[CCoE Notice] FW:

Luong, Kiet A KDLuong at Central.UH.EDU
Fri Mar 22 09:41:09 CDT 2019 

Good morning,

Looks like the hackers are at it again.  This is similar to the email scam I warned about back in November (attached).  When we analyze this email in detail, we see that:

1.       The “From:” address is a red flag.  The name is Dean Tedesco, but the actual email address is someone else.  Keep in mind that anyone can apply for any email address and use whatever First/Last name they want.  In this case, the hacker found out dean/department heads from websites, public records, etc., then did his/her homework and found all EGR/dept employees to send this email to.

2.       This is why it’s important to use officially assigned UH email addresses.  We know that we can only send emails from @central.uh.edu email addresses, even though we give out @uh.edu email aliases.  Knowing this, and practicing regularly would immediately tell us that the sender WAS NOT the dean/department heads

3.       The vague greeting and signature also are red flags that should raise alert.  If you don’t have an email signature yet, please create one so others will recognize your normal signature and know when an email is a fake.

4.       Putting all these together should be more than enough to let us know this email is a fake.  Remember: although it only takes one red flag to signal that it’s a fake email, but it takes multiple parts of the email to make it legitimate.  For example, hackers can imitate email addresses, that’s why we hover over the “From:” address to verify its true address.  They can also imitate the name of the sender, signatures, logos, etc.

This is probably one of the popular schemes going around to every department, asking employees who respond to buy gift cards, then send the hackers the gift card info.  The employee usually thinks it’s their department head asking them to do this, so they will follow the steps until they finally realize this is suspicious activity.  If anyone initially responded but stopped, you can delete and ignore/block the email address.

Please let me know if you have any questions about this email or any other suspicious emails.  Please always include a brief analysis of suspicious emails so I’ll know what red flags I need to add to the ones you’ve already identified.

Thanks,


Kiet Luong
Director of Engineering Computing
College Information Security Officer
Cullen College of Engineering
University of Houston
Email: KietL at uh.edu<mailto:KietL at uh.edu>
Voice: 713.743.9974

From: Joseph W. Tedesco [mailto:delinepene at gmail.com]
Sent: Friday, March 22, 2019 9:21 AM
To: kietl at uh.edu
Subject:

Good Morning,

Where are you? Please let me know if you are available at this moment. There is something I need you to do. I am going into a meeting now with limited phone calls, so just reply to my email.

Regards
Joseph W. Tedesco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://Bug.EGR.UH.EDU/pipermail/engi-dist/attachments/20190322/3e602032/attachment.html

More information about the Engi-Dist mailing list