Monthly Archives: July 2018

News: Blackmail and Extortion emails

News

NOTE TO READERS: The Catch of the Day blog not only posts examples of phishing, fraud, and other malicious emails, but also best practices and general CIS news items.  This is one of them!  You can always locate best practices and news items by clicking on any category (right-hand sidebar).

Computing and Information Services has received increasing reports of incoming emails that attempt to blackmail the recipients.  The emails claim that there is compromising or unsavory information that will be sent to the recipient’s friends and family, unless funds are paid via wire transfer or Bitcoin.

These emails are sent by criminals in an attempt to get money directly via extortion.  The individuals sending these emails do not have any real information, and can’t contact your friends and family.

The emails may contain some details about you such as your full name and role at Vassar.  In more extreme cases, they contain enough details that you may be convinced the threat is real.  Those details are gained from various sources on the Internet, and do not indicate that the attacker actually knows you or has gained access to any of your Vassar or personal accounts.

If you receive a blackmail or extortion attempt via email, please send it to catchoftheday@vassar.edu so we can evaluate the content.  We can advise you on the best action to take.

And remember: the best way to protect your accounts is by using multi-factor authentication!  See our post here: http://pages.vassar.edu/catchoftheday/2017/06/29/best-practice-enabling-multi-factor-authentication-with-duo/

 

Online Access Locked

Phishing

We have received reports of a new phishing email that looks like it is from JP Morgan Chase, with the subject line “Online Access Locked”.  If you received this message, please email it to catchoftheday@vassar.edu so an incident can be opened and a screenshot posted on this website.

In the meantime, remember our past advice:

 

  • Always examine the link! Look at the information in your web browser to determine whether or not the site you are directed to is a Vassar site or an unknown (or suspicious) one.
  • A phone call to the alleged sender would quickly verify whether or not an email is legitimate. It only takes a few minutes to pick up the phone!
  • Report it as phishing to Google. Before deleting the message, make sure to click on “report phishing”.
  • A little paranoia goes a long way! Be suspicious of any email messages similar to this one.
  • Did you know: the best way to protect your accounts is by using multi-factor authentication!  See our recent post here: http://pages.vassar.edu/catchoftheday/2017/06/29/best-practice-enabling-multi-factor-authentication-with-duo/