The Information Security Office wants to alert students, faculty, and staff of a type of phone scam called Vishing (voice phishing) which uses fake caller-ID data to give the appearance that calls come from a trusted organization (such as UT Arlington). The caller tells people they owe money to the University and a warrant has been issued for their arrest. Next, the caller solicits immediate payment for the alleged debts.
University officials will not contact you in this manner or threaten arrest for non-payment of debts. Verifying UT Arlington debts, including citations, can be done by checking MyMav or visiting the Bursar directly. Be aware that this is a type of social engineering wherein someone uses influence, deception, and persuasion to get information that would otherwise be unavailable to them (which is also known as fraud).
Caller ID is far from proof positive of a caller’s identity or authentication. Don’t trust incoming calls based on Caller ID. Make 100% sure you know to whom you are speaking. If any incoming calls from supposedly legitimate companies ask for any personal information of any kind… it is a scam. It is fraud. Period.
If you receive an unexpected call like this from someone claiming to be from UTA DO NOT provide your credit card information. If you fall victim to the call, contact UT Arlington’s Police Department at 817-272-3381. For information on preventing social engineering and theft, please contact the ISO at email@example.com or call us at 817-272-5487.
For more information about Identity Theft, go to:
For more information about Social Engineering, go to:
The Microsoft Security Advisory (found here) describes a new, un-patched vulnerability in all currently supported versions of Windows except Server 2003. Successful exploitation of this vulnerability would allow an attacker to gain the same rights on the machine as the current user.
Exploitation of this vulnerability requires the user to open a specially crafted Microsoft Office document. Researchers are seeing targeting attacks utilizing this attack.
Prevention: standard behavior rules apply:
- Don’t open attachments from unknown sources
- Don’t click on suspicious links in email
A CIS Cyber Alert (see below) has been published detailing a Phishing campaign that utilizes a weaponized PDF document that exploits a vulnerability in Adobe Reader(CVE-2013-2729). This campaign attempts to entice users to open the attached file by referring to an “Unpaid invoic”(sic)
This campaign is utilizing the Dyre Banking Trojan, focused on stealing banking credentials.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Do not open email attachments from unknown or untrusted sources.
- Limit user account privileges to those required only.
- Remind users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
- Keep all operating system, applications and essential software up to date to mitigate potential exploitation by attackers.
- Ensure that systems are hardened with industry-accepted guidelines.
- Make sure all AV products are up-to-date with their signatures.
- Implement filters at your email gateway for filtering out emails with subject line “Unpaid invoic”. [Note the typo]
Also known as “Poodle”, this vulnerability could allow an attacker to steal web site login information or payment data.
“A vulnerability exists within the SSL version 3.0 protocol… allowing an attacker to hijack and decrypt session cookies that are utilized between a user’s web browser and the web site. This could lead to attackers obtaining enough information to temporarily impersonate web site visitor account logins and/or online payment systems.”
Several important vulnerabilities in Microsoft products, including Windows, Office, .NET, Internet Explorer, were released today along with patch information. They are:
- Vulnerabilities in .NET Framework Could Allow Remote Code Execution (MS14-057)
- Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution (MS14-058)
- Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (MS14-061)
- Cumulative Security Update for Internet Explorer (MS14-056)
- Vulnerability in OLE Could Allow Remote Code Execution (MS14-060)
- Multiple vulnerabilities found in Adobe Flash Player and Adobe AIR could allow an attacker to execute code remotely. (APSB14-22)
- Critical Oracle Patches (http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html)
These Security Advisories will affect many users; student, staff and faculty; so it is important to update your instances of the software mentioned.