No "Phishing"! -- Beware of Internet Scams and Hoaxes
If you read email, then you have been the target of an Internet scam or hoax. Hopefully, you recognized it and avoided being victimized. But Internet scammers are getting much better at enticing readers by disguising their schemes as coming from legitimate sources. The information below is designed to help Cal Poly users identify, avoid and report Internet scams and hoaxes. (See also the Campus SPAM Alerts page.)
Common Internet Scams (based on complaints to abuse@calpoly.edu):
- Bogus Cal Poly Password or Account Notice
These messages appear to come from a "calpoly.edu address" (e.g., admin, support, accounts, etc.), are directed to "Cal Poly Member" or "calpoly.edu account holder", and claim to be sent by "The Cal Poly Support Team" or similar entity. They may claim that your password or account is being misused or compromised and is being terminated or suspended. They direct you to follow instructions on a website or in an attached file to fix the problem. Instead, clicking on the link or opening the attachment may infect your computer and spread a virus. Legitimate providers, including Information Technology Services, would include more detailed contact information, such as a valid email address, department name, and telephone number when sending such communications.
- Nigerian Scam/Advance Fee Fraud (419)
These notices come in many forms, but typically appear to be from an alleged “official” representing a foreign agency or government (not necessarily Nigeria) with an offer to transfer a commission into your bank account in exchange for assisting them with transferring a large sum of money. If it seems too good to be true, it is! See also: the FTC Consumer Alert and FBI notice for more information.
- Online Extortion - E-Mail Scam Includes Hit-Man Threat
A variation of the Advance Fee Fraud, but instead of preying on the recipient's greed or good intentions, it preys on their fears. The scam e-mail, which first appeared in December 2006, threatens to kill the recipient if they do not pay thousands of dollars to the sender who purports to be a hired assassin. The Federal Bureau of Investigation (FBI) advises against replying and recommends just deleting the email. Read the FBI article on this scam for more information.
Recommended Actions
Cal Poly’s email gateway now tags many of these messages as “cpSPAM” and identifies and removes infected attachments, but it isn’t foolproof and messages will get through. If you receive one, do NOT reply, click on a link or fill out a form. If you have an account with the company, contact them by phone to check the validity of the request. If you have any questions about the validity of a Cal Poly password or account notice, please forward it to abuse@calpoly.edu.
Reporting Internet Scams
To file a complaint, you can forward the message with full headers to the originating Internet Service Provider (ISP). However, complaining to some ISPs can be problematic, so your best course of action may be to delete the message!
Visit this page for information on how to file a complaint with an off-campus ISP.
Visit the Internet Crime Complaint Center to file any complaint about Internet crime.
Identifying Internet Scams
If you receive ANY suspicious email, check the following websites first to see if it is a known virus, scam or hoax before filing a complaint with the appropriate ISP:
If you cannot find information there and are still concerned, you can forward the message, including complete headers, to abuse@calpoly.edu for analysis. NOTE: Priority will be given to inquiries from Cal Poly users or about email originating from Cal Poly.
|
