This is an informational post about recent complaints CIS has received about voicemail messages left on phones around the campus.
We have received numerous reports of phone calls coming into campus with an inbound phone number from New York City (area code 212) where the caller leaves a voicemail message of varying lengths. All callers are reported to be speaking an East Asian language.
These phone calls are a well-known scam that targets Asian Americans. It is similar to the United States based IRS scam, where a caller purports to be calling from the IRS about owing money. In this case, the ruse is that the target person is being investigated by the Consulate. If a payment is made to the caller, the complaint will be dropped.
These calls are not malicious but engaging with the caller could lead to a loss of personal funds. Please do not engage the caller at all. If the person leaves a voicemail and you have voicemail to email capability, please forward it to firstname.lastname@example.org so we can track the complaints. After forwarding you are free to delete the original voicemail.
For more information on this type of scam, please see this article from earlier this year:
Thank you to all who have reported this and keep the suspicious emails (and phone calls!) coming. Your contributions help keep Vassar safe and secure from Phishing, Spam, Fraud, Viruses, and all sorts of cyber criminal activity!
NOTE TO READERS: The Catch of the Day blog not only posts examples of phishing, fraud, and other malicious emails, but also best practices and general CIS news items. This is one of them! You can always locate best practices and news items by clicking on any category (right-hand sidebar).
Computing and Information Services has received increasing reports of incoming emails that attempt to blackmail the recipients. The emails claim that there is compromising or unsavory information that will be sent to the recipient’s friends and family, unless funds are paid via wire transfer or Bitcoin.
These emails are sent by criminals in an attempt to get money directly via extortion. The individuals sending these emails do not have any real information, and can’t contact your friends and family.
The emails may contain some details about you such as your full name and role at Vassar. In more extreme cases, they contain enough details that you may be convinced the threat is real. Those details are gained from various sources on the Internet, and do not indicate that the attacker actually knows you or has gained access to any of your Vassar or personal accounts.
If you receive a blackmail or extortion attempt via email, please send it to email@example.com so we can evaluate the content. We can advise you on the best action to take.
And remember: the best way to protect your accounts is by using multi-factor authentication! See our post here: http://pages.vassar.edu/catchoftheday/2017/06/29/best-practice-enabling-multi-factor-authentication-with-duo/
We have received reports of a new phishing email that looks like it is from JP Morgan Chase, with the subject line “Online Access Locked”. If you received this message, please email it to firstname.lastname@example.org so an incident can be opened and a screenshot posted on this website.
In the meantime, remember our past advice: