Towards that end, I've collected full text examples of many of these phish, with links to the University web pages where there students have been warned. Hopefully we can start warning people of national on-going campaigns like this BEFORE they are victimized!
While I was reviewing University Phish for this project, I was especially impressed with the phishing details shared at University of Michigan (Go Blue!) and University of Pennsvylvania. Both are great examples of giving students enough details to understand the scope of the risk at hand.
January 2014 Library Account phish
January 9, 2014 - George Washington University
Subject: Library Account
Dear User,Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once! To reactivate your account, simply visit the following page and login with your university account. After logging in, your account is reactivated and it will redirect you to your Library Account.
February Library Account phish
February 21, 2014 - Flinders University
Have you received an email asking you to “validate” your Library Account? This email is attempting to steal Flinders user credentials and is not legitimate.Don’t follow the links in the email, just delete it. The library will never ask you to login to verify your details or activate your account.
May Library Account phish
May 23, 2014 - Lehigh University
June Library Account phish
June 26, 2014 - University of Minnesota
From: Library
Date: Thu, Jun 26, 2014 at 8:47 AM
Subject: Library Account
To:
Dear User,
Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!To reactivate your account, simply visit the following page and login wilth your library account.
Login Page:
xxxxxxxxxxxxxxxxxx
Sincerely,
University of Minnesota Libraries
499 Wilson Library
309 19th Avenue South
Minneapolis, Minnesota 55455
(612) 624-3321 (voice)
(612) 626-9353 (fax)
September Library Account phish
September 10, 2014 - University of Pennsylvania
From: Jonathan Heller < jheller@pobox.supenn.edu > Subject: Library Account Access Date: Wed, Sep 10, 2014 2:11 PM Dear User,Your access to your library account is expiring soon and it won't be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.(LINK REMOVED)
If you are not able to login, please contact Library Services Manager at jheller@pobox.upenn.edu .
Sincerely, Jonathan Heller Library Services Manager Access & Delivery Services Penn Libraries University of Pennsylvania (215) 898-8956 jheller@pobox.upenn.edu
September 17, 2014 - University of North Carolina Health Sciences Library
Alert: Phishing Emails Impersonate UNC LibrarySome members of the UNC community have received false emails that appear to be from the Library.
These emails state that “access to your library account is expiring soon and it won’t be accessible for you.” The email directs the recipient to a link that appears to be from the Library.
October Library Account Phish
October 8, 2014 - UC Denver's Auraria Library
October 9, 2014 - University of Colorado Health Sciences Library
The University has been recently subjected to a phishing attack. The subject line of these new phishing messages is “Library Account Access”. These emails are designed to appear as if they are coming from the library concerning a library account activation. The phishing emails also contain links to malicious web sites that ask for your University information (Name and student/employee ID).
October 10, 2014 - Miami University of Ohio
From: XXX XXX [mailto:xxxxxxxx@miamioh.edu] Sent: Friday, October 10, 2014 12:45 PM To: xxxxxxxx@miamioh.edu Subject: Library Account Access Dear User,Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.(LINK)
If you are not able to login, please contact Library Services Manager at xxxxxxxx@miamioh.edu.
Sincerely, Alison Withers Library Services Manager Access and Delivery Services University Library Miami University 513-529-2938
October 30, 2014 - Virginia Commonwealth University
To: From: Access Services ManagerYour access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library account.Date: 10/30/2014 11:54AM Subject: Library Account Access Dear User, (Link redacted, actual link goes to login.vcu.edu.cavc.tk)
If you are not able to login, please contact Library Services Manager at kbonis@vcu.edu.
Sincerely, Kerry Bonis Library Services Manager Access & Delivery Services Main Library Virginia Commonwealth University (804) 827-3968
November Library Account phish
November 13, 2014 - Illinois Institute of Technology
IIT faculty, staff and students may have received an email to “All Members of the University of Illinois” notifying you about a new library system that requires you to activate a new library account. Do not respond to this email. It is a phishing attempt to collect IIT campus-wide ID numbers (CWIDs).Library users affiliated with Illinois Tech gain access to subscription databases when off-campus by entering their CWID. Releasing that information to a third-party may result in access to our databases being limited or cut off. You can always safely access the library website by using the IIT Portal links, or going directly to the library website. If you believe your CWID has been compromised, please contact the OTS support desk.
November 17, 2014 - Southern Methodist University
jsippell@smu.eduSample Phishing Email Subject: Library Account Access Sender: Jane SippellYour access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.Dear User, Note – this link appears in the email:
https://libcat.smu.edu/cgi_bin/ldapauth.cgi_loginType=E25JFHNfCD7…
The actual destination does not point to the SMU library catalog but to a web address at http://libcat.smu.edu.cvre.tk
http://libcat.smu.edu.cvre.tk/cgi_bin/ldapauth.cgi_loginType=E25JFHNfCD7v…
If you are not able to login, please contact Access Services Manager at jsippell@smu.edu.
Sincerely, Jane Sippell Access Services Manager Access & Delivery Services Central University Libraries Southern Methodist University (214) 919-5931
November 17, 2014 - University of Arizona
From: library (EMAIL ADDRESS REMOVED) Subject: Library account Date: November 17, 2014 at 8:46:39 AM MST Reply-To: (EMAIL ADDRESS REMOVED) Dear User,Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!To reactivate your account, simply visit the following page and login with your library account.
Login Page:
(URL REMOVED)
Sincerely,
The University of Arizona Libraries
(ADDRESS, PHONE NUMBER AND URL REMOVED)
November 18, 2014 - Washington University in St. Louis
Dear User,Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.
(LINK)
If you are not able to login, please contact Access Services Manager at *********@wustl.edu.
Sincerely,
November 19, 2014 - Ball State University Library
University Libraries was alerted that some members of the Ball State community received an email message stating their library account was soon to expire. The email said to reactivate the account by clicking on a web address included in the message. This was a phishing scam and the campus Office of Information Security took steps block access to the phony site.
December Library Account Phish
December 1, 2014 - Harvard University
December 1, 2014 - McGill University (Canada)
December 1, 2014 - Cornell UniversityFrom: LibrarySubject: Library Account Sent: Monday, December 01, 2014 8:49 AM To: Dear User, Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once! To reactivate your account, simply visit the following page and login with your library account. Login Page: Sincerely, McGill Library McLennan Library Building 3459 rue McTavish Montreal, Quebec H3A 0C9
Subject: Library Account
Date: December 1, 2014Dear User,
Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once! To reactivate your account, simply visit the following page and login with your library account.
Login Page:
(BAD LINK)Sincerely,
Cornell University Library, Ithaca, NY 14853 | (607) 255-4144
December 3, 2014 - University of Tennessee Knoxville
Dear User,Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!
To reactivate your account, simply visit the following page and login with your library account.
Login Page:
http://www.lib.utk.edu/reactivation?service
Sincerely,
University of Tennessee University Libraries Email: library@utk.edu Tel: (865) 974-4351
December 15, 2014 - California State University Long Beach
December 18, 19, 20, 2014 - University of Michigan - (Hail to the Victors! Go Blue! WELCOME COACH HARBAUGH! Watched you play in 1985 while I was a Wolverine myself!!!) (oops) (blush)
Date: Thursday, December 18, 2014 Subject: Library Account Access Dear User,
Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to the library services. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.[LINK REMOVED]
If you are not able to login, please contact [LINK REMOVED] for immediate assistance.
Sincerely,
Access Services Manager University of Michigan Library (734) 936-2921 [LINK REMOVED]
Date: Friday, December 19, 2014
Subject: U-M library System Problem
Dear [Your Name],You are receiving this message because your login and off-campus access may have been compromised.
Your access will be inactive in 3 days. Because of some security problems, we decided to make some changes (Upgrade) and this is due to the implementation of a new version of Central Authentication System(CAS) and Umich WebLogin.
This means while you are off-campus or on-campus you will have no access to library's internal web services.You can activate it by going again simply login to University of Michigan Library Weblogin System with your U-M LoginID and reactive your access.
Offer that Logout your account and close your browser.Please note: If you get an Authentication Error ,just try 2 times to login again. Because System will automatically block your IP and Account and you should contact Systems Help Desk to Unlock.
University of Michigan Library 818 Hatcher Graduate Library South 913 S. University Avenue Ann Arbor, MI 48109-1190 (734) 764-0400 [LINK REMOVED]
Date: Friday, December 19, 2014
Subject: ADMINDear Web-mail Account User,
Your e-mail Account have Exceed the 20 GB e-mail Storage Set-Up by your Service Provider/Admin. You have to contact your Service Provider on Help Desk Support Portal below in less than 48 hours to avoid Suspension of your Web-mail Account if you dont Verify your e-mail account. To keep your Account Safe, Kindly Click the Help Desk Support Blue Portal below:
umich.edu-helpdesk [LINK REMOVED]
SERVICE DESK - IT HELP DESK ©COPYRIGHT 2014 WEB-TEAM. ALL RIGHT RESERVED.
December 23, 2014 - Wake Forest University
Dear User,Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to the library services. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.
(LINK)
If you are not able to login, please contact James Hart at hartja@wfu.edu for immediate assistance.
Sincerely, James Hart Access Services ZSR Library Wake Forest University 336-758-4967 hartja@wfu.edu
December 23, 2014 - UAB Library