Skip to end of metadata
Go to start of metadata

Issue Overview

Phishing scams use fraudulent emails to get users to reveal confidential information. Such emails usually look like they come from a legitimate organization such as Blackboard but contain links to illegitimate sites.

Blackboard has become aware of a mass phishing scam targeting customers using Blackboard Learn. To be clear, Blackboard Learn has not been hacked -- these are emails sent directly from a spammer to emails it may have harvested by spidering the institution's websites for email addresses.

Examples of Phishing Attempts

It is important to realize that the messages will vary.

EXAMPLE 1: "RECEIVED NEW MAIL"

Purported SenderBlackboard ITS
Email SubjectReceived New Mail[School Board]
Content

 

EXAMPLE 2: "NEW COURSE INFORMATION"

Purported SenderBlackboard Learn <notifications@blackboard.com>
Email SubjectNew Course Information
Content

Good Morning,

An important course form has been posted to you through the Blackboard Learning System.

Please sign in immediately to view the form.

Click here to sign in <--Link to malicious website 

Thank you,

Blackboard Learn.

 

EXAMPLE 3: "BLACKBOARD LEARN: IMPORTANT NEW COURSE"

Purported SenderBlackboard Learn <email@blackboard.com>
Email SubjectBlackboard Learn : Important new course
Content

Dear Staffs/Students

Access to e-mail is about to expire,
We recommend that you upgrade your account to avoid the suspension.

Please click on the link below to re-activate your account, please sign in to Blackboard system immediately.

Click here to sign in to the Blackboard System <--Link to malicious website 

Thank You.
© 2013 Blackboard | Technology and Solutions Inc. All Rights Reserved.

 

EXAMPLE 4: "NOTICE: IMPORTANT NEW COURSES ALERT."

Purported SenderBlackboard Learn <email@blackboard.com>
Email SubjectBlackboard Learn : Important new course
Content

Dear Member

Access to e-mail is about to expire,
We recommend that you upgrade your account to avoid the suspension.

Please click on the link below to re-activate your account, please sign in to Blackboard system immediately.

Click here to sign in to the Blackboard System <--Link to malicious website 

Thank You.
© 2013 Blackboard | Technology and Solutions Inc. All Rights Reserved.

Solution

  • Notify your end users that these emails are phishing emails and to delete and disregard the emails.
  • Do NOT go to the link in the email. Delete the email immediately.
  • Please continue to send questionable messages to spam@jhu.edu. For immediate response, please call the Help Desk (410-516-HELP).

More Information

 

  • No labels