In the last two days Catch of the Day has received multiple reports of suspicious email messages claiming to be from Vassar personnel. All of these messages came from gmail.com, not from vassar.edu. The messages ask the recipient one of the following:
If you receive one of these messages, please email it to email@example.com and then delete it. If you engage the sender, it will lead to a fraudulent financial transaction in which you may have funds stolen from you.
These emails are from a criminal who is trying to steal money by impersonating Vassar employees and targeting people within an individual’s department or organization. The criminal tries to convince the recipients to purchase one or more gift cards and send back the redemption codes. This is a common scam based on existing trust relationships among employees. Remember to always double-check the “from” and “reply-to” addresses in email to verify the sender. It is a good practice to contact the purported sender through a known phone number, or create a new email sent to the person’s vassar.edu email address to ask if the original request was authentic. Also, if these messages are discovered in a Spam or Junk folder, it is reasonable to assume that the message is not a valid request from a Vassar College community member.
The reports we received specifically targeted department heads and supervisors. The incoming email addresses were blocked as soon as they were brought to our attention, in order to prevent additional communication from the criminal.
Thank you for your attention and thank you as always for your timely reporting! The diligence from our community members keeps all of us at Vassar College safe and secure.
Stay informed about information security alerts with the new CIS service status page!
Computing and Information Services has a new status page available at servicestatus.vassar.edu. The page displays information about all scheduled maintenance, outages, and information security alerts.
Make sure you subscribe to the services you use in your work and/or studies at the college and the information security category to stay informed about relevant maintenance, outages, and alerts. There are guides to help you get started at go.vassar.edu/statuspagehelp. More information about CIS communicates is available at computing.vassar.edu/communications.
If you have any questions or need additional assistance, please contact the CIS Service Desk at (845) 437-7224 or firstname.lastname@example.org.
Here at Catch of the Day we care about avoiding malicious emails that attempt to steal data or money, whether from Vassar College or from any individual associated with the college. We don’t want anyone to suffer negative impacts from cybercriminals and all that they do!
We also care about avoiding scams that are not directly related to computing. Ever since the COVID-19 pandemic started, cybercriminals have been taking advantage with some new and interesting ways to try to steal data and money. It is important to be aware of all these scams and understand how to avoid them.
Here is a partial list of COVID-19 scams to watch out for:
If you ever see an advertisement or get an email and you are unsure of it’s legitimacy, send it along! Email the link or forward the original email to email@example.com If you get a suspicious phone call, you may report it to the same email address. If it is urgent, please contact the Service Desk at 845-437-7221
Stay vigilant! Stay safe! And most importantly, don’t get hooked.
A community member reported a new scam by telephone. The caller claimed they were from a pharmacy, and in partnership with Aetna, would provide over the counter medications mailed to their home for free. The caller had the individual’s name, address, and date of birth.
Cyberattackers will take advantage of any opportunity to scam people in order to steal money. With the current public health emergency, there will be an increase in telephone, email, and website scams. Please be hyper-vigilant when answering calls, responding to emails, and clicking on links, especially from social media.
Here are some tips for spotting a phone scam:
In this case the person who received the call offered to contact Aetna to verify that this was a valid offer. At that point the caller hung up the phone.
Please always report suspicious emails, phone calls, and even websites to firstname.lastname@example.org
Thank you all for your diligence and continued reporting!