Skip to main content

Examples of phishing messages

Tampere University and TAMK

Warning about active phishing against Tampere University users

For the past few months Tampere University has been a target of exceptionally active phishing. Some of the phishing messages have been sent from external addresses and some from compromised TUNI accounts. Probably the phishing will go on and you may receive new phishing messages. Phishing messages are often sent at end of office hours, in the evening or during weekend when administrators are not at work.

TUNI IT Services never sends messages like this to their users, especially messages with links to external addresses. Please delete these phishing messages and do not click links in the messages.

Usually phishing is used to gain control of user email accounts and to send phishing messages and junk email. TUNI IT Services has received a lot of reports about the phishing messages from our users.

If you receive a phishing message, please report it to IT Helpdesk

If you have already clicked link to the phishing site and if you have written your account information to the web page, please change your password immediately.
https://id.tuni.fi/

Also report the incident to it-helpdesk [at] tuni.fi

If you have not clicked links in any of the phishing messages, your account is not compromised. However, if you want you can change your password following instructions above.
 

Examples of recent phishing attempts

Hyvä henkilökunta / työntekijät

Päivitämme kaikki sähköpostitilit viimeisimmäksi Outlook Web App -päivitykseksi. Siksi kaikkien aktiivisten sähköpostitilien on vahvistettava ja kirjauduttava sisään, jotta päivitys ja siirto tulevat voimaan. Tämän tarkoituksena on parantaa äskettäin vastaanotettujen roskapostien turvallisuutta ja tehokkuutta. Tähän sisältyy myös nopeampi käyttö sähköpostissa, jaetussa kalenterissa ja Web-asiakirjoissa.

Napsauta PÄIVITÄ TILI, jos haluat siirtää ja estää uusia roskapostia.

HUOMAUTUS: Tämän tekemättä jättäminen johtaa tilisi deaktivointiin.

Parhain terveisin,

ITS-asiakaspalvelu

Tietotekniikkapalveluiden toimisto (ITS)

 

Phishing 1

 

From: xxxxxx.xxxxxxxxxx [at] uta.fi (näyttää kuin olisi lähetetty tililtäsi)

Sent: 19. tammikuutata 2020 22:15

To: xxxxxx.xxxxxxxxxx [at] uta.fi

Subject: I know everything about you

 

Hello

I am a spyware software de­veloper.

 

27/10/2019 - On this day I hacked your OS and got full access to your account xxxxxx.xxxxxxxxxx [at] uta.fi

I sent this message from your ac­count

The hacking was carried out using a hardware vulnerability through which you went online.

I went around the security system in the router, insta­lled an exploit there.

When you went online, my exploit downloaded my malicious code (rootkit) to your device.

Why your antivirus did not de­tect malware? My malware uses the driver, I update its signatures every 3 hours so that your antivirus is silent.

 

Since then I have been following you (I can connect to your device via the VNC protocol).

That is, I can see absolutely everything that you do, view and download your files and any data to yourself.

I also have access to the camera on your device, and I periodic­ally take photos and videos with you.

At the moment, I have harvested a solid dirt... on you...

I saved all your em­ail and chats from your messangers. I also saved the entire history of the sites you visit.

I know what you like adult sites.

Oh, yes... I'm know your secret life, which you are hi­ding from everyone.

I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.

Believe it turn­ed out very high quality!

I'm sure you don't want to show these file­s and visiting history to all your contacts.

Transfer $807 to my Bitcoin cryptocu­rrency wallet: 16877R7pYKMmLJBSZYAPqC5gSTY9R43zim

Just co­py and paste the wallet number when transferring.

If you do not know how to do this - ask Google.

My system automatically recog­nizes the transfer.

As soon as the specified amount is received, all your data will be destr­oyed from my server, and the rootkit will be automatically remo­ved from your system.

Good luck!

________________________________________________________________________________

From: Tapio Visakorpi <tapio.visakorpi.tuni.fi [at] gmail.com>

Sent: Monday, January 13, 2020 8:49 AM

To: xxxxxxxxxxxxxxxxxxx (TAU) xxxxxxxxxx.xxxxxxxxxxx [at] tuni.fi>

Subject: Re: QUICK HELP NEEDED

Please I need you to help me get Apple iTunes card from any local store around or online store, I will reimburse you back when I get back to the office. I need to send it to someone and it is very important. I’m still busy at the meeting and I need to get it sent right away. Please let me know if you can do that now

Dr. Tapio Visakorpi

Dean,Faculty of Medicine and Health Technology

University of Tampere

Kalevantie 4, 33100 Tampere,

Finland

 

On Mon, 13 Jan 2020 at 09:45, Tapio Visakorpi tapio.visakorpi.tuni.fi [at] gmail.com> wrote:

I am currently in a meeting and I don't know when the meeting will round off. I would have called you but phone is not allowed. I will want you to handle something for me right away and I will be glad if you can do that for me as soon as possible.

Dr. Tapio Visakorpi

Dean,Faculty of Medicine and Health Technology

University of Tampere

Kalevantie 4, 33100 Tampere,

Finland

 

On Mon, 13 Jan 2020 at 09:43, xxxxxx xxxxxxxxxx(TAU) xxxxxx.xxxxxxxx [at] tuni.fi> wrote:

Hello, I am not in Tampere yet, but what is the issue?

-Xxxxxxx

Get Outlook for Android

 

From: Tapio Visakorpi tapio.visakorpi.tuni.fi [at] gmail.com>

Sent: Monday, January 13, 2020 8:40:31 AM

To: Xxxxxxx Xxxxxxxxxxx (TAU) xxxxxx.xxxxxxxxxx [at] tuni.fi>

Subject: QUICK HELP NEEDED

Are you free now?

Dr. Tapio Visakorpi

Dean,Faculty of Medicine and Health Technology

University of Tampere

Kalevantie 4, 33100 Tampere,

Finland

 

Kalastelu Tampere 4
Kalastelu Oulu ensimmäinen viesti

Followi the link and this screen appears (Fake)

Oulun kalastelu jatkuu
Kalastelu_2
Kalastelusivu JYU
Kalastelu esimerkki tampere

 

Published: 16.5.2019
Updated: 31.3.2022