We were alerted to the email below. Please read carefully and share with your units. W2 Forms in our district will NOT be distributed electronically so any such email should be ignored.
NEW YORK STATE OFFICE OF INFORMATION TECHNOLOGY SERVICES CYBER-THREAT ALERT
DATE ISSUED: January 23, 2016
January 25, 2016 UPDATED
SUBJECT: Active Email Phishing Threat
The NYS ITS CSOC has been notified of an active phishing email threat targeting government agencies. We have received reports of a well-crafted phishing email circulating in the past two weeks at several US universities and in neighboring states. The email notifies employees that their electronic W2s are available and encourages them to click to login and view/print their W2s. The link takes them to a landing page which has been made to look like the organization’s Human Resources site. Those who fall victim to the phishing email may have their personal information compromised, including login, password, tax information, bank account information, personal contact information and benefit information.
Two sample emails are provided below. Please note that there are several variants.
ORIGINAL INDICATORS OF COMPROMISE:
· Email was sent from email domain email.ufrb.edu.br
· IP address resolution for the email domain resolves to 188.8.131.52
· The link in the email sent from the email domain redirects to a URL in the domainhxxp://xxx.flirtingvision.co.nz (this domain is still active)
If you have any questions or concerns please direct your inquiries to email@example.com or by phone at 242-5211.
Cyber Security Operations Center
NYS Enterprise Information Security Office
Office of Information Technology Services (ITS)
1220 Washington Avenue, Building 5 – 1st Floor
Albany, New York 12226
Main Phone: 518-242-5211 | firstname.lastname@example.org