Watch out for Phishing Scams
Email scammers often try to elicit a sense of fear and urgency in victims and add links to webpages in emails designed to infect the user's computer once clicked.
ITS requires all staff and faculty to complete assigned security awareness training, KnowBe4, which is available inÌý. Students are also highly encouraged to complete the training.
The videos will educate you on what to look for in these types of email attacks. If you have any reservations about an email, don’t click on links and contact the person or department that sent the email to verify its authenticity. You can also contactÌýinfosec@ut.eduÌýfor us to verify the legitimacy of the email.Ìý
Resources and Information
Tax Scam
Recent Email Scams
Directed at E-Learning
Another University received the below email. The hackers knew that they were going to an online learning environment.
Subject: You have a Faculty E-learning message from your department
Hi
You have a Faculty E-Learning message notification file. For security reasons, Your message has been encoded. Kindly SIGN IN HERE again to open and read your message notification. Thank you.
Once they clicked on the page it took them to a login page asking for a username and password.
While we have not seen any phishing or scam emails come into the University email system, Information Technology and Security is actively monitoring the situation and will send out notices as needed.
Directed at Employment
Sent: Friday, February 28, 2020, 8:07:46 PM
Subject: Invitation to pet sit
Hello!
This is to notify you about an available part-time vacancy. Mrs. Ruth Stone needs a part-time pet sitter to care for her lovely pet dog for nine hours every week.Ìý
She offers to pay three hundred and fifty dollars weekly. Please contact (ruthstone1@outlook.com) for more information. Remember to email her with your private email, not your school email when applying.
Thanks
---
Email Security Tips
- Don’t trust the display name.
A favorite phishing tactic among cybercriminals is to spoof the display name of an email. Here’s how it works: If a fraudster wanted to impersonate a University email, it may look something like John Doe <john.doespartansutedu@gmail.com>
- Check for spelling mistakes.
Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.
- Don’t give up personal or company confidential information.
Most companies willÌýneverÌýask for personal credentials via email – especially banks. Never provide your username and password.
- Don’t believe everything you see.
Phishers and scammers are extremely good at what they do. Many malicious emails include convincing brand logos, language and a seemingly valid email address. If something just doesn't look right, be skeptical when it comes to your email messages—if it looks even remotely suspicious, do not open it. Report it toÌýinfosec@ut.edu.
- Don’t click on attachments.
Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.
- They ask you to reply with a personal email and not your school email.
ÌÒñ«ÉçÇø can block email senders from sending to spartans.ut.edu accounts. For personal email accounts such as Gmail or Yahoo, you would have to block the sender yourself.
- Beware of urgent or threatening language in the subject line.
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your account has been suspended.
- Stay clear of listings that offer you high income for part-time hours.
For example, someone offering to pay you $360 for nine hours of work. That equates to $40 per hour.
- You're asked to send money to cover expenses.
Someone wants to send you a check for services you have not performed yet, or they want you to purchase some items for future use and then send the rest of the money to another person or place by money order or money gram.
- Be wary of people relocating.
People asking you to perform some action, because they are relocating, is a scam. They do not want to meet you; they are trying to get information, such as a phone number and home address, so they can send a fraud check.
- Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. They may…
- say they’ve noticed some suspicious activity or log-in attempts;
- claim there’s a problem with your account or your payment information;
- say you must confirm some personal information;
- include a fake invoice;
- want you to click on a link to make a payment;
- say you’re eligible to register for aÌýÌýrefund or offer a coupon for free stuff.
Questions?
If you have any questions, please contact theÌýService DeskÌýor call (813) 253-6293 to report any suspicious emails.