<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1973291417;
mso-list-template-ids:-1449908106;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:2105148661;
mso-list-type:hybrid;
mso-list-template-ids:-1306216592 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1027" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Good morning,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">I wanted to forward this email to make you aware of phishing emails propagating throughout state agencies. PLEASE READ the entire forwarded email from DIR. Details are below describing pdf attachments that
are spoofed (fake) and direct recipients to an external website (which then asks for credentials to different systems/websites). I don’t think we should question every PDFs that we receive, but please follow these quick tips in addition to the ones mentioned
in the forwarded email:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">-be aware of attachments or links that take you other than where you’re expecting.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">-hovering the cursor over the links will correctly identify destinations instead of what is written.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">-always make sure you call or email the sender (from your address book or Skype for business directory) if an attachment or email was not expected from them.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">-emails from UH senders that you don’t normally communicate with should also be deemed suspicious and not automatically accepted as legitimate.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">There are many more SPAM/phishing strategies that I’ve mentioned in the past, so please keep them in mind as well. For new employees, please follow this useful link from the University Information Technology
(UIT) website: http://www.uh.edu/infotech/security/secure-data/spam-phishing<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Kiet Luong<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Director of Engineering Computing<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">College Information Security Officer<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Cullen College of Engineering<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">University of Houston<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Email: <a href="mailto:KietL@uh.edu">
KietL@uh.edu</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Voice: 713.743.9974<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"></a><o:p> </o:p></p>
<p class="MsoNormal">3/19/2018 <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The original notification contained a typo in the domain. The domain the phishing URL attempted to redirect users to is the following: <i>logistihg.org/amy</i>
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thank you,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><img border="0" width="405" height="94" id="Picture_x0020_2" src="cid:image002.png@01D3BF61.45AFFA10"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal">3/16/2018<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">State organizations have seen an increased volume of phishing attempts observed over the last several days. State agencies and institutions of higher education should stress users maintain a high level of vigilance when opening attachments
or links via email, even if the sender is from within the organization or the email appears to come from a legitimate source.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The OCISO has been made aware of multiple incidents at separate state agencies using the same phishing method of masquerading as legitimate DocuSign requests. Variants of the attack are self-propagating and are also seeking to steal common
web and social media login credentials.<o:p></o:p></p>
<p class="MsoNormal">One phishing attempt concerned an email containing a .pdf file via a spoofed DocuSign request that appeared legitimate. As the user opened the .pdf file, the message was propagated to all the user’s outlook contacts. Additional users then
clicked the message as it appeared legitimate and came from an internal email address.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Another phishing attempt occurred through a compromised organizational account. The account was used to send phishing messages stemming from a legitimate organizational email address to both internal and external recipients. The phishing
message also appeared to contain a legitimate DocuSign request, with the compromised user account’s name in the subject line. The phishing site requested users enter various credentials in an apparent attempt to gain access to a variety of accounts.
<o:p></o:p></p>
<p class="MsoNormal">The phishing messages attempted to redirect users to the following domain and IP:<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l1 level1 lfo3">Domain = logistihg.org/army<o:p></o:p></li><li class="MsoNormal" style="mso-list:l1 level1 lfo3">External IP = 132.148.153.113<o:p></o:p></li></ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Users should be cognizant of URLs that do not match hover-text, misleading domain names, poor spelling and grammar, and unexpected requests for action particularly from an apparent DocuSign request.
<o:p></o:p></p>
<p class="MsoNormal">______________________________________________________<o:p></o:p></p>
<p class="MsoNormal"><!--[if gte vml 1]><v:shapetype id="_x0000_t75" coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f">
<v:stroke joinstyle="miter" />
<v:formulas>
<v:f eqn="if lineDrawn pixelLineWidth 0" />
<v:f eqn="sum @0 1 0" />
<v:f eqn="sum 0 0 @1" />
<v:f eqn="prod @2 1 2" />
<v:f eqn="prod @3 21600 pixelWidth" />
<v:f eqn="prod @3 21600 pixelHeight" />
<v:f eqn="sum @0 0 1" />
<v:f eqn="prod @6 1 2" />
<v:f eqn="prod @7 21600 pixelWidth" />
<v:f eqn="sum @8 21600 0" />
<v:f eqn="prod @7 21600 pixelHeight" />
<v:f eqn="sum @10 21600 0" />
</v:formulas>
<v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect" />
<o:lock v:ext="edit" aspectratio="t" />
</v:shapetype><v:shape id="_x0000_s1026" type="#_x0000_t75" alt="" style='position:absolute;margin-left:0;margin-top:0;width:64.5pt;height:57.05pt;z-index:251659264;mso-position-horizontal:left;mso-position-horizontal-relative:text;mso-position-vertical:top;mso-position-vertical-relative:line;mso-width-relative:page;mso-height-relative:page' o:allowoverlap="f">
<v:imagedata src="cid:image001.jpg@01D3BD0D.41B87AF0" o:title="Image_2" />
<w:wrap type="square"/>
</v:shape><![endif]--><![if !vml]><img width="86" height="76" src="cid:image003.jpg@01D3BF65.B850EDF0" align="left" hspace="12" v:shapes="_x0000_s1026"><![endif]>DIR
Security<o:p></o:p></p>
<p class="MsoNormal">Office of the Chief Information Security Officer<o:p></o:p></p>
<p class="MsoNormal">Texas Department of Information Resources<o:p></o:p></p>
<p class="MsoNormal"><a href="mailto:dirsecurity@dir.texas.gov">dirsecurity@dir.texas.gov</a>
<o:p></o:p></p>
</div>
</body>
</html>