Online scammers continue to target Washington State University faculty, staff, and students. To make it easier to recognize the threats, Information Security Services would like to share the three most common email attacks that will lead to loss of time, money, and information.
Earn money every week for only a few hours of work
This is currently the most common scam that is plaguing email inboxes. First, scammers provide something that seems great, and then they prey on the person’s desire to have a flexible job that would pair well with a busy school schedule. The scammer will often provide a check. They will include instructions to deposit the check and ask that funds then be immediately sent to some other account which they control. The check will take approximately 48 hours to validate, while the transfer of funds will be immediate. The check will come back as invalid, the deposit will be reversed, and the transferred funds will already be gone.
Examples:
- You have been selected for the ongoing Student Empowerment Program put in place by university human resources management to work for $370 weekly and study. If interested, kindly send your phone number and personal email address for more details.
- Washington State University, Department of Biological and Environmental Sciences needs the services of students from any department to work remotely as research assistants and get paid $400 weekly. To proceed with the application process submit your resume, functional phone number and year of study via this email address to receive the job description and further information. This offer is open to all Department and undergraduate students as well.
Login now to prevent deletion of your email account!
This phishing campaign is focused on stealing one thing — a password. While many online accounts are moving to a multifactor authentication system, some still only require a username and a password.
Scammers want the recipient to think that their email account is on the verge of being deleted. That sense of urgency is important because it will cause the recipient to overlook indicators that the email is a fake. Clicking the link redirects the recipient to a fake login page which often closely resembles the real login page that is being impersonated. When the recipient enters their username and password, the information is sent to the scammer.
Example:
- This is the last and final notice or our administrator will disable your access to your email. Please click here to login to your account security by completing the required details to avoid the deactivation of your edu-email account.
Thank you for renewing your subscription!
This email scam is becoming much more prevalent. It combines concepts from the previous two examples and attempts to trick people into giving money.
The email is designed to instill that same sense of urgency. Seeing an invoice with such a high amount and being told that it has already been processed is enough to cause people to get emotionally charged. Calling the provided customer support number will lead to a conversation about an easy refund process in which customer support will claim that they “accidentally” typed the wrong amount for the refund. They will then demand money, wire transfers, or direct bank account access.
Example:
- We’ve received your payment for invoice number *GI1643297500UX* for NORTON 360.
Product Title: *NORTON 360*
Grand Total: *$584.00 USD*
START DATE: *27 Jan 2022*
*Not You?*
Then Claim refund. Call our customer support as soon as possible to process unsubscription.
As long as there is a profit to be made from these sorts of scams, the emails will continue to show up in inboxes. Information Security Services is actively working to protect WSU from these threats. If you have received one of these, please forward it to abuse@wsu.edu.
