Examples of phishing messages
Warning about active phishing against Tampere University users
For the past few months Tampere University has been a target of exceptionally active phishing. Some of the phishing messages have been sent from external addresses and some from compromised TUNI accounts. Probably the phishing will go on and you may receive new phishing messages. Phishing messages are often sent at end of office hours, in the evening or during weekend when administrators are not at work.
TUNI IT Services never sends messages like this to their users, especially messages with links to external addresses. Please delete these phishing messages and do not click links in the messages.
Usually phishing is used to gain control of user email accounts and to send phishing messages and junk email. TUNI IT Services has received a lot of reports about the phishing messages from our users.
If you receive a phishing message, please report it to IT Helpdesk
If you have already clicked link to the phishing site and if you have written your account information to the web page, please change your password immediately.
https://id.tuni.fi/
Also report the incident to it-helpdesk [at] tuni.fi
If you have not clicked links in any of the phishing messages, your account is not compromised. However, if you want you can change your password following instructions above.
Examples of recent phishing attempts
Hyvä henkilökunta / työntekijät
Päivitämme kaikki sähköpostitilit viimeisimmäksi Outlook Web App -päivitykseksi. Siksi kaikkien aktiivisten sähköpostitilien on vahvistettava ja kirjauduttava sisään, jotta päivitys ja siirto tulevat voimaan. Tämän tarkoituksena on parantaa äskettäin vastaanotettujen roskapostien turvallisuutta ja tehokkuutta. Tähän sisältyy myös nopeampi käyttö sähköpostissa, jaetussa kalenterissa ja Web-asiakirjoissa.
Napsauta PÄIVITÄ TILI, jos haluat siirtää ja estää uusia roskapostia.
HUOMAUTUS: Tämän tekemättä jättäminen johtaa tilisi deaktivointiin.
Parhain terveisin,
ITS-asiakaspalvelu
Tietotekniikkapalveluiden toimisto (ITS)
From: xxxxxx.xxxxxxxxxx [at] uta.fi (näyttää kuin olisi lähetetty tililtäsi)
Sent: 19. tammikuutata 2020 22:15
To: xxxxxx.xxxxxxxxxx [at] uta.fi
Subject: I know everything about you
Hello
I am a spyware software developer.
27/10/2019 - On this day I hacked your OS and got full access to your account xxxxxx.xxxxxxxxxx [at] uta.fi
I sent this message from your account
The hacking was carried out using a hardware vulnerability through which you went online.
I went around the security system in the router, installed an exploit there.
When you went online, my exploit downloaded my malicious code (rootkit) to your device.
Why your antivirus did not detect malware? My malware uses the driver, I update its signatures every 3 hours so that your antivirus is silent.
Since then I have been following you (I can connect to your device via the VNC protocol).
That is, I can see absolutely everything that you do, view and download your files and any data to yourself.
I also have access to the camera on your device, and I periodically take photos and videos with you.
At the moment, I have harvested a solid dirt... on you...
I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.
I know what you like adult sites.
Oh, yes... I'm know your secret life, which you are hiding from everyone.
I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.
Believe it turned out very high quality!
I'm sure you don't want to show these files and visiting history to all your contacts.
Transfer $807 to my Bitcoin cryptocurrency wallet: 16877R7pYKMmLJBSZYAPqC5gSTY9R43zim
Just copy and paste the wallet number when transferring.
If you do not know how to do this - ask Google.
My system automatically recognizes the transfer.
As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system.
Good luck!
________________________________________________________________________________
From: Tapio Visakorpi <tapio.visakorpi.tuni.fi [at] gmail.com>
Sent: Monday, January 13, 2020 8:49 AM
To: xxxxxxxxxxxxxxxxxxx (TAU) <xxxxxxxxxx.xxxxxxxxxxx [at] tuni.fi>
Subject: Re: QUICK HELP NEEDED
Please I need you to help me get Apple iTunes card from any local store around or online store, I will reimburse you back when I get back to the office. I need to send it to someone and it is very important. I’m still busy at the meeting and I need to get it sent right away. Please let me know if you can do that now
Dr. Tapio Visakorpi
Dean,Faculty of Medicine and Health Technology
University of Tampere
Kalevantie 4, 33100 Tampere,
Finland
On Mon, 13 Jan 2020 at 09:45, Tapio Visakorpi <tapio.visakorpi.tuni.fi [at] gmail.com> wrote:
I am currently in a meeting and I don't know when the meeting will round off. I would have called you but phone is not allowed. I will want you to handle something for me right away and I will be glad if you can do that for me as soon as possible.
Dr. Tapio Visakorpi
Dean,Faculty of Medicine and Health Technology
University of Tampere
Kalevantie 4, 33100 Tampere,
Finland
On Mon, 13 Jan 2020 at 09:43, xxxxxx xxxxxxxxxx(TAU) <xxxxxx.xxxxxxxx [at] tuni.fi> wrote:
Hello, I am not in Tampere yet, but what is the issue?
-Xxxxxxx
Get Outlook for Android
From: Tapio Visakorpi <tapio.visakorpi.tuni.fi [at] gmail.com>
Sent: Monday, January 13, 2020 8:40:31 AM
To: Xxxxxxx Xxxxxxxxxxx (TAU) <xxxxxx.xxxxxxxxxx [at] tuni.fi>
Subject: QUICK HELP NEEDED
Are you free now?
Dr. Tapio Visakorpi
Dean,Faculty of Medicine and Health Technology
University of Tampere
Kalevantie 4, 33100 Tampere,
Finland
Followi the link and this screen appears (Fake)
