are a close replica of legitimate login screen Targeting of faculty and staff Using university images within e-mails text Spoofed institutional-specific prompts for additional credential information, e.g., PINS, bank account numbers. URLs mimicking legitimate (and accessible) portal URLs Use  of  the  “salary  increase”  approach  seems  to   coincide with end of the fiscal year. hxxp://*.ru/www.<domain>.edu/Login.htm hxxp://*.it/www.<domain>.edu/Login.htm hxxp://*.com/<domain>/<domain>.edu.htm hxxp://*.ru/www.<domain>.edu/IPalertsystem/WebLogin.htm hxxp://*.it/www.<domain>.edu/IPalertsystem/WebLogin.htm hxxp://*.ru/www.<domain>.edu/<domain>/logon.aspx.htm hxxp://.../energynews/support/<domain>/<domain>.edu.htm hxxp://*.ru/www.usu.edu/Login.htm “<domain>”  refers  to  the  affected  institution,  for  example: Host  information,  represented  by  “*”  in  e.g.  *.ru,  changes  over   time and has been seen to include the use of legitimate domains that are either compromised or misused  for  the  attacker’s  purpose.
TLP: GREEN TLP: GREEN The phishing e-mails have contained official institutional images; often via an HTML image link direct to the resource. Examples of spoofed sender e-mail addresses include: HRresources @<domain>.edu employeebenefits @<domain>.edu In addition, actors appear to be aware of institution- specific requirements for updating banking information. For example, if the university requires a Personal Identification Number (PIN) or bank account number to change existing settings, the spoofed login screens may prompt users for this information. The timing of some of these attacks has also been observed coinciding with the end of the fiscal year for many universities and colleges (July 1). This is often when institutions give their employees salary increases,6 and may help add to the perceived legitimacy of the e-mails. These factors all contribute to a relatively well-planned campaign with an increased likelihood of deceiving unsuspecting users into divulging their personal information. While malicious IPs and IP ranges change over time and may or may not be useful as long-term indicators of compromise (IoC), below are IP ranges observed to be associated as the sources of some of these attacks: 41. 190.2.0/24 41. 190.3.0/24 108. 61.0.0/16 range Prevention Techniques In an effort to defend against this threat, some institutions set up e-mail alerts which were sent to individuals when payroll information was altered. Following this, some universities reported victims were successfully alerted of malicious activity right away. However, in some instances, attackers were able to access victim e-mail accounts and delete alert messages prior to the victim reading them. This is possibly due to the use of single sign on SSO. Single sign on is a form of user authentication that allows a user to access multiple applications with a single set of login credentials. Some institutions require the use of additional forms of identification when accessing higher risk data like payroll information. However, as mentioned earlier, actors seem to be aware of these additional forms of authentication and are integrating them into their phishing e-mails. As the use of SSO allows attackers to access multiple accounts with a single set of credentials, actors can implement phishing themes that may have nothing to do with salary increases, yet still result in direct deposit alteration. Subject: Important Salary Notification As part of <institution name> standard practice to offer salary increases once a year after an annual review, the Human Resources reviewed you for a salary raise on your next paycheck Click below to confirm and access your salary revision documents: Click Here to access the documents Sincerely, Human Resources Example of the text contained within the e-mail
TLP: GREEN TLP: GREEN While educating end users about the dangers of phishing and providing real world examples of what indicators to look for is always a great practice for creating a human line of defense, universities and colleges can institute additional measures to help defend their employees from these attacks. It is important to take into consideration that adding some controls may result in increased costs that entities may or may not be willing to absorb. Suggested defensive measures include: Remove self-service direct deposit capabilities, when practical. Add two-factor authentication or VPN requirements. This may not completely stop attacks but it makes  the  attacker’s  work  more  difficult.   Send e-mail alerts to users when direct deposit information has been changed. As mentioned previously, this can be circumvented in some cases. Redact sensitive information available to the user in the online system. This will only stop the further loss of personal information such as SSN. Require users to enter additional information, like an account number or pin. Attackers who know this can adjust their phishing messages to adapt. Implement back-end systems that inspect for suspicious direct deposit account changes, such as those from unusual geographic locations, duplicate DD account numbers, unusual destination account routing numbers. Contact information sharing communities such as the ISAC serving your sector to stay informed concerning new attacks and to share your own experience. Be cautious about sending emails to users that link them directly to login pages, as it could have the unintended consequence of training users to be susceptible to phishing. Users should be cautious when accessing e-mail and never send account information to others. In addition, users should use caution and double-check the URL when viewing e-mails that prompt an individual to login to verify it belongs to their institution. Further recommendations on phishing defense can be found on the US-CERT website.7 Points of Contact National Cybersecurity and Communications Integration Center (NCCIC)8 The mission of the NCCIC is to operate at the intersection of the private sector, civilian, law enforcement, intelligence, and defense communities, applying unique analytic perspectives, ensuring shared situational awareness, and orchestrating synchronized response efforts while protecting the Constitutional and privacy rights of Americans in both the cybersecurity and communications domains. NCCIC@hq.dhs.gov (888) 282-0870 Research and Education Networking Information Sharing and Analysis Center (REN-ISAC)9 The mission of the REN-ISAC mission is to aid and promote cybersecurity operational protection and response within the research and higher education (R&E) communities. SOC@REN-ISAC.net 24x7 Watch Desk (317) 278-6630 The Multi-State Information Sharing and Analysis Center (MS-ISAC)10 The mission of the MS-ISAC is to improve the overall cyber security posture of state, local, territorial and tribal governments. Public educational institutions (both K-12 and higher education) are part of this mission space, under the umbrella of state and local governments. SOC@msisac.org (866) 787-4722 | (518) 266-3488
TLP: GREEN TLP: GREEN References *NOTE: Webpages may change or become unavailable over time. 1 http://cis.tamu.edu/news/2013/07/Nine_A_M_accounts_compromised_direct_deposit_altered.php 2 http://www.boston.com/yourcampus/news/boston_university/2014/01/bu_employee_direct_deposit_pay_stolen_through_alleged_internet_scam. html 3 http://www.annarbor.com/news/university-of-michigan-spear-phishing/ 4 https://it.usu.edu/computer-security/computer-security-threats/articleID=25294 5 Public Service Announcement, Prepared by the Internet Crime Complaint Center (IC3); http://www.ic3.gov/media/2014/140505.aspx 6 http://wiki.fool.com/When_Is_the_Fiscal_Year%3F 7 https://www.us-cert.gov/ncas/tips/ST04-014 8 http://www.dhs.gov/about-national-cybersecurity-communications-integration-center 9 http://www.ren-isac.net/ 10 http://msisac.cisecurity.org/

Recommended

Learning to detect phishing ur ls
Learning to detect phishing ur lsLearning to detect phishing ur ls
Learning to detect phishing ur ls
eSAT Publishing House
 
A SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMY
A SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMYA SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMY
A SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMY
IJNSA Journal
 
FEATURE SELECTION-MODEL-BASED CONTENT ANALYSIS FOR COMBATING WEB SPAM
FEATURE SELECTION-MODEL-BASED CONTENT ANALYSIS FOR COMBATING WEB SPAM FEATURE SELECTION-MODEL-BASED CONTENT ANALYSIS FOR COMBATING WEB SPAM
FEATURE SELECTION-MODEL-BASED CONTENT ANALYSIS FOR COMBATING WEB SPAM
csandit
 
Significant factors for Detecting Redirection Spam
Significant factors for Detecting Redirection SpamSignificant factors for Detecting Redirection Spam
Significant factors for Detecting Redirection Spam
ijtsrd
 
IRJET - Phishing Attack Detection and Prevention using Linkguard Algorithm
IRJET - Phishing Attack Detection and Prevention using Linkguard AlgorithmIRJET - Phishing Attack Detection and Prevention using Linkguard Algorithm
IRJET - Phishing Attack Detection and Prevention using Linkguard Algorithm
IRJET Journal
 
Research Report
Research ReportResearch Report
Research ReportTianrui Peng
 
GOOGLE SEARCH ALGORITHM UPDATES AGAINST WEB SPAM
GOOGLE SEARCH ALGORITHM UPDATES AGAINST WEB SPAMGOOGLE SEARCH ALGORITHM UPDATES AGAINST WEB SPAM
GOOGLE SEARCH ALGORITHM UPDATES AGAINST WEB SPAM
ieijjournal
 
IRJET - An Automated System for Detection of Social Engineering Phishing Atta...
IRJET - An Automated System for Detection of Social Engineering Phishing Atta...IRJET - An Automated System for Detection of Social Engineering Phishing Atta...
IRJET - An Automated System for Detection of Social Engineering Phishing Atta...
IRJET Journal
 

Recommended

Learning to detect phishing ur ls
Learning to detect phishing ur lsLearning to detect phishing ur ls
Learning to detect phishing ur ls
eSAT Publishing House
 
A SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMY
A SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMYA SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMY
A SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMY
IJNSA Journal
 
FEATURE SELECTION-MODEL-BASED CONTENT ANALYSIS FOR COMBATING WEB SPAM
FEATURE SELECTION-MODEL-BASED CONTENT ANALYSIS FOR COMBATING WEB SPAM FEATURE SELECTION-MODEL-BASED CONTENT ANALYSIS FOR COMBATING WEB SPAM
FEATURE SELECTION-MODEL-BASED CONTENT ANALYSIS FOR COMBATING WEB SPAM
csandit
 
Significant factors for Detecting Redirection Spam
Significant factors for Detecting Redirection SpamSignificant factors for Detecting Redirection Spam
Significant factors for Detecting Redirection Spam
ijtsrd
 
IRJET - Phishing Attack Detection and Prevention using Linkguard Algorithm
IRJET - Phishing Attack Detection and Prevention using Linkguard AlgorithmIRJET - Phishing Attack Detection and Prevention using Linkguard Algorithm
IRJET - Phishing Attack Detection and Prevention using Linkguard Algorithm
IRJET Journal
 
Research Report
Research ReportResearch Report
Research ReportTianrui Peng
 
GOOGLE SEARCH ALGORITHM UPDATES AGAINST WEB SPAM
GOOGLE SEARCH ALGORITHM UPDATES AGAINST WEB SPAMGOOGLE SEARCH ALGORITHM UPDATES AGAINST WEB SPAM
GOOGLE SEARCH ALGORITHM UPDATES AGAINST WEB SPAM
ieijjournal
 
IRJET - An Automated System for Detection of Social Engineering Phishing Atta...
IRJET - An Automated System for Detection of Social Engineering Phishing Atta...IRJET - An Automated System for Detection of Social Engineering Phishing Atta...
IRJET - An Automated System for Detection of Social Engineering Phishing Atta...
IRJET Journal
 
Sample Referral Source Definition Policy
Sample Referral Source Definition PolicySample Referral Source Definition Policy
Sample Referral Source Definition Policy
Marcus Hanscom
 
Spam identification fake profile
Spam identification fake profileSpam identification fake profile
Spam identification fake profile
Kamoru Abiodun Balogun(Bsc,MIT,CCNA,OCA,PhD inview UPM)
 
Study to measure value of cc ed falls short 101413
Study to measure value of cc ed falls short 101413Study to measure value of cc ed falls short 101413
Study to measure value of cc ed falls short 101413weigansm
 
Can domain intelligence help healthcare service providers combat data breaches
Can domain intelligence help healthcare service providers combat data breachesCan domain intelligence help healthcare service providers combat data breaches
Can domain intelligence help healthcare service providers combat data breaches
WhoisXML API
 
Social Tagging Of Multimedia Content A Model
Social Tagging Of Multimedia Content A ModelSocial Tagging Of Multimedia Content A Model
Social Tagging Of Multimedia Content A Model
IJMER
 
Integrated heterogeneous social networking sites
Integrated heterogeneous social networking sitesIntegrated heterogeneous social networking sites
Integrated heterogeneous social networking sites
eSAT Journals
 
Seminar on detecting fake accounts in social media using machine learning
Seminar on detecting fake accounts in social media using machine learningSeminar on detecting fake accounts in social media using machine learning
Seminar on detecting fake accounts in social media using machine learning
Parvathi Sanil Nair
 
Thematic and self learning method for
Thematic and self learning method forThematic and self learning method for
Thematic and self learning method for
ijcsa
 
Journeying themes of data mining in felon and law enforcement agency profiling
Journeying themes of data mining in felon and law enforcement agency profilingJourneying themes of data mining in felon and law enforcement agency profiling
Journeying themes of data mining in felon and law enforcement agency profiling
eSAT Journals
 
Case scenario a membership organization/tutorialoutlet
Case scenario a membership organization/tutorialoutletCase scenario a membership organization/tutorialoutlet
Case scenario a membership organization/tutorialoutlet
Lunness
 
Spammer taxonomy using scientific approach
Spammer taxonomy using scientific approachSpammer taxonomy using scientific approach
Spammer taxonomy using scientific approach
Kamoru Abiodun Balogun(Bsc,MIT,CCNA,OCA,PhD inview UPM)
 
A survey on identification of ranking fraud for mobile applications
A survey on identification of ranking fraud for mobile applicationsA survey on identification of ranking fraud for mobile applications
A survey on identification of ranking fraud for mobile applications
eSAT Journals
 
Matthew Fisch Specializes in Cyber Security
Matthew Fisch Specializes in Cyber SecurityMatthew Fisch Specializes in Cyber Security
Matthew Fisch Specializes in Cyber Security
worldwidebranding
 
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKSCERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
csandit
 
The Evolution of Phising Attacks
The Evolution of Phising AttacksThe Evolution of Phising Attacks
The Evolution of Phising Attacks
Bee_Ware
 
A LITERATURE REVIEW ON PHISHING EMAIL DETECTION USING DATA MINING
A LITERATURE REVIEW ON PHISHING EMAIL DETECTION USING DATA MININGA LITERATURE REVIEW ON PHISHING EMAIL DETECTION USING DATA MINING
A LITERATURE REVIEW ON PHISHING EMAIL DETECTION USING DATA MINING
Heather Strinden
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
IRJET Journal
 
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenProtecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
CMR WORLD TECH
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing Techniques
IRJET Journal
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
EMC
 
Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing
- Mark - Fullbright
 
Literature Review.docx
Literature Review.docxLiterature Review.docx
Literature Review.docx
AliAgral2
 

More Related Content

What's hot

Sample Referral Source Definition Policy
Sample Referral Source Definition PolicySample Referral Source Definition Policy
Sample Referral Source Definition Policy
Marcus Hanscom
 
Spam identification fake profile
Spam identification fake profileSpam identification fake profile
Spam identification fake profile
Kamoru Abiodun Balogun(Bsc,MIT,CCNA,OCA,PhD inview UPM)
 
Study to measure value of cc ed falls short 101413
Study to measure value of cc ed falls short 101413Study to measure value of cc ed falls short 101413
Study to measure value of cc ed falls short 101413weigansm
 
Can domain intelligence help healthcare service providers combat data breaches
Can domain intelligence help healthcare service providers combat data breachesCan domain intelligence help healthcare service providers combat data breaches
Can domain intelligence help healthcare service providers combat data breaches
WhoisXML API
 
Social Tagging Of Multimedia Content A Model
Social Tagging Of Multimedia Content A ModelSocial Tagging Of Multimedia Content A Model
Social Tagging Of Multimedia Content A Model
IJMER
 
Integrated heterogeneous social networking sites
Integrated heterogeneous social networking sitesIntegrated heterogeneous social networking sites
Integrated heterogeneous social networking sites
eSAT Journals
 
Seminar on detecting fake accounts in social media using machine learning
Seminar on detecting fake accounts in social media using machine learningSeminar on detecting fake accounts in social media using machine learning
Seminar on detecting fake accounts in social media using machine learning
Parvathi Sanil Nair
 
Thematic and self learning method for
Thematic and self learning method forThematic and self learning method for
Thematic and self learning method for
ijcsa
 
Journeying themes of data mining in felon and law enforcement agency profiling
Journeying themes of data mining in felon and law enforcement agency profilingJourneying themes of data mining in felon and law enforcement agency profiling
Journeying themes of data mining in felon and law enforcement agency profiling
eSAT Journals
 
Case scenario a membership organization/tutorialoutlet
Case scenario a membership organization/tutorialoutletCase scenario a membership organization/tutorialoutlet
Case scenario a membership organization/tutorialoutlet
Lunness
 
Spammer taxonomy using scientific approach
Spammer taxonomy using scientific approachSpammer taxonomy using scientific approach
Spammer taxonomy using scientific approach
Kamoru Abiodun Balogun(Bsc,MIT,CCNA,OCA,PhD inview UPM)
 
A survey on identification of ranking fraud for mobile applications
A survey on identification of ranking fraud for mobile applicationsA survey on identification of ranking fraud for mobile applications
A survey on identification of ranking fraud for mobile applications
eSAT Journals
 

What's hot (12)

Sample Referral Source Definition Policy
Sample Referral Source Definition PolicySample Referral Source Definition Policy
Sample Referral Source Definition Policy
 
Spam identification fake profile
Spam identification fake profileSpam identification fake profile
Spam identification fake profile
 
Study to measure value of cc ed falls short 101413
Study to measure value of cc ed falls short 101413Study to measure value of cc ed falls short 101413
Study to measure value of cc ed falls short 101413
 
Can domain intelligence help healthcare service providers combat data breaches
Can domain intelligence help healthcare service providers combat data breachesCan domain intelligence help healthcare service providers combat data breaches
Can domain intelligence help healthcare service providers combat data breaches
 
Social Tagging Of Multimedia Content A Model
Social Tagging Of Multimedia Content A ModelSocial Tagging Of Multimedia Content A Model
Social Tagging Of Multimedia Content A Model
 
Integrated heterogeneous social networking sites
Integrated heterogeneous social networking sitesIntegrated heterogeneous social networking sites
Integrated heterogeneous social networking sites
 
Seminar on detecting fake accounts in social media using machine learning
Seminar on detecting fake accounts in social media using machine learningSeminar on detecting fake accounts in social media using machine learning
Seminar on detecting fake accounts in social media using machine learning
 
Thematic and self learning method for
Thematic and self learning method forThematic and self learning method for
Thematic and self learning method for
 
Journeying themes of data mining in felon and law enforcement agency profiling
Journeying themes of data mining in felon and law enforcement agency profilingJourneying themes of data mining in felon and law enforcement agency profiling
Journeying themes of data mining in felon and law enforcement agency profiling
 
Case scenario a membership organization/tutorialoutlet
Case scenario a membership organization/tutorialoutletCase scenario a membership organization/tutorialoutlet
Case scenario a membership organization/tutorialoutlet
 
Spammer taxonomy using scientific approach
Spammer taxonomy using scientific approachSpammer taxonomy using scientific approach
Spammer taxonomy using scientific approach
 
A survey on identification of ranking fraud for mobile applications
A survey on identification of ranking fraud for mobile applicationsA survey on identification of ranking fraud for mobile applications
A survey on identification of ranking fraud for mobile applications
 

Similar to University Payroll Theft Scheme

Matthew Fisch Specializes in Cyber Security
Matthew Fisch Specializes in Cyber SecurityMatthew Fisch Specializes in Cyber Security
Matthew Fisch Specializes in Cyber Security
worldwidebranding
 
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKSCERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
csandit
 
The Evolution of Phising Attacks
The Evolution of Phising AttacksThe Evolution of Phising Attacks
The Evolution of Phising Attacks
Bee_Ware
 
A LITERATURE REVIEW ON PHISHING EMAIL DETECTION USING DATA MINING
A LITERATURE REVIEW ON PHISHING EMAIL DETECTION USING DATA MININGA LITERATURE REVIEW ON PHISHING EMAIL DETECTION USING DATA MINING
A LITERATURE REVIEW ON PHISHING EMAIL DETECTION USING DATA MINING
Heather Strinden
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
IRJET Journal
 
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenProtecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
CMR WORLD TECH
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing Techniques
IRJET Journal
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
EMC
 
Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing
- Mark - Fullbright
 
Literature Review.docx
Literature Review.docxLiterature Review.docx
Literature Review.docx
AliAgral2
 
Phishing URL Detection using LSTM Based Ensemble Learning Approaches
Phishing URL Detection using LSTM Based Ensemble Learning ApproachesPhishing URL Detection using LSTM Based Ensemble Learning Approaches
Phishing URL Detection using LSTM Based Ensemble Learning Approaches
IJCNCJournal
 
PHISHING URL DETECTION USING LSTM BASED ENSEMBLE LEARNING APPROACHES
PHISHING URL DETECTION USING LSTM BASED ENSEMBLE LEARNING APPROACHESPHISHING URL DETECTION USING LSTM BASED ENSEMBLE LEARNING APPROACHES
PHISHING URL DETECTION USING LSTM BASED ENSEMBLE LEARNING APPROACHES
IJCNCJournal
 
A COMPREHENSIVE SURVEY OF PHISHING ATTACKS AND DEFENCES: HUMAN FACTORS, TRAIN...
A COMPREHENSIVE SURVEY OF PHISHING ATTACKS AND DEFENCES: HUMAN FACTORS, TRAIN...A COMPREHENSIVE SURVEY OF PHISHING ATTACKS AND DEFENCES: HUMAN FACTORS, TRAIN...
A COMPREHENSIVE SURVEY OF PHISHING ATTACKS AND DEFENCES: HUMAN FACTORS, TRAIN...
IJNSA Journal
 
Running head SOCIAL ENGINEERING1SOCIAL ENGINEERING 6As a .docx
Running head SOCIAL ENGINEERING1SOCIAL ENGINEERING 6As a .docxRunning head SOCIAL ENGINEERING1SOCIAL ENGINEERING 6As a .docx
Running head SOCIAL ENGINEERING1SOCIAL ENGINEERING 6As a .docx
todd521
 
Review of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attackReview of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attack
journalBEEI
 
The Impact of Frequent Use Email When Creating Account at the Websites on the...
The Impact of Frequent Use Email When Creating Account at the Websites on the...The Impact of Frequent Use Email When Creating Account at the Websites on the...
The Impact of Frequent Use Email When Creating Account at the Websites on the...
ijcsit
 
Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)
Alexander Decker
 
All About Phishing Exploring User Research Through A Systematic Literature R...
All About Phishing Exploring User Research Through A Systematic Literature R...All About Phishing Exploring User Research Through A Systematic Literature R...
All About Phishing Exploring User Research Through A Systematic Literature R...
Gina Rizzo
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing Attacks
Rapid7
 

Similar to University Payroll Theft Scheme (20)

Matthew Fisch Specializes in Cyber Security
Matthew Fisch Specializes in Cyber SecurityMatthew Fisch Specializes in Cyber Security
Matthew Fisch Specializes in Cyber Security
 
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKSCERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
 
The Evolution of Phising Attacks
The Evolution of Phising AttacksThe Evolution of Phising Attacks
The Evolution of Phising Attacks
 
A LITERATURE REVIEW ON PHISHING EMAIL DETECTION USING DATA MINING
A LITERATURE REVIEW ON PHISHING EMAIL DETECTION USING DATA MININGA LITERATURE REVIEW ON PHISHING EMAIL DETECTION USING DATA MINING
A LITERATURE REVIEW ON PHISHING EMAIL DETECTION USING DATA MINING
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenProtecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing Techniques
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
 
Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing
 
Literature Review.docx
Literature Review.docxLiterature Review.docx
Literature Review.docx
 
Phishing URL Detection using LSTM Based Ensemble Learning Approaches
Phishing URL Detection using LSTM Based Ensemble Learning ApproachesPhishing URL Detection using LSTM Based Ensemble Learning Approaches
Phishing URL Detection using LSTM Based Ensemble Learning Approaches
 
PHISHING URL DETECTION USING LSTM BASED ENSEMBLE LEARNING APPROACHES
PHISHING URL DETECTION USING LSTM BASED ENSEMBLE LEARNING APPROACHESPHISHING URL DETECTION USING LSTM BASED ENSEMBLE LEARNING APPROACHES
PHISHING URL DETECTION USING LSTM BASED ENSEMBLE LEARNING APPROACHES
 
Csd6059
Csd6059Csd6059
Csd6059
 
A COMPREHENSIVE SURVEY OF PHISHING ATTACKS AND DEFENCES: HUMAN FACTORS, TRAIN...
A COMPREHENSIVE SURVEY OF PHISHING ATTACKS AND DEFENCES: HUMAN FACTORS, TRAIN...A COMPREHENSIVE SURVEY OF PHISHING ATTACKS AND DEFENCES: HUMAN FACTORS, TRAIN...
A COMPREHENSIVE SURVEY OF PHISHING ATTACKS AND DEFENCES: HUMAN FACTORS, TRAIN...
 
Running head SOCIAL ENGINEERING1SOCIAL ENGINEERING 6As a .docx
Running head SOCIAL ENGINEERING1SOCIAL ENGINEERING 6As a .docxRunning head SOCIAL ENGINEERING1SOCIAL ENGINEERING 6As a .docx
Running head SOCIAL ENGINEERING1SOCIAL ENGINEERING 6As a .docx
 
Review of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attackReview of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attack
 
The Impact of Frequent Use Email When Creating Account at the Websites on the...
The Impact of Frequent Use Email When Creating Account at the Websites on the...The Impact of Frequent Use Email When Creating Account at the Websites on the...
The Impact of Frequent Use Email When Creating Account at the Websites on the...
 
Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)
 
All About Phishing Exploring User Research Through A Systematic Literature R...
All About Phishing Exploring User Research Through A Systematic Literature R...All About Phishing Exploring User Research Through A Systematic Literature R...
All About Phishing Exploring User Research Through A Systematic Literature R...
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing Attacks
 

More from worldwidebranding

Rebecca Scott Young - Rich Tips for a Lifetime
Rebecca Scott Young - Rich Tips for a LifetimeRebecca Scott Young - Rich Tips for a Lifetime
Rebecca Scott Young - Rich Tips for a Lifetime
worldwidebranding
 
William M. Sullivan Jr. - Partner, Pillsbury Winthrop Shaw Pittman LLP
William M. Sullivan Jr. - Partner, Pillsbury Winthrop Shaw Pittman LLPWilliam M. Sullivan Jr. - Partner, Pillsbury Winthrop Shaw Pittman LLP
William M. Sullivan Jr. - Partner, Pillsbury Winthrop Shaw Pittman LLPworldwidebranding
 
2014 Trustwave Global Security Report
2014 Trustwave Global Security Report2014 Trustwave Global Security Report
2014 Trustwave Global Security Reportworldwidebranding
 
Maureen Pastine - Pastime with Pastine
Maureen Pastine - Pastime with PastineMaureen Pastine - Pastime with Pastine
Maureen Pastine - Pastime with Pastineworldwidebranding
 
Mary-Louise Fleming, Ph.D. CV
Mary-Louise Fleming, Ph.D. CVMary-Louise Fleming, Ph.D. CV
Mary-Louise Fleming, Ph.D. CV
worldwidebranding
 
Michael Harrington - C-Level Profile
Michael Harrington - C-Level ProfileMichael Harrington - C-Level Profile
Michael Harrington - C-Level Profileworldwidebranding
 
Michael Harrington - Corporate Operations Resume
Michael Harrington - Corporate Operations ResumeMichael Harrington - Corporate Operations Resume
Michael Harrington - Corporate Operations Resumeworldwidebranding
 
Michael Harrington - NYS Letter of Recommendation
Michael Harrington - NYS Letter of RecommendationMichael Harrington - NYS Letter of Recommendation
Michael Harrington - NYS Letter of Recommendationworldwidebranding
 
Michael Harrington - Baltimore County, MD Recommendation Letter
Michael Harrington - Baltimore County, MD Recommendation LetterMichael Harrington - Baltimore County, MD Recommendation Letter
Michael Harrington - Baltimore County, MD Recommendation Letterworldwidebranding
 
Michael Harrington - Program Project Management Resume
Michael Harrington - Program Project Management ResumeMichael Harrington - Program Project Management Resume
Michael Harrington - Program Project Management Resumeworldwidebranding
 

More from worldwidebranding (20)

Ilan Zachar's Resume
Ilan Zachar's ResumeIlan Zachar's Resume
Ilan Zachar's Resume
 
Kelvin Chan's Publications
Kelvin Chan's PublicationsKelvin Chan's Publications
Kelvin Chan's Publications
 
Rebecca Scott Young - Rich Tips for a Lifetime
Rebecca Scott Young - Rich Tips for a LifetimeRebecca Scott Young - Rich Tips for a Lifetime
Rebecca Scott Young - Rich Tips for a Lifetime
 
William M. Sullivan Jr. - Partner, Pillsbury Winthrop Shaw Pittman LLP
William M. Sullivan Jr. - Partner, Pillsbury Winthrop Shaw Pittman LLPWilliam M. Sullivan Jr. - Partner, Pillsbury Winthrop Shaw Pittman LLP
William M. Sullivan Jr. - Partner, Pillsbury Winthrop Shaw Pittman LLP
 
INTSUM
INTSUMINTSUM
INTSUM
 
2014 Trustwave Global Security Report
2014 Trustwave Global Security Report2014 Trustwave Global Security Report
2014 Trustwave Global Security Report
 
Maureen Pastine - Pastime with Pastine
Maureen Pastine - Pastime with PastineMaureen Pastine - Pastime with Pastine
Maureen Pastine - Pastime with Pastine
 
Maureen Pastine
Maureen PastineMaureen Pastine
Maureen Pastine
 
Rosemary Sharp Resume
Rosemary Sharp ResumeRosemary Sharp Resume
Rosemary Sharp Resume
 
Rosemary Sharp's Resume
Rosemary Sharp's ResumeRosemary Sharp's Resume
Rosemary Sharp's Resume
 
Mary-Louise Fleming, Ph.D. CV
Mary-Louise Fleming, Ph.D. CVMary-Louise Fleming, Ph.D. CV
Mary-Louise Fleming, Ph.D. CV
 
Joseph Suhayda Resume
Joseph Suhayda ResumeJoseph Suhayda Resume
Joseph Suhayda Resume
 
Michael Harrington - C-Level Profile
Michael Harrington - C-Level ProfileMichael Harrington - C-Level Profile
Michael Harrington - C-Level Profile
 
Michael Harrington R
Michael Harrington RMichael Harrington R
Michael Harrington R
 
Michael Harrington - Corporate Operations Resume
Michael Harrington - Corporate Operations ResumeMichael Harrington - Corporate Operations Resume
Michael Harrington - Corporate Operations Resume
 
Michael Harrington - NYS Letter of Recommendation
Michael Harrington - NYS Letter of RecommendationMichael Harrington - NYS Letter of Recommendation
Michael Harrington - NYS Letter of Recommendation
 
Michael Harrington - Baltimore County, MD Recommendation Letter
Michael Harrington - Baltimore County, MD Recommendation LetterMichael Harrington - Baltimore County, MD Recommendation Letter
Michael Harrington - Baltimore County, MD Recommendation Letter
 
Michael Harrington - Program Project Management Resume
Michael Harrington - Program Project Management ResumeMichael Harrington - Program Project Management Resume
Michael Harrington - Program Project Management Resume
 
Susan Friedman Resume
Susan Friedman ResumeSusan Friedman Resume
Susan Friedman Resume
 
Susan Friedman's Resume
Susan Friedman's ResumeSusan Friedman's Resume
Susan Friedman's Resume
 

Recently uploaded

The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th SemesterGuidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Atul Kumar Singh
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
Balvir Singh
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
TechSoup
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 
Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
timhan337
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
DhatriParmar
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
Atul Kumar Singh
 
Normal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of LabourNormal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of Labour
Wasim Ak
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
Tamralipta Mahavidyalaya
 
Chapter -12, Antibiotics (One Page Notes).pdf
Chapter -12, Antibiotics (One Page Notes).pdfChapter -12, Antibiotics (One Page Notes).pdf
Chapter -12, Antibiotics (One Page Notes).pdf
Kartik Tiwari
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 

Recently uploaded (20)

The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th SemesterGuidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th Semester
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
 
Normal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of LabourNormal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of Labour
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
 
Chapter -12, Antibiotics (One Page Notes).pdf
Chapter -12, Antibiotics (One Page Notes).pdfChapter -12, Antibiotics (One Page Notes).pdf
Chapter -12, Antibiotics (One Page Notes).pdf
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 

University Payroll Theft Scheme

  • 1. TLP: GREEN TLP: GREEN Advisory University  Payroll  Theft  Scheme 18  August  2014   DISCLAIMER: This Bulletin is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service referenced in this bulletin or otherwise. This document is marked TLP: GREEN. Recipients may share TLP: GREEN information with peers within their sector or community, but not via publicly accessible channels. For more information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp. Summary This advisory was prepared in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC), Multi-State Information Sharing and Analysis Center (MS-ISAC), and Research and Education Networking Information Sharing and Analysis Center (REN-ISAC). The purpose of this release is to provide relevant and actionable information for prevention and defense. Universities and colleges have been targeted by spearphishing campaigns designed to steal user credentials for many years. Stolen credentials are used for many purposes, including but not limited to sending spam from compromised e-mail accounts, optimizing search engine results for black market pharmaceutical web pages, gaining access to university-licensed resources, and hosting malware. For  roughly  the  past  year,  many  of  these  campaigns  have  used  harvested  credentials  to  alter  victim’s   direct deposit information. Targeted individuals include both faculty and administrators from various departments. Several of the attacks appear to have specifically targeted individuals in university medical and dental programs. These e-mails often, but not always, use subjects related to salary increases to lure victims into clicking on malicious links. Subject lines have included: Your Salary Review Documents Important Salary Notification Your Salary Raise Confirmation connection from unexpected IP RE: Mailbox has exceeded its storage limit. The malicious links contained in these e-mails direct victims to webpages controlled by the attackers that look  nearly  identical  to  their  university’s  legitimate  login  portals.    Once  the  attackers  harvest  the  user’s   credentials, the credentials are used  to  access  the  victim’s  payroll  information  and  re-route direct deposits to an account they control. However, in at least one case, insurance policy information was also changed. The number of personnel targeted in these attacks also varies but reports indicate targets range anywhere from 15 to several hundred. Documented Attacks In December 2013, a University of Western Michigan employee had their direct deposit information altered following a successful phishing attack. The victim claims that his single sign on (SSO) credentials National Cybersecurity and Communications Integration Center
  • 2. TLP: GREEN TLP: GREEN were used to access his e-mail  and  delete  the  university’s  automatically  generated  e-mail notification. Open source reporting highlights several other universities that have been impacted by similar campaigns. These include: Boston University in early January 2014, Texas A&M in July 2013, the University of Iowa in November of 2013, and the University of Michigan in August of 2013.1,2,3,4 While only a few cases have been reported in the media, estimates of impacted universities and colleges are much larger. To address these attacks, several entities have released public and private alerts on this activity throughout the past year to include the MS-ISAC, the REN-ISAC, the FBI and The Internet Crime Complaint Center (IC3) among others.5 Attack Details While it is possible that the attackers behind these campaigns have been launching similar attacks on other sectors, there are several reasons why higher educational institutions would be an attractive target. Most universities and colleges provide access to a wide variety of information regarding their technology environment in an effort to support their global research and education missions. Access to this information allows attackers to more easily conduct reconnaissance prior to an attack. E-mail contact information for faculty and staff can also be easily accessed and used by attackers to create target lists for their campaigns. In at least one case, a university confirmed that the list of phishing recipients was generated using a scrape of email addresses on the public campus website. The university assessed that this was likely the reason  faculty,  rather  than  staff,  were  the  primary  targets  as  this  University’s  website  contains  faculty   profiles with email addresses, but few staff email addresses. Though attempting to harvest credentials through phishing is a common practice, certain aspects of this campaign indicate that attackers are specifically targeting university and college personnel and conducting some level of reconnaissance prior to their attack. Though it is unknown if these attacks are being conducted by a single group or multiple groups, the tactics, techniques, and procedures (TTPs) used in many of the attacks share very similar characteristics. Some TTPs Include: Examples of URLs created to resemble legitimate URLs include: Altering direct deposit account information Spoofed to appear as if message came from the appropriate  department,  e.g.  HR  for  “salary  increase”   lures  or  IT  department  if  “mailbox  exceeded” Spoofed login screens that are a close replica of legitimate login screen Targeting of faculty and staff Using university images within e-mails text Spoofed institutional-specific prompts for additional credential information, e.g., PINS, bank account numbers. URLs mimicking legitimate (and accessible) portal URLs Use  of  the  “salary  increase”  approach  seems  to   coincide with end of the fiscal year. hxxp://*.ru/www.<domain>.edu/Login.htm hxxp://*.it/www.<domain>.edu/Login.htm hxxp://*.com/<domain>/<domain>.edu.htm hxxp://*.ru/www.<domain>.edu/IPalertsystem/WebLogin.htm hxxp://*.it/www.<domain>.edu/IPalertsystem/WebLogin.htm hxxp://*.ru/www.<domain>.edu/<domain>/logon.aspx.htm hxxp://.../energynews/support/<domain>/<domain>.edu.htm hxxp://*.ru/www.usu.edu/Login.htm “<domain>”  refers  to  the  affected  institution,  for  example: Host  information,  represented  by  “*”  in  e.g.  *.ru,  changes  over   time and has been seen to include the use of legitimate domains that are either compromised or misused  for  the  attacker’s  purpose.
  • 3. TLP: GREEN TLP: GREEN The phishing e-mails have contained official institutional images; often via an HTML image link direct to the resource. Examples of spoofed sender e-mail addresses include: HRresources @<domain>.edu employeebenefits @<domain>.edu In addition, actors appear to be aware of institution- specific requirements for updating banking information. For example, if the university requires a Personal Identification Number (PIN) or bank account number to change existing settings, the spoofed login screens may prompt users for this information. The timing of some of these attacks has also been observed coinciding with the end of the fiscal year for many universities and colleges (July 1). This is often when institutions give their employees salary increases,6 and may help add to the perceived legitimacy of the e-mails. These factors all contribute to a relatively well-planned campaign with an increased likelihood of deceiving unsuspecting users into divulging their personal information. While malicious IPs and IP ranges change over time and may or may not be useful as long-term indicators of compromise (IoC), below are IP ranges observed to be associated as the sources of some of these attacks: 41. 190.2.0/24 41. 190.3.0/24 108. 61.0.0/16 range Prevention Techniques In an effort to defend against this threat, some institutions set up e-mail alerts which were sent to individuals when payroll information was altered. Following this, some universities reported victims were successfully alerted of malicious activity right away. However, in some instances, attackers were able to access victim e-mail accounts and delete alert messages prior to the victim reading them. This is possibly due to the use of single sign on SSO. Single sign on is a form of user authentication that allows a user to access multiple applications with a single set of login credentials. Some institutions require the use of additional forms of identification when accessing higher risk data like payroll information. However, as mentioned earlier, actors seem to be aware of these additional forms of authentication and are integrating them into their phishing e-mails. As the use of SSO allows attackers to access multiple accounts with a single set of credentials, actors can implement phishing themes that may have nothing to do with salary increases, yet still result in direct deposit alteration. Subject: Important Salary Notification As part of <institution name> standard practice to offer salary increases once a year after an annual review, the Human Resources reviewed you for a salary raise on your next paycheck Click below to confirm and access your salary revision documents: Click Here to access the documents Sincerely, Human Resources Example of the text contained within the e-mail
  • 4. TLP: GREEN TLP: GREEN While educating end users about the dangers of phishing and providing real world examples of what indicators to look for is always a great practice for creating a human line of defense, universities and colleges can institute additional measures to help defend their employees from these attacks. It is important to take into consideration that adding some controls may result in increased costs that entities may or may not be willing to absorb. Suggested defensive measures include: Remove self-service direct deposit capabilities, when practical. Add two-factor authentication or VPN requirements. This may not completely stop attacks but it makes  the  attacker’s  work  more  difficult.   Send e-mail alerts to users when direct deposit information has been changed. As mentioned previously, this can be circumvented in some cases. Redact sensitive information available to the user in the online system. This will only stop the further loss of personal information such as SSN. Require users to enter additional information, like an account number or pin. Attackers who know this can adjust their phishing messages to adapt. Implement back-end systems that inspect for suspicious direct deposit account changes, such as those from unusual geographic locations, duplicate DD account numbers, unusual destination account routing numbers. Contact information sharing communities such as the ISAC serving your sector to stay informed concerning new attacks and to share your own experience. Be cautious about sending emails to users that link them directly to login pages, as it could have the unintended consequence of training users to be susceptible to phishing. Users should be cautious when accessing e-mail and never send account information to others. In addition, users should use caution and double-check the URL when viewing e-mails that prompt an individual to login to verify it belongs to their institution. Further recommendations on phishing defense can be found on the US-CERT website.7 Points of Contact National Cybersecurity and Communications Integration Center (NCCIC)8 The mission of the NCCIC is to operate at the intersection of the private sector, civilian, law enforcement, intelligence, and defense communities, applying unique analytic perspectives, ensuring shared situational awareness, and orchestrating synchronized response efforts while protecting the Constitutional and privacy rights of Americans in both the cybersecurity and communications domains. NCCIC@hq.dhs.gov (888) 282-0870 Research and Education Networking Information Sharing and Analysis Center (REN-ISAC)9 The mission of the REN-ISAC mission is to aid and promote cybersecurity operational protection and response within the research and higher education (R&E) communities. SOC@REN-ISAC.net 24x7 Watch Desk (317) 278-6630 The Multi-State Information Sharing and Analysis Center (MS-ISAC)10 The mission of the MS-ISAC is to improve the overall cyber security posture of state, local, territorial and tribal governments. Public educational institutions (both K-12 and higher education) are part of this mission space, under the umbrella of state and local governments. SOC@msisac.org (866) 787-4722 | (518) 266-3488
  • 5. TLP: GREEN TLP: GREEN References *NOTE: Webpages may change or become unavailable over time. 1 http://cis.tamu.edu/news/2013/07/Nine_A_M_accounts_compromised_direct_deposit_altered.php 2 http://www.boston.com/yourcampus/news/boston_university/2014/01/bu_employee_direct_deposit_pay_stolen_through_alleged_internet_scam. html 3 http://www.annarbor.com/news/university-of-michigan-spear-phishing/ 4 https://it.usu.edu/computer-security/computer-security-threats/articleID=25294 5 Public Service Announcement, Prepared by the Internet Crime Complaint Center (IC3); http://www.ic3.gov/media/2014/140505.aspx 6 http://wiki.fool.com/When_Is_the_Fiscal_Year%3F 7 https://www.us-cert.gov/ncas/tips/ST04-014 8 http://www.dhs.gov/about-national-cybersecurity-communications-integration-center 9 http://www.ren-isac.net/ 10 http://msisac.cisecurity.org/