Cyberscam Alert: Fake contact posing as legit

Published by on December 15, 2021 12:40 am Comments Off on Cyberscam Alert: Fake contact posing as legit in General

The Office of Information Security (OIS) warns about a major increase in a current phishing scam targeting faculty, staff and students. 

About the scam
The attacker intercepts a legitimate past email conversation between known contacts (like vendors or TU employees). The scammer uses the contact’s screen name so it appears that you know them, but they’ve changed the email address. The messages often contain a link to download a file or an attachment to be downloaded which attacks your computer and accounts. The best way to confirm an email address is to hover over the sender’s name to see their address or TU info pops up-especially if you’re being asked to click a link or download files.

Recognizing the phishing attack
Look for these-or any combination of-these things:

  • The tag [EXTERNAL EMAIL – USE CAUTION]. The external tag is present at the top of all incoming emails coming from external sources, so you review and evaluate them to ensure the emails aren’t fake. Note: not all emails with this tag are malicious; it’s meant to raise your awareness
  • A request to click a link or download a file?
  • An unknown sender email address – Confirm if you recognize the email address, not the sender’s name.
  • Generic open-ended questions in the subject or body. Examples include: ‘Are you available’, ‘do you have a minute’, or asking for your mobile phone number.
  • Requests to move the conversation to a text.
  • An unusual or strange purchase request.

 What to do if you have received this type of phishing attack email 

  • Do not reply!
  • Do not click any links.
  • Do not download any files.
  • Hover over screen name to see and confirm the sender’s email.
  • Question the request: is this request expected or normal?
  • Report the phish by using the ‘Report Phish’ button in Outlook on a computer, or by forwarding the email to phishing@towson.edu. Both options send the email to the Office of Information Security for review.
  • Confirm the sender.  If faculty or staff asks for sensitive information, or for you to make a purchase, look up their phone number in the TU Directory and call or message them separately to confirm their request. 

 For more resources on how to recognize phishing, visit www.towson.edu/phishing. 

 

Tags: , , , ,

Categorised in:

This post was written by Weldon, Jennifer