Known and Reported Threats

Ransomware On Your Personal Computer

What Should You Do?

  • If the threat does not appear in the list below, you can report it to LIS by clicking the “Internet Threat Report” link below.
  • Report it to Google from inside the message by clicking the arrow next to Reply, clicking More, then Clicking Report phishing.
  • Ignore or delete the message.
  • If you replied, clicked a link, provided any information through a form, or opened an attachment, reset your Carthage password and scan your computer for malware (Windows, Mac).
  • Email help@gxitma.net for questions or concerns.
  • Internet Threat Report

Message or Warning

Click on a link in the menu below to see more information about each threat.

If you know of a threat, please submit the form below to let Library and Information Services know:

Internet Threat Report

If you have received the following email and have interacted with it in any way, please contact help@gxitma.net. These emails are used for phishing and are designed to pressure you into providing your credentials and account information. If you received this email, please be sure to mark as SPAM and contact us directly if you interacted with it.  

Sent: Date: Friday, September 20th, 2024 between 12:48pm and 1:20pm CST
Subject: Wedding Music
Sender Information: johrs190@gmail.com

Email Message Content:

Hello,

I want to make an inquiry if you will be available to perform (Piano)
at my wedding ceremony. Sarah and I will tie the knot on October 12 2024 by
4pm at a private residence in Kenosha, WI. Will you be able to perform
either Live, Pre recording or Zoom? We are expecting a maximum of 15
guests. The ceremony is just an hour and you will be expected to play
Prelude 7 minutes, Processional 2 minutes, Recessional 2minutes, postlude
10 minutes. Let me know if you are available and how much is your fee.
Which of the mediums will be OK for you to perform (Live, Pre recording or
Zoom). Please reply asap.

Bruce.

If you have received the following email and have interacted with it in any way, please contact help@gxitma.net. These emails are used for phishing and are designed to pressure you into providing your credentials and account information. If you received this email, please be sure to mark as SPAM and contact us directly if you interacted with it.  

Sent: Date: Mon, Aug 20, 2024 at 11:30am
Subject: Your Apple ID has been locked
Sender Information: Microsoft

Email Message Content: 

Dear First Last, 

Your Apple ID has been locked for security reasons.  To unlock it, you must verify your identity. 

Verify Identity LINK

If you do not verify your identity within 12 hours, your Apple ID will be suspended until futher notice

Email Image: 

 

If you have received the following email and have interacted with it in any way, please contact help@gxitma.net.  These emails are used for phishing and are designed to pressure you into providing your credentials and account information. If you received this email, please be sure to mark as SPAM and contact us directly if you interacted with it.  

Sent: Date: Mon, May 27, 2024 at 7:57 PM
Subject: Important Notice -Email Verification
Sender Information: agentle@gxitma.net

Email Message:
This is the last time we will notify you that we’ll stop processing
incoming emails in your school account, and the reason is you failed to
verify your Microsoft account which may lead to the permanent deletion of
your account from our database in the next few hours. Kindly take a minute
to complete our email verification below. If the above links do not work,
please copy and paste the following URL into a Web browser: :
forms.gle/AB2MLR4g3rxHgNVV8

IMPORTANT NOTICE: Key=Password
(Key means Password)

If you only have one Google Office 365 account, only fill in the only
account.

Important Notice- Account disconnection will take place today.
Thank You Google 2024

Texts like this are malicious spoofing of an account used for phishing designed to get your information. Make sure to delete and not respond.

Thank you for reporting and checking our known threats page for this email!  If you’ve come here to check if this is a known threat, reported it to LIS, deleted or marked the email as SPAM, you’ve handled it perfectly!  Thank you for your continued attention to email and remaining cautious with anything suspicious!  

Name: Your NAME

Payroll ID: xxx6876 3787

Dear Carthage College Employee,

As part of the new General Data Protection Regulations (EU) 2016/679 (GDPR), you are annualy required to opt-in to the corporate payroll direct deposit process.

Below, please find a secure link to verify your opt-in status and confirm your banking information.

Your immediate attention is required. If your response verification is not received by the end of business day 3/23/2024, your payroll will no longer be directly deposited into your account.

If you plan to opt-out of the corporate direct deposit process, complete the attached forms and return them promptly to your HR representative. Due to process requirements, if this is not received by Friday at the end of business, your payroll cannot be gaurentteed.

 

Keryn COBB shared a file with you

Human Resources Department,

Dr. John R. Swallow added you as a viewer. Verify your email to securely
view this document. You will need to verify your email every 7 days.

Dr. John R. Swallow
President
[image: icon] 2023July-Faculty_Staff Summer Benefit Program

[image: permission globe icon] This link will work for anyone.
Open
[image: Microsoft logo]
Privacy Statement

We have confirmed that a spoofed email (containing a variation of the below image) has made its way into a number of Carthage inboxes today; please click “Report As Spam” or delete if you received it.  The Subject line could appear in various ways but will likely include the “Fwd: Item shared with you: “2023 BENEFIT OPEN ENROLLMENT AND PLAN UPDATES.pdf” If you have any questions please send via email to help@gxitma.net  

Library and Information Services sent an email to all Carthage staff today at 4:30pm.  The senders address will be “training@cyberriskaware.com”.  This was an intended email sent by LIS and you can proceed to complete the training behind the link within the email.  If you have any questions please email help@gxitma.net

We have identified the email below as a known threat, please do not interact with it and mark it as SPAM.  If you have received and interacted with it, change your password and then contact us at help@gxitma.net.  

The following has been identified as a potentially malicious email or phishing attempt.  Please report as Phishing or SPAM if you’ve received it.  

The following email has made its way to several hundred Carthage email inboxes. If you receive this email, please report it as Phishing with the banner in the email or click the “report as spam” icon in your email inbox (it has an exclamation point icon).  We are working on filtering anything further and removing this threat from any additional inboxes.  

 

From: Carthage College <tom@nytfestivalen.no>
Date: Tue, Oct 25, 2022 at 11:37 AM
Subject: Carthage College sent you a documents!
To: Carthage College <tom@nytfestivalen.no>

Carthage College has invited you to view the following document

[Folder clipped] CC_0088902-44.pdf

Follow above for more details.

 

Thanks

Carthage College

2001 Alford Park Drive

Kenosha, WI 53140

(262) 551-8500

The following email has made its way to Carthage email inboxes.  If you receive this email, please report it as SPAM with the banner in the email or click the “report as spam” icon in your email inbox (it has an exclamation point icon)

The following is a known Phishing Attempt reported and confirmed on June 27th, 2022 - please do not interact with any part of the email and  report the email as SPAM or Phishing from within to your Gmail inbox.  

 

 

The following email went out from Carthage Library and Information Services about a legitimate training requirement from LIS and Carthage. Please take this message seriously and complete the training. The text of the email is below.

Hi xxxx@gxitma.net.

As indicated in our previous email, you currently have 1 assignment awaiting your completion. Please click the link below to register on our training platform called Cyber Risk Aware and complete your assigned training by 6/25/2022 4:30:00 AM.

Carthage College CyberRickAware Portal

Feel free to rate and provide feedback when prompted upon completion of this training.

Thank you,

Library and Information Services

We’ve been made aware of an email hoax that presents the subject “I.T EVALUATION.pdf” that is signed as John Swallow with link and an “OPEN” button.  Please avoid opening or interacting with this email.  

-Library and Information Services

caturner@ucmo.edu has shared the following item:
Today,
We are urgently conducting a short 5-minute survey about employee efficiency which requires staff to participate.
Your input is critical and will help carry out our responsibilities.

John R. Swallow
President
 
I.T EVALUATION.pdf

A recent phishing attempt via calendar invite has been identified and is actively being delivered in higher education institutions.  The Meeting title is “Customer Service Review”, the email may appear to come from users from within our @gxitma.net domain.  Please be cautious when acceppting any calendear invites you are not familar with. 

-Library and information Services

We’ve been made aware of  a phishing attempt that contains the following information and link to a “google doc”, please be on the lookout.  Text of email: 

See the changes in your Google Document “Contact Me - Form”: CLICK HERE

A user last made changes on 1/23/2022 1:09pm (India Standard Time) regarding the below:

  • Form submit

____________________________________________________

Powered by Google Docs

This is to notify all Carthage College Students and Staffs that we are validating active accounts.

Kidnly confirm that your account is still in use by clicking the validation link below:

Validate Email Account

Please note that any unvalidated accounts will be marked as disused and subsequently deleted within 72 hours.

Sincerely,

 

IT Help Desk
Carthage College Office of Information Technology

It’s tax season and attackers are capitalizing on that with this phishing email: 

Accounting and tax software provider Intuit has notified customers of
an ongoing phishing campaign impersonating the company and trying to
lure victims with fake warnings that their Turbo Tax (Intuit) accounts have been
suspended.

Intuit’s alert follows reports received from customers who were
emailed and told that their Intuit accounts were “disabled following a
recent server security upgrade”

Email Typically Reads:

“We have temporarily disabled your account due to inactivity. It is
compulsory that you restore your access within the next 24 hours,”
the attackers say in the phishing messages, masquerading as the
Intuit Maintenance Team. “This is a result of recent security upgrade
on our server and database, to fight against vulnerability and
account theft as we begin the new tax season.”

A new phishing campaign is installing the BazarLoader/BazarBackdoor trojan through malicious CSV files. BazarBackdoor is a stealthy backdoor malware created to provide threat actors remote access to an internal device that can be used as a springboard for further lateral movement within a network. The phishing emails pretend to be “Payment Remittance Advice” with links to remote sites that download a CSV file with names similar to “document-21966.csv.”

Subject: Employee Benefit Program

Date: 1/18/2022

From: Stormy Crawford or Denise P. Barrett

The Employee Assistance Program (E.A.P.) will be supporting all employees with cash assistance as part of a benefit plan to help employees get through the hard times due to the COVID-19 pandemic.

The Employee Assistance program will provide $3,700 in assistance to all qualified employees after applications are reviewed, processed, and approved.

Visit the Employee Benefits portal and follow all instructions carefully and enter the most appropriate details to apply.

Note: the support program is only available to qualifying employees. All the information requested is required for your application to be processed.

Sincerely,

*Stormy Crawford*

Self-Service Admin