2015-01-06

Many universities across the country have been targeted with phishing emails that warn their students that their "Library Account" is going to expire. As with so many cybercrime issues, these crimes could be addressed much differently if the Powers That Be were aware that these were not individual cases, but an on-going campaign across victims across the country!

Towards that end, I've collected full text examples of many of these phish, with links to the University web pages where there students have been warned. Hopefully we can start warning people of national on-going campaigns like this BEFORE they are victimized!

While I was reviewing University Phish for this project, I was especially impressed with the phishing details shared at University of Michigan (Go Blue!) and University of Pennsvylvania. Both are great examples of giving students enough details to understand the scope of the risk at hand.

January 2014 Library Account phish

January 9, 2014 - George Washington University
Subject: Library Account
Dear User,

Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once! To reactivate your account, simply visit the following page and login with your university account. After logging in, your account is reactivated and it will redirect you to your Library Account.

February Library Account phish

February 21, 2014 - Flinders University
Have you received an email asking you to “validate” your Library Account? This email is attempting to steal Flinders user credentials and is not legitimate.

Don’t follow the links in the email, just delete it. The library will never ask you to login to verify your details or activate your account.

May Library Account phish

May 23, 2014 - Lehigh University
June Library Account phish

June 26, 2014 - University of Minnesota
From: Library
Date: Thu, Jun 26, 2014 at 8:47 AM
Subject: Library Account
To:
Dear User,
Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!

To reactivate your account, simply visit the following page and login wilth your library account.

Login Page:
xxxxxxxxxxxxxxxxxx
Sincerely,
University of Minnesota Libraries
499 Wilson Library
309 19th Avenue South
Minneapolis, Minnesota 55455
(612) 624-3321 (voice)
(612) 626-9353 (fax)

September Library Account phish

September 10, 2014 - University of Pennsylvania

Your access to your library account is expiring soon and it won't be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

(LINK REMOVED)

If you are not able to login, please contact Library Services Manager at jheller@pobox.upenn.edu .

September 17, 2014 - University of North Carolina Health Sciences Library
Alert: Phishing Emails Impersonate UNC Library

Some members of the UNC community have received false emails that appear to be from the Library.

These emails state that “access to your library account is expiring soon and it won’t be accessible for you.” The email directs the recipient to a link that appears to be from the Library.

October Library Account Phish

October 8, 2014 - UC Denver's Auraria Library
October 9, 2014 - University of Colorado Health Sciences Library
The University has been recently subjected to a phishing attack. The subject line of these new phishing messages is “Library Account Access”. These emails are designed to appear as if they are coming from the library concerning a library account activation. The phishing emails also contain links to malicious web sites that ask for your University information (Name and student/employee ID).

October 10, 2014 - Miami University of Ohio

Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

(LINK)

If you are not able to login, please contact Library Services Manager at xxxxxxxx@miamioh.edu.

October 30, 2014 - Virginia Commonwealth University

Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library account.

(Link redacted, actual link goes to login.vcu.edu.cavc.tk)

If you are not able to login, please contact Library Services Manager at kbonis@vcu.edu.

November Library Account phish

November 13, 2014 - Illinois Institute of Technology
IIT faculty, staff and students may have received an email to “All Members of the University of Illinois” notifying you about a new library system that requires you to activate a new library account. Do not respond to this email. It is a phishing attempt to collect IIT campus-wide ID numbers (CWIDs).

Library users affiliated with Illinois Tech gain access to subscription databases when off-campus by entering their CWID. Releasing that information to a third-party may result in access to our databases being limited or cut off. You can always safely access the library website by using the IIT Portal links, or going directly to the library website. If you believe your CWID has been compromised, please contact the OTS support desk.

November 17, 2014 - Southern Methodist University

Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

Note – this link appears in the email:

https://libcat.smu.edu/cgi_bin/ldapauth.cgi_loginType=E25JFHNfCD7…

The actual destination does not point to the SMU library catalog but to a web address at http://libcat.smu.edu.cvre.tk

http://libcat.smu.edu.cvre.tk/cgi_bin/ldapauth.cgi_loginType=E25JFHNfCD7v…

If you are not able to login, please contact Access Services Manager at jsippell@smu.edu.

jsippell@smu.edu
November 17, 2014 - University of Arizona

Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!

To reactivate your account, simply visit the following page and login with your library account.

Login Page:

(URL REMOVED)

Sincerely,

The University of Arizona Libraries
(ADDRESS, PHONE NUMBER AND URL REMOVED)

November 18, 2014 - Washington University in St. Louis
Dear User,

Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

(LINK)

If you are not able to login, please contact Access Services Manager at *********@wustl.edu.

Sincerely,

November 19, 2014 - Ball State University Library
University Libraries was alerted that some members of the Ball State community received an email message stating their library account was soon to expire. The email said to reactivate the account by clicking on a web address included in the message. This was a phishing scam and the campus Office of Information Security took steps block access to the phony site.

December Library Account Phish

December 1, 2014 - Harvard University
December 1, 2014 - McGill University (Canada)

December 1, 2014 - Cornell University
Subject: Library Account
Date: December 1, 2014

Dear User,

Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once! To reactivate your account, simply visit the following page and login with your library account.

Login Page:
(BAD LINK)

Sincerely,

Cornell University Library, Ithaca, NY 14853 | (607) 255-4144

December 3, 2014 - University of Tennessee Knoxville
Dear User,

Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!

To reactivate your account, simply visit the following page and login with your library account.

Login Page:

http://www.lib.utk.edu/reactivation?service

Sincerely,

December 15, 2014 - California State University Long Beach
December 18, 19, 20, 2014 - University of Michigan - (Hail to the Victors! Go Blue! WELCOME COACH HARBAUGH! Watched you play in 1985 while I was a Wolverine myself!!!) (oops) (blush)

Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to the library services. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

[LINK REMOVED]

If you are not able to login, please contact [LINK REMOVED] for immediate assistance.

Sincerely,

Date: Friday, December 19, 2014
Subject: U-M library System Problem
Dear [Your Name],

You are receiving this message because your login and off-campus access may have been compromised.

Your access will be inactive in 3 days. Because of some security problems, we decided to make some changes (Upgrade) and this is due to the implementation of a new version of Central Authentication System(CAS) and Umich WebLogin.
This means while you are off-campus or on-campus you will have no access to library's internal web services.

You can activate it by going again simply login to University of Michigan Library Weblogin System with your U-M LoginID and reactive your access.
Offer that Logout your account and close your browser.

Please note: If you get an Authentication Error ,just try 2 times to login again. Because System will automatically block your IP and Account and you should contact Systems Help Desk to Unlock.

Date: Friday, December 19, 2014
Subject: ADMIN

Dear Web-mail Account User,

Your e-mail Account have Exceed the 20 GB e-mail Storage Set-Up by your Service Provider/Admin. You have to contact your Service Provider on Help Desk Support Portal below in less than 48 hours to avoid Suspension of your Web-mail Account if you dont Verify your e-mail account. To keep your Account Safe, Kindly Click the Help Desk Support Blue Portal below:

umich.edu-helpdesk [LINK REMOVED]

December 23, 2014 - Wake Forest University
Dear User,

Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to the library services. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

(LINK)

If you are not able to login, please contact James Hart at hartja@wfu.edu for immediate assistance.

December 23, 2014 - UAB Library

Show more