I confirmed the spoof was created by Reflare. A company that CIS contracted
with to offer a phishing test grant for our members. There was a communication
fail on our end. We did have a member that had an account compromised today,
but they were unrelated. The combo of the two made me a little jumpy.
Sorry for the confusion.
Greg
________________________________
From: Greg Hardin
Sent: Friday, December 3, 2021 12:01 PM
To: oagitm@xxxxxxxxxxxxx <oagitm@xxxxxxxxxxxxx>
Subject: Fraudulent site cis-oregon.com spoofing learn.cisoregon.org
CIS members,
We've head one member fall prey to this credential scraper and compromise their
user account. The bad actor did a believable job of spoofing our site. I've
submitted a ticket to the domain registrar asking them to remove the domain.
The IP is 35.85.1.16, if you'd like to block it on your end.
[cid:523c7369-9167-4f41-b070-19b3d44cfe9f]
Thanks,
Greg
[https://www.cisoregon.org/images/CISlogosmall.jpg]<https://www.cisoregon.org>
Greg Hardin | IT Manager
CIS | P.O. Box 1469 | Lake Oswego, OR 97035
p 503-763-3889 | 800-922-2684 x3889 | f 503-763-3889
www.cisoregon.org<https://www.cisoregon.org>
Members of our new CIS Servicing Group through SAIF are seeing significant
savings! In addition to a multi-line discount on CIS contributions, a new
OGSERP discount is exclusively available to members of the CIS Servicing Group.
If your entity hasn't signed up, you still can by visiting our
website<https://www.cisoregon.org/signup>.