Tag Archives: scam

Tip #19 Deal of the Century! (Too bad it’s a scam!)

Image: Wallace Brown Greeting Cards, Boys' Life, Sept. 1953, p. 5. (Get rich quick scams are much older than the Internet.)

Image: Wallace Brown Greeting Cards, Boys’ Life, Sept. 1953, p. 5. (Get rich quick scams are much older than the Internet.)

Scroll through some of the previous posts on the Fordham IT Security News blog, and you’ll find all sorts of scams. No doubt you’ve received a few yourself. 

Be on the alert. If it’s too good to be true, especially if you have to give away information about yourself or pay money, it’s probably a scam. 

Job Scams Cyber criminals post their advertisements on legitimate job sites and often use familiar-looking or convincing company logos, language, and links to fake websites that appear to be those of real organizations.

These sites might charge fees for services that real companies would never render. After you submit your resume and personal information, they might ask you for a $50-$100 fee. Normally, after a few days the thieves close the scam and disappear.

Donation Scams Natural disasters, political campaigns, and global health issues are often the emphasis of donation phishing scams. For instance, recently, cyber criminals have used earthquakes and tsunamis to create illegal “charity” businesses to help the survivors of these events.

Many of these scams begin with an email or a post in an online forum asking for donations in the name of well-known, legitimate charities. When you click a given link, you are taken to a phony website devised to trick you into providing your personal financial information.

Fake E-cards E-cards are made the same way that websites are: they’re built on the Internet, just like this web page. So when you send someone an e-card, you send them a link to click, which takes them to the online greeting card you created for them.

This means an e-card you receive could actually be a phishing scam spam or a spyware installer, or a computer virus.

Read Microsoft’s helpful pages about more best practices on how to avoid these kinds of scams.

By Nicole Kagan, Fordham IT News Editor

Tip #18 Are You SURE You Want to Download that App?

Image: Ad for Kodak Instamatic Camera. Life Magazine, Sept. 17, 1965, p.64.

Image: Ad for Kodak Instamatic Camera. Life Magazine, Sept. 17, 1965, p. 64.

A Snapchat notification twinkles out at you from the phone. It’s midterms week and you’re craving a break from studying. Before you can open up the (probably very funny) “snap” your best friend sent you, an ad for something called SnapNSave pops up. “Save and view snaps as many times as you like,” reads the app’s description. You think to yourself, What a great idea!

But little do you know, the Snapchat you’re about to save will be hacked and exploited like the other 500Mb of photos that were just stolen by this app.

Legitimate third-party applications can offer entertainment or functionality. But use caution when you decide to enable any application on a device. Avoid applications that seem too good to be true, or significantly change the operation of a trusted app. Also, adjust your settings to limit the amount of information an application can access.

Read more about third-party app risks in this article from FireEye.

By Nicole Kagan, Fordham IT News Editor

Tip #15 Your First Line of Defense: Strong Passwords

Image: "Knights in Shining Armor," Pascal, Flickr.

Image: “Knights in Shining Armor,” Pascal, Flickr.

Your workout buddy, Fred tells you his Facebook account is acting glitchy. He wants to look up on Facebook this month’s schedule of classes at Crossfit, so he asks if he can use your account on his phone.

“Sure,” you say. You’ve forgotten that you only met Fred last month. But you feel like you’ve known him forever. He seems like a nice guy. “Easy as pie,” you tell him. “It’s ‘apple123,’” you say while you type next to the blinking cursor. “Thanks, Bud!” says Fred.

Fast forward to the next morning. You’re at Starbucks, and your first cup of coffee is only a gulp away. Except you’re staring at “insufficient funds” on the card swiper. Turns out, while you were sleeping, your buddy, Fred (later you’ll discover his name was not Fred), hacked into your bank account last night. It was easy to do, since you use the same password for everything.

Even though it’s tempting to use a single password that’s easy to remember, that won’t do you any good against hackers, who are pretty smart when it comes to figuring out easy passwords–and even more difficult ones.

A strong password is your first line of defense against intruders and imposters. Also, using a different password for every site you go to is an equally strong line of defense to take.

To be safe, make sure your password uses upper and lower case letters, numbers, and characters. Change it often, too. At Fordham University, we want you to be careful, so we require everyone to change their AccessIT ID password every 180 days. Read more about Fordham’s password policies and guidelines.

 

Tip #13 Is that a Fish on Sale or a Phish?

Image: Phishing. adampop, Flickr.

Image: Phishing. adampop, Flickr.

Would an Ebay representative threaten to close your account lest you submit $150? Would Amazon normally offer you $100 free store credit? Would your favorite clothing store usually give you 80% off on fall clothes purchases? Chances are, if an offer seems too good to be true, it probably is!

If you’re surfing the web and you encounter something feels “phishy” or suspicious, take note! If an offer seems too good to be true, forget it! Some of the most common phishing scams target Internet users that blindly click and submit personal information, so make sure to be mindful of the way design and information are presented — before you click.

Phishing sites often try to replicate the “look and feel” of an existing site. They attempt to lure people into using phony websites that look just like the authentic sites of larger companies, organizations, or agencies that they are impersonating. Because we conduct meaningful transactions online every day, ranging from making simple purchases, to paying bills, to even paying taxes, it’s important that we’re alert to subtle changes on websites that we normally use. These deviations might be link names, header titles, text, or layout of a site.

So, take note and be careful when perusing the web. Unfortunately, a growing strategy for attackers is playing on the innocence and ignorance of Internet users.

Tip #10 Geotagging and Location Sharing–Just Don’t!

1937 Map of the Bronx

1937 Map of the Bronx

When you got back from vacation, your friends looked at you with amazement and admiration: You went to the Louvre in Paris, the Forum in Rome, AND you ran the Great Wall Marathon in China. They know this because every time you stopped for a croissant, a dish of pasta, an egg roll, or to tie your sneakers, you geotagged your location on all your social networks.

Location tagging or geotagging yourself on social networks is never safe. While it might look cool that you’re visiting iconic places or doing incredible feats (or just mundane things), at the same time, you risk cluing in a stalker about exactly where to find you, or telling a thief that you’re not home.

Whenever you geotag, you’re not only talking to a small group of friends. You may potentially be talking to anyone on the Internet. In general, location tagging is not a safe feature to activate, so do your best to avoid it.

Read more about geotagging on The Daily Beast.

Tip #7 Check before you click!

Screen Shot 2015-10-07 at 10.37.16 AM

Example of a valid link.

By Meiren Park, IT Communications Intern

You get a lot of links thrown at you everyday, from various sources: email, texts, Twitter, websites and so on. Viruses and malware can enter your computer just by clicking on it. Play it safe by checking the link before you click on it.

You can check a link by hovering over it with your cursor. Look at the bottom left of your screen to see whether the link is legit or not. A legitimate link won’t have a long string of letters and numbers–it’ll just be the same URL as the link you’re about to click on. For example, if the link says “www.google.com,” that same link should appear on the bottom left of your screen. In the example above from the New York Times, the cursor was placed over an image and the image’s link appeared on the lower left.

If you’re not sure whether a link is good or not, call IT Customer Care to report it.

Don’t fall victim to a malicious attack. Be careful before you check out the newest link you find on your feed! Read more about this on our web page, Spam and Phishing.

Image: “New York Film Festival Offers Quiet Treasures and a Little Jazz,” New York Times, October 7, 2015.

Tip #3 | Don’t Share THAT about Yourself Online!

Shakespeare Listens

Image: Kelli Marshall, Locating Shakespeare in the 21st Century, Vimeo

Inappropriate sharing of secrets always makes for a good plot twist in a Shakespearean play:

O negligence!
Fit for a fool to fall by: what cross devil
Made me put this main secret in the packet
I sent the king? Is there no way to cure this?
No new device to beat this from his brains?
(Henry VIII, Act 3.2)

When you meet someone new, whether it’s in your residence hall, at a party, or at work, do you immediately tell that person your full name, social security number, phone number, address, credit card and bank account numbers? Didn’t think so. You wouldn’t share most of that information with a good friend, either.

But what if you were asked, politely, a few times for the information? And what if the request came with a promise not to share any of your personal information, including your funny middle name, with anyone else? Right. Didn’t think so.

You should feel the same way about your privacy when a social media site asks you for that information. If you need to share those personal details to join the site, that’s a red flag. Walk (or surf) away from it, fast.

When you share something that’s personally identifiable with the wrong person or website, it will be quite difficult to find a “cure” and “beat” it out of his or her “brains” or database!

Read more about Cyber Security Awareness Month!

Tip #1 | Spam: Report and Delete!

Fordham Spam graphic2

Did you know that if you click “unsubscribe” on some messages in your inbox, you might unwittingly share your email address with another email list? You’ll end up getting more spam, instead of less. The best way to deal with those messages is to send them to your spam folder and then delete them.

Most email clients, including Fordham Gmail, offer you the option to report as spam the unwanted emails sent to your inbox. When you report a message as spam or junk, you’re training your email filter to send similar unwanted emails to the spam folder the next time. Do check your spam folder at least once a month to make sure legitimate emails haven’t slipped in there. Here’s how to report spam in your Gmail.

At Fordham University, students benefit from Google’s spam filtering. Read more about creating filters for Gmail.

In addition to Google’s spam filter, Fordham faculty and staff receive protection from Proofpoint. This email security solution filters spam and traps email that contain malware or is from senders “phishing” for personal information. More information about Proofpoint, including how-to videos for creating filters, is located on the Fordham IT web page, Spam Management and Email Filters.

Stay tuned for more tips throughout October, which is Cyber Security Month.

Emergency Travel – Scam Email Sent to the Fordham Community on 2/19/2015

This is Scam email that has been reported. This message was
received on or about February 19th, 2015. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.


  
——————–Begin Message ——————————

From: Barbara ONeill <barbarakaneoneill@hotmail.com>
Sent: Thursday, February 19, 2015 4:25 AM
Subject: This Is An Emergency…Barbara ONeill
Greetings,
How
are you doing? I do hope this finds you well, and really sorry to be
mailing at such short notice. I traveled to the ISTANBUL SURGERY
HOSPITAL in (Istanbul,TURKEY)to see my cousin who is critically sick.He
was diagnosed with (Acute Lymphoblastic Leukemia). I was advised by the
doctor that the only way he can survive is by undergoing a BMT (Bone
Marrow Transplant) surgery.
Please
I really don’t know how to say this,but i really need your financial
assistance as this is a matter of Urgency. I hope you get back to me as
soon as you get this mail.
Hope to read from you soon
Best Regards
Barbara ONeill 

—————————–End Message ———————–

Wire Transfer – Malicious Email Sent to the Fordham Community on 12/03/2014

This is Malicious email that has been reported. This message was received on or about December 10th, 2014. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact IT Customer Care at 718-817-3999 or via email: helpit@fordham.edu.


  
——————–Begin Message ———————

From: User@domain.com
Date: Tue, Dec 9, 2014 at 4:46 PM
Subject: Re:Re: Wire Transfer
To:

Hello Sir,

please kindly reconfirm the bank details once again,  as we are about to
initiate the second Wire transfer ,find attached the confirmation of the
first amount wired
.Please reply ASAP

Thanks
Leanne James
P.N.N.S. Palitha
(Accountant)

—————————–End Message ———————–