Pharmacy Scam related to COVID-19

A community member reported a new scam by telephone.  The caller claimed they were from a pharmacy, and in partnership with Aetna, would provide over the counter medications mailed to their home for free.  The caller had the individual’s name, address, and date of birth.

Cyberattackers will take advantage of any opportunity to scam people in order to steal money.  With the current public health emergency, there will be an increase in telephone, email, and website scams.  Please be hyper-vigilant when answering calls, responding to emails, and clicking on links, especially from social media.

Here are some tips for spotting a phone scam:

  • Ask what company the person is calling from
  • If possible, put the person on hold and look up the phone number they are calling  from on your computer
  • If it’s a known company, offer to call them back on their verified number
  • Any caller who asks for restricted information such as social security number, credit card number, family member’s names, personal address, or home phone is suspect

In this case the person who received the call offered to contact Aetna to verify that this was a valid offer.  At that point the caller hung up the phone.

Please always report suspicious emails, phone calls, and even websites to catchoftheday@vassar.edu

Thank you all for your diligence and continued reporting!

Suspicious emails impersonating Vassar personnel

Today we received multiple reports of email messages claiming to be from Vassar personnel.  All of these messages came from gmail.com, not from vassar.edu.  The messages ask the recipient to reply quickly for an unspecified favor, or ask if someone is “available”.

If you receive one of these messages, please email it to catchoftheday@vassar.edu and then delete it.  If you engage the sender, it will lead to a fraudulent financial transaction.  The emails are from a criminal who is trying to steal money by impersonating Vassar employees and targeting people within an individual’s department or organization.  The criminal tries to convince the recipients to purchase one or more gift cards and send back the redemption codes.  This is a common scam based on existing trust relationships among employees.  Remember to always double-check the “from” and “reply-to” addresses in email to verify the sender.  It is a good practice to contact the purported sender through a known phone number, or create a new email sent to the person’s vassar.edu email address, to ask if the original request was authentic.
The reports today were for five separate instances of impersonation, targeting five different department heads.  All of the incoming email addresses were blocked as soon as they were brought to our attention, in order to prevent additional communication from the criminal.

Thank you for your attention and thank you as always for your timely reporting!  The diligence from our community members keeps all of us at Vassar College more safe and secure.

WELCOME BACK! A message from Catch of the Day

Welcome back to campus to all returning students and a great big welcome to our incoming students, the class of 2023!

We refer to the first two months of the Fall semester as phishing season.  Cybercriminals are aware of the Higher Education academic schedule, and take full advantage of the early semester rush and the influx of new faculty and students in order to bombard community members with a wide variety of malicious emails.

Since late August we have seen a large increase in malicious emails, including the following:

  • Extortion emails
  • Fake invoices
  • Impersonation
  • Attempts to change Direct Deposit

We are guaranteed to see more over the coming weeks and we depend on the community to report these issues swiftly by sending an email to catchoftheday@vassar.edu

Now would be a good time to brush up on the different types of emails we receive and review some of our best practices:

Stay safe and keep sending those suspicious emails!  We review each email and we always respond.   Send them along to catchoftheday@vassar.edu

Suspicious emails impersonating Vassar personnel

Over the last few days, we have received multiple reports of email messages claiming to be from Vassar personnel.  These messages come from outside email addresses, not from a vassar.edu address.  The messages ask the recipient to reply quickly for an unspecified favor, or ask if someone is “available”.

If you receive one of these messages, please email it to catchoftheday@vassar.edu and then delete it.  If you engage the sender, it will lead to a fraudulent financial transaction.  This email is from a criminal who is trying to steal money by impersonating a Vassar employee and targeting people within the person’s department or organization.  The individual would try to convince the recipients to purchase a gift card and send back the redemption code.  This is a common scam based on existing trust relationships among employees.  Remember to always double-check the “from” and “reply-to” addresses in email to verify the sender.

We have also received a report of this same scam being send by text message to mobile phones.  Please report any impersonation attempt that occurs by text or phone call in addition to via email.

Thank you for your attention and thank you as always for your timely reporting!  The diligence from our community members keeps all of us at Vassar College more safe and secure.