SHAREPOINT.PDF
Suspicious emails impersonating Vassar personnel
Today we received multiple reports of email messages claiming to be from Vassar personnel. All of these messages came from gmail.com, not from vassar.edu. The messages ask the recipient to reply quickly for an unspecified favor, or ask if someone is “available”.
If you receive one of these messages, please email it to catchoftheday@vassar.edu and then delete it. If you engage the sender, it will lead to a fraudulent financial transaction. The emails are from a criminal who is trying to steal money by impersonating Vassar employees and targeting people within an individual’s department or organization. The criminal tries to convince the recipients to purchase one or more gift cards and send back the redemption codes. This is a common scam based on existing trust relationships among employees. Remember to always double-check the “from” and “reply-to” addresses in email to verify the sender. It is a good practice to contact the purported sender through a known phone number, or create a new email sent to the person’s vassar.edu email address, to ask if the original request was authentic.
The reports today were for five separate instances of impersonation, targeting five different department heads. All of the incoming email addresses were blocked as soon as they were brought to our attention, in order to prevent additional communication from the criminal.
Thank you for your attention and thank you as always for your timely reporting! The diligence from our community members keeps all of us at Vassar College more safe and secure.
Docusign Alert For:
NOTICE
Important Voice SMS
October is National Cybersecurity Awareness month!
Spend October becoming Cyberaware! Computing and Information Services is posting tips on its Facebook page. You can also find information at Stay Safe Online.
Remember to be alert and report all suspicious email or other cyber activity to catchoftheday@vassar.edu!
WELCOME BACK! A message from Catch of the Day
Welcome back to campus to all returning students and a great big welcome to our incoming students, the class of 2023!
We refer to the first two months of the Fall semester as phishing season. Cybercriminals are aware of the Higher Education academic schedule, and take full advantage of the early semester rush and the influx of new faculty and students in order to bombard community members with a wide variety of malicious emails.
Since late August we have seen a large increase in malicious emails, including the following:
- Extortion emails
- Fake invoices
- Impersonation
- Attempts to change Direct Deposit
We are guaranteed to see more over the coming weeks and we depend on the community to report these issues swiftly by sending an email to catchoftheday@vassar.edu
Now would be a good time to brush up on the different types of emails we receive and review some of our best practices:
- Impersonation emails: http://pages.vassar.edu/catchoftheday/2019/06/28/suspicious-emails-impersonating-vassar-personnel-2/
- Invoices with malicious attachments: http://pages.vassar.edu/catchoftheday/2019/04/03/ach-notification/
- Unsolicited Google Doc sharing: http://pages.vassar.edu/catchoftheday/2019/03/27/docx-docx-shared-via-google-drive/
- Employment fraud: http://pages.vassar.edu/catchoftheday/2018/05/07/a-message-personal-assistant-at-dres/
- Best Practice: enable Duo: http://pages.vassar.edu/catchoftheday/2017/06/29/best-practice-enabling-multi-factor-authentication-with-duo/
- Best Practice: use a Password Manager! Vassar College is happy to offer LastPass Premium for anyone with a vassar.edu email address or LastPass Enterprise for employees. Find out more from our Service Catalog: https://go.vassar.edu/servicedesklastpass
Stay safe and keep sending those suspicious emails! We review each email and we always respond. Send them along to catchoftheday@vassar.edu
Suspicious emails impersonating Vassar personnel
Over the last few days, we have received multiple reports of email messages claiming to be from Vassar personnel. These messages come from outside email addresses, not from a vassar.edu address. The messages ask the recipient to reply quickly for an unspecified favor, or ask if someone is “available”.
If you receive one of these messages, please email it to catchoftheday@vassar.edu and then delete it. If you engage the sender, it will lead to a fraudulent financial transaction. This email is from a criminal who is trying to steal money by impersonating a Vassar employee and targeting people within the person’s department or organization. The individual would try to convince the recipients to purchase a gift card and send back the redemption code. This is a common scam based on existing trust relationships among employees. Remember to always double-check the “from” and “reply-to” addresses in email to verify the sender.
We have also received a report of this same scam being send by text message to mobile phones. Please report any impersonation attempt that occurs by text or phone call in addition to via email.
Thank you for your attention and thank you as always for your timely reporting! The diligence from our community members keeps all of us at Vassar College more safe and secure.
School is over! Beware of employment fraud.
Congratulations to all Vassar students, faculty, administrators, and staff on the end of another academic year. We especially want to congratulate the class of 2019. And to any student returning in the fall, have a wonderful summer break.
We have two particularly busy times of year for malicious emails. Right now is one of them, right after the academic year comes to a close. In May and June, be wary of any email that contains a too-goo-to-be-true employment offer. Unsolicited email from a potential employer is always a reason to be cautious, and these emails are most likely fraudulent. See some recent examples here:
http://pages.vassar.edu/catchoftheday/2018/04/22/425/
http://pages.vassar.edu/catchoftheday/2019/02/26/a-message-refinery29-job-offer/
We have also received reports of fraudulent phone calls related to employment offers or reference checks. Specifically, a user reported that a company called asking for a reference check on a student, but the caller asked for a large amount of personal information. If any employee of Vassar College receives a request for a reference of any kind, be sure to validate the request with the individual it is pertaining to. Similarly, if you are a student who gives references to a company, be sure to tell your references about your job application so the references go smoothly.
The next time of the year to watch for suspicious email is in the fall. As you take a break from Vassar, stay diligent in reviewing emails and report anything suspicious to catchoftheday@vassar.edu
Thank you to all the people in the community who continue to report suspicious email (and phone) activity. Your timely notifications help keep us all safe and secure.