Cal Poly
Information Security  
Skip to Content
C a l i f o r n i a   P o l y t e c h n i c   S t a t e   U n i v e r s i t y  
Home > What Everyone Should Know > SPAM Alerts
:: Information Security: Top Ten
:: What Employees Should Know
:: What Everyone Should Know
:: What Technical Support Staff Should Know


:: Policies
:: Report a Violation
:: Contact Us

 
 
SPAM Alerts

Below are examples of recent SPAM received by abuse@calpoly.edu. Most messages are being scored and tagged as cpSPAM so recipients can easily filter and delete them. Until recently, SPAM email from off-campus but appearing to come from a calpoly.edu address bypassed this filtering process. However, as of 3/27/08, Cal Poly's anti-spam gateway is scoring all incoming messages from non-trusted sources, including ones that appear to come from Cal Poly. Read the SPAM Announcement (3/25/08) for details and visit the SPAM information page to learn how to identify, filter and deal with SPAM.

BOGUS CAL POLY WEBMAIL ACCOUNT AND PASSWORD NOTICE (7/1/08)

Campus users report receiving email messages addressed "Dear Calpoly Webmail User" from "helpdesk@calpoly.edu" and purporting to be from "THE CALPOLY HELP DESK". The message asks the recipient to reply with their password or their email address will be "deactivated". A similar message addressed to "Webmail Account Owners" from "customerservice@calpoly.edu" asks the user to provide their Date of Birth, Cal Poly User Name and Password. THESE MESSAGES ARE BOGUS AND SHOULD BE DELETED.

Information Technology Services (ITS) would never ask a user to provide personal or sensitive information via email and would include contact information such as a campus telephone number to call to validate the request. If you did respond, you should change your password immediately by logging into the Cal Poly Portal and using the Password Manager channel under Personal Info. Contact the ITS Service Desk (805.756.7000) for information or assistance.

SPAM MESSAGES FROM BANKS AND E-COMMERCE SITES (PHISHING SCAMS)

Many users receive messages that seem to come from a legitimate business such as a well-known bank or online service (e.g., PayPal, Amazon, E-Bay). These are "phishing" scams designed to trick the recipient into providing credit card, account or personal information to the scammer. See Internet Scams and Hoaxes for more information.

OTHER SPAM MESSAGES AND THE CURRENT STATE OF SPAM

Other common SPAM messages promote watches, home loans, drugs, stocks and other products. Most come from overseas, making it difficult for the recipient to complain. SPAM will continue to exist as long as it is profitable to the sender. To make a profit, a SPAMmer will generate millions of messages. In addition, SPAMmers are continually inventing ways to bypass anti-spam tools which is why SPAM is increasing everywhere. Please read this news report for more information on the current state of SPAM and why it is so hard to stop.

FAST TRACK DEGREE PROGRAM (3/20/08)

This particular message comes with various subject lines, almost all of which have to do with getting a degree or graduating quickly. The message body appears to be consistent in all cases. The first line reads "Fast Track Degree Program" in capital letters and a space between each letter. The next line is "Obtain the degree you deserve, based on your present knowledge and life experience" followed by a list of benefits on separate lines. It concludes "Please call" and a phone number.

MALE ENHANCEMENT PRODUCTS (3/20/08)

This latest variation uses various subject lines (FDA approved laboratory, take the herbal tour, etc.) and a single word (usually a first name) in the "To:" and "From:" fields. However, the message body is always the same, starting with: "This is going to sound weird but I was never really embarassed ..." The only difference in the actual text is the link to a website in the next to the last line. They are not being filtered because they appear to be coming from a calpoly.edu address.

ON-LINE CASINOS (1/7/08)

Cal Poly users are receiving SPAM messages promoting online gambling. The subject lines vary but the message body says: "Do you play online? The best cash bonuses and the best cash prizes. Bet against the casino or even be the casino yourself! With up to $999 as a starting bonus you cannot go wrong. US PLAYERS WELCOME" with a link to an off-shore casino Web site.

MALE ENHANCEMENT PRODUCTS (1/7/08)

The subject line and message body generally contain a keyword altered to avoid SPAM filters, e.g., pen!s, s'e)xual, etc. The message body begins and ends with one or more lines of unrelated text. In between is an indented line followed by a non-indented paragraph with a link to a Web site promoting a male enhancement drug.

PHONY DISCOUNT PHARMACEUTICAL MESSAGE (1/7/08)

This is a SCAM e-mail disguised as a message about discount pharmaceuticals. These messages generally have a subject line similar to "SALE 70% OFF on Phizer" and a sender along the lines of "admin@Viagra.com". The message body contains a single link to a Web site and may include an attachment with a message purported to be about the recipient's credit card account.

TECHNICAL/MEMBERSHIP SUPPORT MESSAGE) (8/22/07)

The latest SPAM messages purport to confirm your membership in a new online service. They provide a membership or confirmation number, a Login ID and a temporary password and then direct you to vist a website consisting solely of numbers, e.g., http://##.###.###.###) to change your Login ID and Password. DO NOT CLICK ON THE LINK. Visiting the website will expose your computer to exploit by a worm. For more information, read the F-Secure article: "Zhelatin/Storm changes yet again"

BLANK MESSAGES WITH ATTACHMENTS (.ZIP, .PDF, etc.) (8/2/07)

Recently there has been a noticeable increase in suspicious emails sent to Cal Poly users with a blank message and a file attached. The attached file generally takes the form of a ZIP (.zip) or PDF (.pdf) file and the filename often matches the subject. These messages may be SPAM or may carry a virus or worm. DO NOT OPEN THE ATTACHMENT; DELETE THE MESSAGE IMMEDIATELY!

GREETING CARD EMAIL SCAM (7/2/07)

There has been a noticeable increase lately in the number of phony e-greeting card messages being sent to Cal Poly users. The message contains a link to a website for the user to follow to view the ecard, but almost never identifies the actual sender. Clicking on the link can download a virus or worm designed to exploit your computer. Always treat such messages with caution!

Suspect a scam if (a) the greeting card doesn't address you by name; (b) the card sender's name isn't included in the body of the email; (c) the name isn't familiar; and (d) it's not a holiday, a birthday, or any other occasion that might warrant a card. If the card requires that you install a special viewer or tries to download a file to your system, treat it like a trojan. Cancel the download and scan your system with up to date antivirus software. (Credit: About.com)

Read the following articles for more information on the greeting card threat:
About.com
ComputerWorld
C-Net News.com

SOFTWARE SECURITY PATCHES (7/9/07)

A message purporting to come from MicroSoft is reaching Cal Poly email addresses with a subject along the lines of "Please Read Me Now !!!" The message claims hackers have discovered new bugs in Windows XP that leave you computer vulnerable to attacks. It asks the recipient to follow one of two links to download a security patch, neither of which leads to a valid MicroSoft site.

Variations on this SCAM email include an invitation to download a new MicroSoft spyware program and a message from an unidentified "Customer Support Center" recommending you install a patch to remove worm files to stop your account from sending SPAM. The latter usually has a subject line like "Worm Activity Detected!"

Please ignore these messages! You should only use Windows Update or MicroSoft's website to download and install security patches.

INVESTMENT "TIPS" WITH UNRELATED SUBJECT LINE (12/21/06)

A new variation of the investment tip SPAM (junk e-mail) is now circulating on campus. The subject line has no relationship to the message content and there is no graphic included. The subject line often matches the first name of the purported sender, e.g., ("John" from "John Doe"). The message generally begins with a single line ("The hottest pick this year!" or "This could be your big break!") and goes on to promote a specific stock. The stock being promoted may vary from week-to-week.

DISCOUNT SOFTWARE-RELATED MESSAGES (12/18/06)

Two varieties of SPAM messages promoting sales of software are being received by Cal Poly users. The first may open with the line "Dear customers and friends of DS Team". It describes a special offer to sell the recipient a Windows Vista Ultimate Upgrade at a reduced rate. The second sometimes contains the subject line "Buy OEM Software" and begins with the single line "Top 10 Items Now" or "All Titles on Sale". Both variations offer special discounts on Windows, Adobe and other software products.

PHRASE IN SUBJECT LINE, IMAGE FILES, RANDOM TEXT (Updated 12/21/06)

Campus users continue to receive messages with odd subject lines but instead of a few words, the latest variation uses a random phrase or sentence as the subject line. Each message includes at least one small graphic file (.gif) as an attachment, and a text message consisting of a single word in the first line followed by a series of often unrelated sentences. The graphic contains a multi-colored background with a text message promoting a penny stock, replica watches or other items for sale. In a new variation, the message text is capitalized and contains weather-related information.

  [return to top]
Cal Poly Home | Cal Poly Find It | Get Adobe Reader | MS Office Converters & Viewers
 


Information Security: Top Ten | What Everyone Should Know | What Employees Should Know | What Technical Support Staff Should Know

Policies | Report a Violation | Contact Us | Search


Last Update:

07/01/2008
Information Security
California Polytechnic State University
San Luis Obispo, CA 93407
805.756.2258
security@calpoly.edu