SPAM: Difference between revisions

From William Paterson University - Information Technology's Wiki
Jump to navigation Jump to search
No edit summary
(24 intermediate revisions by 2 users not shown)
Line 1: Line 1:
==Types of Scam Emails==
==Types of Scam Emails==
===Phishing===
===Phishing===
Phishing emails are fraudulent email messages that appear to be sent by legitimate sources (a friend or another student, the University IT department, a bank, etc.) These messages usually include a link to click on that directs you to malicious website made to look like a login page or a webform designed to get you to enter private information (for example, your username and password.) The attackers then use the information the information they've collected from you to commit some form of malicious activity with your account or, worse, identity theft.


Many phishing emails attempt to trick recipients by creating a sense or urgency with a threat that they will lose something unless they act quickly. Other phishing emails are designed to make it appear that the phishing email is part of a prior email communication, hoping the recipient will perceive the email as legitimate.
Examples of wording using in Phishing emails include:
*'Your account will be deactivated if you don't CLICK HERE.'
*'ACTION REQUIRED - MISSING FAFSA/Financial Aid Info. CLICK HERE for Document Review'
*'A file has been shared with you. ONEDRIVE Document.'
*'You have received a secure document from XXX. Click Here to access.'
*'Unable to display full message. CLICK HERE to show full message.'
[[File:PhishingEmailExample1.png|frame|center|Phishing Email Example]]
For additional information on Phishing, visit one of these online resources:
* https://www.phishing.org/what-is-phishing
*https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams


===Fake Part-Time Jobs & Fake Check Scams===
===Fake Part-Time Jobs & Fake Check Scams===
Line 11: Line 24:
*The check is often for $1,500-2,000, and the student is asked to keep some of the money as their payment and sent the larger remaining about of money from the check to someone else via gift card, wire transfer, or other means.
*The check is often for $1,500-2,000, and the student is asked to keep some of the money as their payment and sent the larger remaining about of money from the check to someone else via gift card, wire transfer, or other means.
*A few weeks later, the initial check then does not clear and the individual who deposited the check is then out the money then sent on to someone else.
*A few weeks later, the initial check then does not clear and the individual who deposited the check is then out the money then sent on to someone else.
<gallery>
FakeJob1.jpg|Fake Part-Time Job
</gallery>


[[File:FakeJob1.png|frame|center|Fake Part-Time Job Email]]
For more information on fake check scams, visit the following links:
For more information on fake check scams, visit the following links:
*https://www.fraud.org/fake_check_scams
*https://www.fraud.org/fake_check_scams
Line 21: Line 32:


===Impersonation Emails & Gift Card Scams===
===Impersonation Emails & Gift Card Scams===
Impersonation emails are emails that seem be sent by a trusted colleague or friend and start with a simple question like 'Are you available?'
*These emails are sent so that they look like they are coming from the email of someone you know, but are actually sent from another email account used by a scammer.
*If you reply to the email, you'll be asked if you can do a favor for that person.
*Usually, the request is to purchase gift cards for some urgent need they have and then scratch of the redemption codes and email or text pictures to them.
*Once the scammer has the redemption codes for the gift cards, the funds are immediate moved to another account and your money is now stolen.
[[File:ImpersonattionExample.png|frame|center|Impersonation Email Gift Card Scam Example]]
For additional information on impersonation emails and gift card scams, please visit the following links:
*https://www.chronicle.com/article/Phishing-Scheme-Targets/245535/
*https://www.zdnet.com/article/beware-phony-gift-card-email-scams-heres-why-attackers-love-using-them/


===Sextortion Emails===
===Sextortion Emails===
Sextortion scams are scams in which you receive an email from a 'hacker' that indicates the person has had access to your accounts and computers for several months and will release embarrassing photos/videos/search history to your friends, family, or coworkers unless you pay them some form of ransom (usually requested in Bitcoin.) The emails may even include part of a password you currently or previously used.
These emails are rarely ever legitimate. In most cases, the emails are sent to individuals by the thousands using lists of emails - and possibly passwords - compiled from website hacks over the years.
'''While the emails may be scary to read, our recommendation is always to just ignore and delete the email.''' It's possible that you may receive several iterations of the email, but all can safely be ignored.
[[File:Sextortion Email Example.png|frame|center|Sextortion Email Example]]
For more information on sextortion email scams, visit the following resources:
* https://www.eff.org/deeplinks/2018/07/sextortion-scam-what-do-if-you-get-latest-phishing-spam-demanding-bitcoin
*https://www.cnbc.com/2019/06/17/email-sextortion-scams-on-the-rise-says-fbi.html
===SPAM 2020===
Often, the emails you receive in your university emails inbox come from a staff member, professor, or person affiliated to William Paterson, but it’s important to stay alert for any scam emails that potentially come through.
This year alone in 2020, we have had around 4 scam emails sent to people’s inboxes that have consisted of different styles of scamming such as phishing or an advertisement for a job offering.
The best way to combat a scam email is simply by ignoring it and deleting it. In the event that you click on any links within a scam email it’s essential that you reset the password for your university account and any other account you have with that same password immediately.
In the event that you suspect an email is a scam, but cannot be 100% sure, we highly suggest you contact the '''Help Desk at 973-720-4357''' to ensure the safety of your information.
Some examples of scam emails that have been sent out this year include:
[[File:Spam.png|1000 × 500px|frame|center|A pet sitting job scam on April 16th ]]
Notice that this scam email in particular asks you to contact a secondary email rather than just replying to the one that sent the email. In addition, job advertisement scamming will usually include unrealistic salaries for doing an easy job to make it look more enticing. These are some easy signs to look out for.
<br>
[[File:Spam3.png|1000 x 500px|frame|center|Another job advertisement scam email on May 8th]] <br>
Even though this job may not be for outside employment of the university, it still requests that you contact a secondary email for your response which should always raise suspicion.
[[File:Spam2.png|1000 x 500px|frame|center|A phishing scam email on May 7th]] <br>
A characteristic to watch out for when it comes to phishing scams is the amount of urgency that is repeated throughout the email’s entirety. The likelihood of the university to require all staff and students to migrate to a new Microsoft Outlook within 24 hours is extremely unlikely.


==Reporting SPAM email==
==Reporting SPAM email==

Revision as of 19:42, 22 May 2020

Types of Scam Emails

Phishing

Phishing emails are fraudulent email messages that appear to be sent by legitimate sources (a friend or another student, the University IT department, a bank, etc.) These messages usually include a link to click on that directs you to malicious website made to look like a login page or a webform designed to get you to enter private information (for example, your username and password.) The attackers then use the information the information they've collected from you to commit some form of malicious activity with your account or, worse, identity theft.

Many phishing emails attempt to trick recipients by creating a sense or urgency with a threat that they will lose something unless they act quickly. Other phishing emails are designed to make it appear that the phishing email is part of a prior email communication, hoping the recipient will perceive the email as legitimate.

Examples of wording using in Phishing emails include:

  • 'Your account will be deactivated if you don't CLICK HERE.'
  • 'ACTION REQUIRED - MISSING FAFSA/Financial Aid Info. CLICK HERE for Document Review'
  • 'A file has been shared with you. ONEDRIVE Document.'
  • 'You have received a secure document from XXX. Click Here to access.'
  • 'Unable to display full message. CLICK HERE to show full message.'
Phishing Email Example

For additional information on Phishing, visit one of these online resources:

Fake Part-Time Jobs & Fake Check Scams

Many universities have been affected by students and employees receiving emails from other student emails or outside addresses that indicate that their company/friend/mother/uncle/etc. is hiring for a part-time job.

  • These 'jobs' range from pet or baby sitting to research or secret shopper jobs that students can do in their spare time to earn extra money.
  • These are fake job scams that attempt to have individuals deposit a fake check.
  • Students who reply and indicate interest receive responses asking to provide detailed contact information (address, date of birth, etc.)
  • The scammers then indicate that you are 'hired' and send a fake check or money order to "cover start up wages/supplies."
  • The check is often for $1,500-2,000, and the student is asked to keep some of the money as their payment and sent the larger remaining about of money from the check to someone else via gift card, wire transfer, or other means.
  • A few weeks later, the initial check then does not clear and the individual who deposited the check is then out the money then sent on to someone else.
Fake Part-Time Job Email

For more information on fake check scams, visit the following links:

Impersonation Emails & Gift Card Scams

Impersonation emails are emails that seem be sent by a trusted colleague or friend and start with a simple question like 'Are you available?'

  • These emails are sent so that they look like they are coming from the email of someone you know, but are actually sent from another email account used by a scammer.
  • If you reply to the email, you'll be asked if you can do a favor for that person.
  • Usually, the request is to purchase gift cards for some urgent need they have and then scratch of the redemption codes and email or text pictures to them.
  • Once the scammer has the redemption codes for the gift cards, the funds are immediate moved to another account and your money is now stolen.
Impersonation Email Gift Card Scam Example

For additional information on impersonation emails and gift card scams, please visit the following links:

Sextortion Emails

Sextortion scams are scams in which you receive an email from a 'hacker' that indicates the person has had access to your accounts and computers for several months and will release embarrassing photos/videos/search history to your friends, family, or coworkers unless you pay them some form of ransom (usually requested in Bitcoin.) The emails may even include part of a password you currently or previously used.

These emails are rarely ever legitimate. In most cases, the emails are sent to individuals by the thousands using lists of emails - and possibly passwords - compiled from website hacks over the years. While the emails may be scary to read, our recommendation is always to just ignore and delete the email. It's possible that you may receive several iterations of the email, but all can safely be ignored.

Sextortion Email Example

For more information on sextortion email scams, visit the following resources:

SPAM 2020

Often, the emails you receive in your university emails inbox come from a staff member, professor, or person affiliated to William Paterson, but it’s important to stay alert for any scam emails that potentially come through. This year alone in 2020, we have had around 4 scam emails sent to people’s inboxes that have consisted of different styles of scamming such as phishing or an advertisement for a job offering. The best way to combat a scam email is simply by ignoring it and deleting it. In the event that you click on any links within a scam email it’s essential that you reset the password for your university account and any other account you have with that same password immediately. In the event that you suspect an email is a scam, but cannot be 100% sure, we highly suggest you contact the Help Desk at 973-720-4357 to ensure the safety of your information. Some examples of scam emails that have been sent out this year include:

A pet sitting job scam on April 16th

Notice that this scam email in particular asks you to contact a secondary email rather than just replying to the one that sent the email. In addition, job advertisement scamming will usually include unrealistic salaries for doing an easy job to make it look more enticing. These are some easy signs to look out for.


Another job advertisement scam email on May 8th


Even though this job may not be for outside employment of the university, it still requests that you contact a secondary email for your response which should always raise suspicion.

A phishing scam email on May 7th


A characteristic to watch out for when it comes to phishing scams is the amount of urgency that is repeated throughout the email’s entirety. The likelihood of the university to require all staff and students to migrate to a new Microsoft Outlook within 24 hours is extremely unlikely.

Reporting SPAM email

Students, faculty and staff can report SPAM messages to Microsoft for analysis. If you are ever unsure if an email message is legitimate or SPAM, please contact User Services by submitting a request online at https://www.wpunj.edu/helpdesk or by calling 973-720-4357.

Junk and Phishing

  1. Compose a new email
  2. Address the email to the Microsoft team that reviews messages as follows:
    1. For junk messages, address your email to junk@office365.microsoft.com
      1. Junk messages may contain disguised links that appear to be for familiar websites but in fact lead to phishing web sites or sites that are hosting malware.
    2. For phishing scam messages, address your email to phish@office365.microsoft.com
      1. Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
  3. Leave the body of the new message empty (remove any auto-populating signatures)
  4. Insert the junk or phishing scam message into your new blank email as an attachment. Note: Do not simply forward the junk or phishing message.
  5. Delete the original message

False Positives

Sometimes email messages are incorrectly identified as SPAM. To submit emails identified in this way:

  1. Compose a new email
  2. Address the email to not_junk@office365.microsoft.com
  3. Leave the body of the new message empty (remove any auto-populating signatures)
  4. Attach the email message that was incorrectly identified. Note: Do not simply forward the message.
  5. Delete the original message

Sources:

The State of Vermont, Department of Information and Innovation, "Instructions for reporting spam and phishing scam messages to Microsoft for Analysis

https://en.wikipedia.org/wiki/Phishing

https://en.wikipedia.org/wiki/Email_spam