Main Nav

Message from sweeny@indiana.edu

is anyone else getting these sorts of USDOJ notices? they look and feel like a phish (the generic opening is very suspicious, the 'victim id #' and PIN are the same in all instances of the note, the whole premise smells fishy, the references to later communication that so far haven't happened, etc), but the URLs and phone numbers are legit, and there's no fake reply-to or underlying URLs, so I can't find anything explicitly wrong with it. even the mail headers look correct. the note refers to attached information, and while there's no attachment, I just assumed the information is included, not literally 'attached.' thanks. Brent Sweeny, Indiana University ---

Comments

Got 3 of 'em today

On 1/17/2012 4:04 PM, Brent Sweeny wrote:
is anyone else getting these sorts of USDOJ notices? they look and feel like a phish (the generic opening is very suspicious, the 'victim id #' and PIN are the same in all instances of the note, the whole premise smells fishy, the references to later communication that so far haven't happened, etc), but the URLs and phone numbers are legit, and there's no fake reply-to or underlying URLs, so I can't find anything explicitly wrong with it. even the mail headers look correct. the note refers to attached information, and while there's no attachment, I just assumed the information is included, not literally 'attached.' thanks. Brent Sweeny, Indiana University ---
Message from pardonjr@purduecal.edu

I received one as well. My PIN is different. Please let me know if there is anything additional I can assist you with to ensure the service you received today has been excellent. James R. Pardonek Assistant Director for Information Security and Assurance Purdue University Calumet | 2200 169th Street | Hammond, IN 46323 (o) 219.989.2745 | (f) 219.989.2581 | www.purduecal.edu/security

We received 3 as well.

 

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Timothy J. Fairlie
Sent: Tuesday, January 17, 2012 3:06 PM
To: SECURITY@LISTSERV.EDUCAUSE.EDU
Subject: Re: [SECURITY] Fwd: US Department of Justice Victim Notification System

 

Got 3 of 'em today

On 1/17/2012 4:04 PM, Brent Sweeny wrote:

is anyone else getting these sorts of USDOJ notices? they look and feel like a phish (the generic opening is very suspicious, the 'victim id #' and PIN are the same in all instances of the note, the whole premise smells fishy, the references to later communication that so far haven't happened, etc), but the URLs and phone numbers are legit, and there's no fake reply-to or underlying URLs, so I can't find anything explicitly wrong with it. even the mail headers look correct.   the note refers to attached information, and while there's no attachment, I just assumed the information is included, not literally 'attached.'         thanks.  Brent Sweeny, Indiana University   ---
<?xml version="1.0" encoding="UTF-8"?>
I've been receiving them for several months too.

Dexter
The EDUCAUSE Security Constituent Group Listserv <SECURITY@LISTSERV.EDUCAUSE.EDU> writes:
We received 3 as well.

 

 




From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Timothy J. Fairlie
Sent: Tuesday, January 17, 2012 3:06 PM
Subject: Re: [SECURITY] Fwd: US Department of Justice Victim Notification System




 

Got 3 of 'em today

On 1/17/2012 4:04 PM, Brent Sweeny wrote:


is anyone else getting these sorts of USDOJ notices? they look and feel


like a phish (the generic opening is very suspicious, the 'victim id #'


and PIN are the same in all instances of the note, the whole premise


smells fishy, the references to later communication that so far haven't


happened, etc), but the URLs and phone numbers are legit, and there's no


fake reply-to or underlying URLs, so I can't find anything explicitly


wrong with it. even the mail headers look correct.   the note refers to


attached information, and while there's no attachment, I just assumed


the information is included, not literally 'attached.'


        thanks.  Brent Sweeny, Indiana University

 


---
I get these every now and then - usually in groups of multiple because I see the mail for abuse and network person and server person and ...... I checked a few years back and determined they were legitimate but pretty meaningless since we had no records to prove real damages tied to this individual's action from several years back.
It looks like a legitimate notice to me. If it's not then I'm sure that the folks reading abuse@usdoj.gov would like to hear about it. -Vik Vik Solem, CISSP, Sr. Applications Risk Consultant Tufts University, Information Security, vik.solem@tufts.edu / 617-627-4326 InfoSec Team: information_security@tufts.edu / 617-627-6070 On 2012-01-17 16:04 , "Brent Sweeny" wrote: >is anyone else getting these sorts of USDOJ notices? they look and feel >like a phish (the generic opening is very suspicious, the 'victim id #' >and PIN are the same in all instances of the note, the whole premise >smells fishy, the references to later communication that so far haven't >happened, etc), but the URLs and phone numbers are legit, and there's no >fake reply-to or underlying URLs, so I can't find anything explicitly >wrong with it. even the mail headers look correct. the note refers to >attached information, and while there's no attachment, I just assumed >the information is included, not literally 'attached.' > thanks. Brent Sweeny, Indiana University > >---
We've gotten quite a few regarding a case that has now ended (I hope). I'm not sure exactly why we were considered a victim in the case being reported, but they were consistent with all the names and case numbers. We probably received them over a period of a couple years, sometimes with long periods between messages. They were, however, deemed legitimate here. - ken Brent Sweeny wrote: > is anyone else getting these sorts of USDOJ notices? they look and feel > like a phish (the generic opening is very suspicious, the 'victim id #' > and PIN are the same in all instances of the note, the whole premise > smells fishy, the references to later communication that so far haven't > happened, etc), but the URLs and phone numbers are legit, and there's no > fake reply-to or underlying URLs, so I can't find anything explicitly > wrong with it. even the mail headers look correct. the note refers to > attached information, and while there's no attachment, I just assumed > the information is included, not literally 'attached.' > thanks. Brent Sweeny, Indiana University > > ---
We received similar notifications when we were actually involved in a case, and the notes were legit. I wonder if these are related to the DNS Changer take down that was reported last year. Marty Manjak ISO University at Albany The University at Albany will never ask you to reveal your password. Please ignore all such requests.
Message from r-safian@northwestern.edu

I think we have been getting these for a while...maybe a year or more. (actually, I just looked, our first was May 7th, 2009, almost three years) We take no action. >
We have been getting them for a few years related to an on-going prosecution where the defendant allegedly stole/cracked a number of higher ed user accounts (including one of ours). They are legit, but not very helpful. The victim ID and PIN are likely the same for each victim agent being notified. ___________________________________ Daniel V. O'Callaghan, Jr., MBA, CISSP, GCFA Chief Information Security Officer Sinclair Community College 444 W Third St, 13-000F Dayton, OH 45402 937.512.2452
Message from ozpaez@sprynet.com

Dear Brent,

I forwarded this message to my Denver Infragard lead, who should be able to check on it in a short time.  I will let you and the group know about the response I get.

 

Ozzie Paez

SSE

303-332-5363

Denver Infragard

www.ozziepaezdecisions.com

LinkedIn

 

 

 

Message from ozpaez@sprynet.com

Here is the FBI reply from Denver Infragard.

 

Ozzie Paez

SSE

303-332-5363

www.ozziepaezdecisions.com

 

 

 

I’ve got a bazillion of them clogging up my inbox.

 

Theresa Semmens, CISA

Chief IT Security Officer

IACC 210D

North Dakota State University

O - 701-231-5870

Theresa.Semmens@ndsu.edu

 

It sounds like messages I have received in the past but I have not seen these for a while.

 

I used to get these periodically - usually in clusters of 3 or 4. Those that I still have came from Tina Sutter fedemail@vns.usdoj.gov.  However,

 

The last ones came from the USDOJ (same email address), Victim Notification System Call Center, and mentioned changes coming on 10/17/2013.

 

I did follow up and find out they are legit.  Apparently our users were spammed or phished a while back and we were named as victims in the scams.  The cases are now being resolved through the courts.  I never was able to find out more info – like how do I recover (or file for) damages ?;-)

 

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.