SPAM Alerts
Below are examples of recent SPAM received by abuse@calpoly.edu. Most messages are being scored and tagged as cpSPAM so recipients can easily filter and delete them. Until recently, SPAM email from off-campus but appearing to come from a @calpoly.edu email address bypassed this filtering process. However, as of 3/27/08, Cal Poly's anti-spam gateway is scoring all incoming email from non-trusted sources, including messages that appear to come from Cal Poly. Read the SPAM Announcement (3/25/08) for details and visit the SPAM information page to learn how to identify, filter and deal with SPAM.
BOGUS CAL POLY SERVICE DESK ALERT (5/14/09)
Campus users report receiving email messages addressed "Dear Subscriber" from "California Polytechnic State University [servicedesk@calpoly.edu]" with a subject line "Service Desk Alert". The messge claims the "webmail service" is being upgraded with additional security/anti-spam protection. It asks the recipient to reply with their username and password or risk having their account deactivated.
THESE MESSAGES ARE BOGUS AND SHOULD BE DELETED!
They are "spear-phishing" SCAM emails designed to obtain confidential information by pretending to be from Cal Poly. Armed with your username, password or other personal information, a third party can access and use your account to send SPAM or for other illicit purposes.
Information Technology Services (ITS) would never ask a user to provide personal or sensitive information via email. ITS has a process in place to identify and work with Cal Poly users who replied to the message, including changing their password and security questions. For assistance, please contact the ITS Service Desk at 805.756.7000.
BOGUS CAL POLY WEBMAIL ACCOUNT QUOTA UPDATE MESSAGE (2/9/09)
Campus users report receiving email messages from "Webmail@calpoly.edu" and "Webmail Help Desk" with a subject line "Confirm Account Update". The message claims to be automatically sent by a program that checks the size of your inbox. It claims your inbox is at or near quota and messages will be moved to another folder. It asks the recipient to provide a username and password so the sender can reset the password to preserve their inbox.
THESE MESSAGES ARE BOGUS AND SHOULD BE DELETED!
They are "spear-phishing" SCAM emails designed to obtain confidential information by pretending to be from Cal Poly. Armed with your username, password or other personal information, a third party can access and use your account to send SPAM or for other illicit purposes.
Information Technology Services (ITS) would never ask a user to provide personal or sensitive information via email. Any communication from ITS would include a campus telephone number or other valid contact information for you to verify the request. Cal Poly email quotas and ITS processes for notifying users and handling over-quota accounts are documented on the ITS Service Desk website and are not the same as those cited in the bogus email.
BOGUS CAL POLY E-MAIL ACCOUNT ACTIVATION NOTICE (1/23/09)
Campus users report receiving an email message with a subject line "Dear Cal Poly EDU Users This is a Warning Error Code E42535". The message is addressed "DEAR CAL POLY E-MAIL USER" and includes a link to the Cal Poly Portal. The message asks the recipient to confirm their username, ID and password to complete their "account activation" within 48 hours of receipt or their account will be "erased and deactivated".
THIS MESSAGE IS BOGUS AND SHOULD BE DELETED! This is another "spear-phishing" SCAM email designed to obtain confidential information by pretending to be from Cal Poly. By obtaining your username and password, a third party can access and use your account to send SPAM or for other illicit purposes.
Information Technology Services (ITS) would never ask a user to provide personal or sensitive information via email or use email to send sensitive information such as password (as this message does). Any communication from ITS would include a campus telephone number or other valid contact information for you to verify the request.
BOGUS WEB MAIL SECURITY SYSTEM VERIFICATION NOTICE (1/20/09)
Campus users report receiving an email message from "helpdsk@calpoly.edu" with "Important Notice" in the subject line. The message is addressed to "Students/Staff" and purports to be from "CAL POLY HELP DESK". The message asks the recipient to confirm their username and password before a new "security system" is activated.
THIS MESSAGE IS BOGUS AND SHOULD BE DELETED! This is a "spear-phishing" SCAM email designed to obtain confidential information by pretending to be from Cal Poly. By obtaining your username and password, a third party can access and use your account to send SPAM or for other illicit purposes.
Information Technology Services (ITS) would never ask a user to provide personal or sensitive information via email or use email to send sensitive information such as password (as this message does). Any communication from ITS would include a campus telephone number or other valid contact information for you to verify the request.
SPAM MESSAGES FROM BANKS AND E-COMMERCE SITES (PHISHING SCAMS)
Many users receive messages that seem to come from a legitimate business such as a well-known bank or online service (e.g., PayPal, Amazon, E-Bay). These are "phishing" scams designed to trick the recipient into providing credit card, account or personal information to the scammer. See Internet Scams and Hoaxes for more information.
OTHER SPAM MESSAGES AND THE CURRENT STATE OF SPAM
Other common SPAM messages promote watches, home loans, drugs, stocks and other products. Most come from overseas, making it difficult for the recipient to complain. SPAM will continue to exist as long as it is profitable to the sender. To make a profit, a SPAMmer will generate millions of messages. In addition, SPAMmers are continually inventing ways to bypass anti-spam tools which is why SPAM is increasing everywhere. Please read this news report for more information on the current state of SPAM and why it is so hard to stop.
FAST TRACK DEGREE PROGRAM (3/20/08)
This particular message comes with various subject lines, almost all of which have to do with getting a degree or graduating quickly. The message body appears to be consistent in all cases. The first line reads "Fast Track Degree Program" in capital letters and a space between each letter. The next line is "Obtain the degree you deserve, based on your present knowledge and life experience" followed by a list of benefits on separate lines. It concludes "Please call" and a phone number.
MALE ENHANCEMENT PRODUCTS (3/20/08)
This latest variation uses various subject lines (FDA approved laboratory, take the herbal tour, etc.) and a single word (usually a first name) in the "To:" and "From:" fields. However, the message body is always the same, starting with: "This is going to sound weird but I was never really embarassed ..." The only difference in the actual text is the link to a website in the next to the last line. They are not being filtered because they appear to be coming from a calpoly.edu address.
ON-LINE CASINOS (1/7/08)
Cal Poly users are receiving SPAM messages promoting online gambling. The subject lines vary but the message body says: "Do you play online? The best cash bonuses and the best cash prizes. Bet against the casino or even be the casino yourself! With up to $999 as a starting bonus you cannot go wrong. US PLAYERS WELCOME" with a link to an off-shore casino Web site.
MALE ENHANCEMENT PRODUCTS (1/7/08)
The subject line and message body generally contain a keyword altered to avoid SPAM filters, e.g., pen!s, s'e)xual, etc. The message body begins and ends with one or more lines of unrelated text. In between is an indented line followed by a non-indented paragraph with a link to a Web site promoting a male enhancement drug.
PHONY DISCOUNT PHARMACEUTICAL MESSAGE (1/7/08)
This is a SCAM e-mail disguised as a message about discount pharmaceuticals. These messages generally have a subject line similar to "SALE 70% OFF on Phizer" and a sender along the lines of "admin@Viagra.com". The message body contains a single link to a Web site and may include an attachment with a message purported to be about the recipient's credit card account.
TECHNICAL/MEMBERSHIP SUPPORT MESSAGE) (8/22/07)
The latest SPAM messages purport to confirm your membership in a new online service. They provide a membership or confirmation number, a Login ID and a temporary password and then direct you to vist a website consisting solely of numbers, e.g., http://##.###.###.###) to change your Login ID and Password. DO NOT CLICK ON THE LINK. Visiting the website will expose your computer to exploit by a worm. For more information, read the F-Secure article: "Zhelatin/Storm changes yet again".
BLANK MESSAGES WITH ATTACHMENTS (.ZIP, .PDF, etc.) (8/2/07)
There has been a noticeable increase in suspicious emails sent to Cal Poly users with a blank message and a file attached. The attached file generally takes the form of a ZIP (.zip) or PDF (.pdf) file and the filename often matches the subject. These messages may be SPAM or may carry a virus or worm. DO NOT OPEN THE ATTACHMENT; DELETE THE MESSAGE IMMEDIATELY!
GREETING CARD EMAIL SCAM (7/2/07)
There has been a noticeable increase in the number of phony e-greeting card messages being sent to Cal Poly users. The message contains a link to a website for the user to follow to view the ecard, but almost never identifies the actual sender. Clicking on the link can download a virus or worm designed to exploit your computer. Always treat such messages with caution!
Suspect a scam if (a) the greeting card doesn't address you by name; (b) the card sender's name isn't included in the body of the email; (c) the name isn't familiar; and (d) it's not a holiday, a birthday, or any other occasion that might warrant a card. If the card requires that you install a special viewer or tries to download a file to your system, treat it like a trojan. Cancel the download and scan your system with up to date antivirus software. (Credit: About.com)
Read the following articles for more information on the greeting card threat:
About.com
ComputerWorld
C-Net News.com
SOFTWARE SECURITY PATCHES (7/9/07)
A message purporting to come from MicroSoft is reaching Cal Poly email addresses with a subject along the lines of "Please Read Me Now !!!" The message claims hackers have discovered new bugs in Windows XP that leave you computer vulnerable to attacks. It asks the recipient to follow one of two links to download a security patch, neither of which leads to a valid MicroSoft site.
Variations on this SCAM email include an invitation to download a new MicroSoft spyware program and a message from an unidentified "Customer Support Center" recommending you install a patch to remove worm files to stop your account from sending SPAM. The latter usually has a subject line like "Worm Activity Detected!"
Please ignore these messages! You should only use Windows Update or MicroSoft's website to download and install security patches.
INVESTMENT "TIPS" WITH UNRELATED SUBJECT LINE (12/21/06)
A new variation of the investment tip SPAM (junk e-mail) is now circulating on campus. The subject line has no relationship to the message content and there is no graphic included. The subject line often matches the first name of the purported sender, e.g., ("John" from "John Doe"). The message generally begins with a single line ("The hottest pick this year!" or "This could be your big break!") and goes on to promote a specific stock. The stock being promoted may vary from week-to-week.
DISCOUNT SOFTWARE-RELATED MESSAGES (12/18/06)
Two varieties of SPAM messages promoting sales of software are being received by Cal Poly users. The first may open with the line "Dear customers and friends of DS Team". It describes a special offer to sell the recipient a Windows Vista Ultimate Upgrade at a reduced rate. The second sometimes contains the subject line "Buy OEM Software" and begins with the single line "Top 10 Items Now" or "All Titles on Sale". Both variations offer special discounts on Windows, Adobe and other software products.
PHRASE IN SUBJECT LINE, IMAGE FILES, RANDOM TEXT (Updated 12/21/06)
Campu users continue to receive messages with odd subject lines but instead of a few words, the latest variation uses a random phrase or sentence as the subject line. Each message includes at least one small graphic file (.gif) as an attachment, and a text message consisting of a single word in the first line followed by a series of often unrelated sentences. The graphic contains a multi-colored background with a text message promoting a penny stock, replica watches or other items for sale. In a new variation, the message text is capitalized and contains weather-related information.