No "Phishing"! Beware of Internet Scams and Hoaxes
If you read email, then you have been the target of an Internet scam or hoax. Hopefully, you recognized it and avoided being victimized. But Internet scammers are getting much better at enticing readers by disguising their schemes as coming from legitimate sources. The information below is designed to help Cal Poly users identify, avoid and report Internet scams and hoaxes. (See also the Campus SPAM Alerts page.)
Common Internet Scams (based on complaints to abuse@calpoly.edu)
Airline Customer "Phishing” Scam
These emails purport to come from a valid airline (e.g., United, Northwest, Delta, etc.) and urge the recipient to confirm a ticket purchase they never ordered. The message asks the recipient to print an invoice and electronic ticket by clicking on an attachment (filename.zip). DO NOT OPEN THE ATTACHMENT OR CLICK ON ANY LINKS. Doing so can download and install malware which can be used to access confidential information. ITS recommends deleting the message. If you opened the attachment, contact the ITS Service Desk (805.756.7000) or your LAN Coordinator for information and assistance.
“Phishing” Financial Account Scam
These emails appear to come from a legitimate financial institution, such as Citibank, Visa, eBay and PayPal. A recent variation purported to come from SESLOC. They claim to have found an error with your account in order to entice you to update and verify your account information via a website included in the message. Doing so can reveal credit card, account and other personal information to identity thieves. Read "How Not to Get Hooked by a 'Phishing' Scam" and other facts about phishing. Take the SonicWALL Phishing IQ Test and play the Anti-Phishing Phil online game to learn more about phishing scams in general, and how to tell the difference between a phony and legitimate message in particular.
Bogus Cal Poly Password or Account Notice
These messages appear to come from a "calpoly.edu address" (e.g., admin, support, accounts, etc.), are directed to "Cal Poly Member" or "calpoly.edu account holder", and claim to be sent by "The Cal Poly Support Team" or similar entity. They may claim that your password or account is being misused or compromised and is being terminated or suspended. They direct you to follow instructions on a website or in an attached file to fix the problem. Instead, clicking on the link or opening the attachment may infect your computer and spread a virus. Legitimate providers, including Information Technology Services, would include more detailed contact information, such as a valid email address, department name, and telephone number when sending such communications.
Nigerian Scam/Advance Fee Fraud (419)
These notices come in many forms, but typically appear to be from an alleged “official” representing a foreign agency or government (not necessarily Nigeria) with an offer to transfer a commission into your bank account in exchange for assisting them with transferring a large sum of money. Other variations include letters from lawyers or relative acting on behalf of a deceased individual; notification of lottery winnings; fraud recovery notices; etc. If it seems too good to be true, it is! For a detailed explanation, including common variants, please read the Wikipedia entry on advance fee fraud. See also: the FTC Consumer Alert and Federal Bureau of Investigation (FBI) notice for more information.
Online Extortion - E-Mail Scam Includes Hit-Man Threat
A variation of the Advance Fee Fraud, but instead of preying on the recipient's greed or good intentions, it preys on their fears. The scam e-mail, which first appeared in December 2006, threatens to kill the recipient if they do not pay thousands of dollars to the sender who purports to be a hired assassin. The FBI advises against replying and recommends just deleting the email. Read the FBI article on this scam for more information.
"Scam Victims/Compensation" Message
A recent variation of the Advance Fee Fraud that purports to come from a valid government entity (e.g., United Nations, United States Congress, etc.) and claims the recipient is a victim of a scam and is due compensation.
Recommended Actions
Cal Poly’s email gateway now tags many of these messages as “cpSPAM” and identifies and removes infected attachments, but it isn’t foolproof and messages will get through. If you receive one, do NOT reply, click on a link or fill out a form. If you have an account with the company, contact them by phone to check the validity of the request. If you have any questions about the validity of a Cal Poly password or account notice, please forward it to abuse@calpoly.edu.
Reporting Internet Scams
To file a complaint, you can forward the message with full headers to the originating Internet Service Provider (ISP). However, complaining to some ISPs can be problematic, so your best course of action may be to delete the message! Visit this page for information on how to file a complaint with an off-campus ISP. Visit the Internet Crime Complaint Center to file any complaint about Internet crime.
Identifying Internet Scams
If you receive ANY suspicious email, check the following websites first to see if it is a known virus, scam or hoax before filing a complaint with the appropriate ISP. You may also use these resources to report suspected scam e-mails:
- Scam Warning Website
- SpamScams.net - Spam Email Archive
- Anti-Phishing Working Group
- Federal Bureau of Investigation's Common Fraud Schemes
- Looks to Good to be True Website - Consumer Alerts
- Symantec Virus List
- ScamBusters
- Scam Chains
- HoaxBusters
- F-Secure Hoax Warnings
- Sophos Hoax Page
If you cannot find information there and are still concerned, you can forward the message, including complete headers, to abuse@calpoly.edu for analysis. NOTE: Priority will be given to inquiries from Cal Poly users or about e-mail originating from Cal Poly.