Feed on
Posts
Comments

Students Beware of Email Scams

We have seen a recent uptick in email scams targeting students. There have been emails sent to advertise Personal Assistant jobs or Internship possibilities. Typically these emails are not sent from a Wesleyan email address. Resumes and replies asked for in the emails are not sent to a Wesleyan email address. In most cases the grammar in the emails is poor and words are misspelled- something that should alert you to it being a fraud. The titles used or departments named are typically not a real title or department on your campus.

When students reply to the requests they are usually contacted in a very short period of time and asked for personal information ranging from their cell phone number to what bank they use or a bank account number. The fraudster will say they are forwarding a check to you that will have your first weeks pay and you will be asked to deposit it and send the balance left to the scammer. The check will bounce in your account leaving you with a fee from the bank and you will be out the money sent to the scammer. Even worse, at this point they will try to use your personal information and bank account information to take money from your account.

These scams are happening on most campuses. The scammers are preying upon students by offering jobs that sound too good to be true- because they are!

ITS posts information on these incidents on their security announcements page which can be accessed in your Wes Portal. If you receive an email like the ones described please reach out to ITS- either Vince Spiars @vspiars@wesleyan.edu or Antonio Crespo @acrespo@wesleyan.edu so the incidents can be posted on the security page for others to see. You can also contact Public Safety Lt. Paul Verrillo @pverrillo@wesleyan.edu to have the incident documented and be provided with information on how to protect yourself. These scams typically originate out of the country and are extremely difficult for law enforcement to find and hold someone accountable. That is why we need you to be vigilant, not fall victim to this scam and report it promptly. ITS has more tips on their website on what to be aware of and how to protect yourself.

Please remember, A Safe Campus is Everyone’s Responsibility

 

Lt. Paul Verrillo

Wesleyan University

Office of Public Safety

208 High Street

Middletown CT 06457

860-685-2818

 

From: Casey Gerrish <cgerrish@paulsmiths.xxx>
Date: Tue, Oct 16, 2018 at 9:20 AM
Subject: Notice :personal assistant job
To:

 

 

Professor James  is new in wesleyan.  and he is looking to hire a student as his PA on a part time basis.. <–Why i he going by his title (Professor) followed by his last name?
 
Days :                      Two Days of the week
Hours :                    Two Hours Daily
Weekly Pay :           $300 
 
Contact him directly with your Resume and Replies if you are Available…   jameswhite231@hotmail.com  <—Why not send to the email address at Wesleyan?
 
 
Students Job Recruiter <– Not a real title nor position
CG <– Who is this GC?

 

What is the IoT, why do I care and what do I need to know/do? 

 

The Internet of Things (IoT) is simply a way of saying “devices that require little to no configuration to connect to the internet but provide information to your phone or computer. Or things you can program from afar”. Some examples are refrigerators, thermostats, home web/security cameras, your car, toothbrushes and ovens.  

 

Why do you or should you care about these devices?  

1) IoT devices do not inherently, have the security built-in that computers possess or offer.  

2) Or the devices do have security of some level but the initial security settings are at a simple level and easily broken in to by criminals. Examples are–easy or no passwords set, default access is set to high and does not require new owners to setup security before enabling the devices for access. Meaning, you can quickly put the devices on your home network that will then make them available to the broader internet but in and insecure configuration 

3) In an insecure state, if hijacked by criminals, an IoT device can be remotely controlled.  Your devices can be turned on/off, temperatures changed, home security cameras can be used to watch you, devices rendered useless/non-functional or even used as part of other cyber-criminal activities.  

 

What can I do about securing IoT devices I have or want to purchase? 

1) Read the owner’s manual.  Yes, it can be boring but the few minutes you take to get familiar with your equipment can help to protect you and those in your home from outside criminal activity.

2) Change the default password to a strong password. As it is not likely a criminal will have physical access to your device(s) you can keep a paper log and put the device passwords in it.  Then put that notebook in a place accessible to you but not readily available for anyone to stumble across. Or use an online password manager and save the information in the “Secure notes” tool.

3) Keep up with hardware patches to the devices.  Many manufacturers put software updates on their sites to help keep the devices more secure. Take advantage of this. So many cyber attacks can be halted by simply, removing opportunity from a criminal’s hands. 

Social engineering and what it means 

Social engineering. THE BEST DEFINITIONS I’VE FOUND FOR IT ARE—”Any act that influences a person to make decisions that may or may not be in their best interests”.  Followed by—”The practical application of social principals to particular social problems”.  In the case of criminals email and people encourage you to perform a task that will benefit someone else with no concern of harm to you.  

Methodologies   

Examples of Social engineering are  

1) A Phishing email asking you to click a link and put in your credentials on a web site that may or may not look like a Wesleyan page or tool.  

2) A website that has a pop-up warning you that your computer has been compromised and to call some provided phone number.  The “support” personnel are criminals looking for your credit card info and access to your computer.  They will ask to install software. It may be remote-control software they will leave on your system to access your computer, silently and without your knowledge.  It may be a package of software that will execute and make security holes on your system granting remote access and create an account to allow the criminals free and unfettered access to your computer. They are hunting for passwords to banking or credit card sites or online purchasing sites like amazon.com or walmart.com. They are looking for things like Tax returns and SSNs to impersonate you. With this information they can take out loans in your name or get credit issued to them. 

3) You might be called by the “IRS” and told police are on the way to arrest you. You may be asked to transfer funds by authorizing payment from your bank or via some payment cards from a convenience store or make a payment by credit card.  

4) You might receive a call from “The authorities” that they have a family member in custody and require bail money to be transferred immediately to gain the family member’s release.  

 

Criminals are clever and thoughtful about how they want to take advantage of you.  They are very good at psychology. They understand people react to certain words like “because” when being asked why the criminal on the phone needs something. They know how to gain your trust via phrasing. This is both in speech and in text.  The more strongly worded and urgent an email or call sounds the recipient will react, accordingly with a raised sense of urgency to resolve the issue.  This reduces clarity of thinking, puts you in a more vulnerable position and more likely to be taken advantage of.

Compromised Passwords Being Used in Porn Scam

There is a new and prevalent scam going around leveraging compromised passwords and threats to publish porn watching habits unless you pay hush money in Bitcoin.

 

How it often works is that users receive an email with one of their old passwords in the subject line in a format similar to what is shown in the article below by Brian Krebs:

You don’t know me and you’re thinking why you received this e mail, right?

Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

What exactly did I do?

I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

What should you do?

Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72
(It is cAsE sensitive, so copy and paste it)

Important:

You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immediately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.

 

https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/  

 

New variations reference smartphone hacking but follow a similar pattern.

 

What should you do?  Mark the message as spam/junk or delete the message.

 

Wondering how the scammer knows one of your passwords?  Go to https://haveibeenpwned.com  and enter your email address(es).  This site will let you know about website compromises that may have contained your username and password.  Then, change your passwords on all of those sites.  You can also sign up for alerts so that you are notified if one of your passwords becomes compromised in the future.  Also, please use different passwords for your Wesleyan, personal, and financial accounts so that if one password gets breached, it doesn’t give access to everything.

 

If you are worried about tracking all of those passwords, we are piloting the use of a tool called LastPass for staff and faculty, which helps users manage their passwords.  You can find more information about the tool at https://lastpass.com.  If you want to join our pilot and use the tool, please email security(at)Wesleyan.edu.

 

Stay Safe Online.

 

Antonio Crespo

Chief Information Security Officer

 

This is SPAM.  It is not asking for credentials so, is not a Phish. But it is not sanctioned by our Wesleyan HR office.  As such, this is a third-party soliciting your business.
From: <beaudelaire.cadet@foresters.com>
Date: Tue, Oct 2, 2018 at 2:46 PM
Subject: Faculty Benefits Review
To: <xxxxxxxxx@wesleyan.edu>
 
Hello Professor Robinson,
 
I don’t believe that we have ever had the pleasure of speaking, but we educate Wesleyan Faculty members in the areas of:
 
·         Life Insurance
·         College Savings Plans for Faculty with Young Children
·         Retirement Planning
·         Long Term Care Planning
 
Many Faculty members are unaware of how their employee benefits work.  Therefore, we speak with Wesleyan Faculty members individually to review what you are being offered and to educate you on further options.
 
We will be speaking with Faculty (via telephone) throughout the next 2 weeks.  If you would like to partake in the review sessions, please simply reply to this email and I would be happy to add you to the telephone calendar.
 
Sincerely,
 
Beau Cadet
Financial Representative
781-932-xxxx
Foresters Financial Services, Inc.
400 TRADECENTER
SUITE 4920
WOBURN, MA 01801
 
Foresters Financial Services, Inc. does not work for any state or school.
Foresters FinancialTM and ForestersTM are the trade names and trademarks of The Independent Order of Foresters, a fraternal benefit society, 789 Don Mills Road, Toronto, Canada M3C 1T9 and its subsidiaries, including Foresters Financial Holding Company, Inc. (FFHC). Foresters Financial Services, Inc. is a registered broker-dealer and subsidiary of FFHC. Securities, life insurance and annuity products are offered through Foresters Financial Services, Inc. Insurance products are issued by Foresters Life Insurance and Annuity Company, New York, or The Independent Order of Foresters.
Foresters Financial Services, Inc. is a Member of the Securities Investor Protection Corporation (SIPC).
Foresters Financial Services, Inc.
40 Wall Street
10th Floor 
New York, NY 10005
800 423 xxxx
foresters.com –Link broken
 
18-00536


 
Unsubscribe from Foresters Financial Services E-Mail –Link broken.

 

If you hover over the link it resolves to–

hxxp://lemes-inmuebles.xxx/doingbusinesses.com/quotation

You will receive a piece of malware and your system will then, be compromised.

If it looks suspicious please, report it to security@wesleyan.edu or call the originator

(person sending the request) to verify.

Employment scams are on the rise targeting students as well as adults.  The most common scams that we see are:

1) Job offers–Identity take-over, Bank account fraud

2) Spoofed email addressto look like it came from inside Wesleyan to extract HR/tax/employment information

3) Fake logon page to extract credentials

 

Job offers—These emails are designed to get you to reveal personal information like address, SSN (Social Security or Tax ID number), bank account numbers, and anything that would allow for a full identity take-over.  Once the criminal has this information they can begin to take out credit in your name, access your bank account(s), redirect your get a new Driver’s license, and essentially, be you and ruin your good name.

 

Spoofed email targeted at people—This is done to get an inside person to perform tasks. The looks like it is from a co-worker or supervisor.The intent is to get you to feel comfortable a supervisor or colleague has asked you to perform a task (move money to an outside account, send Tax/employment information about personnel/students, etc.) without question since it is from a “trusted” source.

 

Fake logon page—This is a page that very much appears like a legitimate or identical (in appearance) to a Wesleyan logon page.  However, it is asking you to enter credentials for “verification”. We don’t ask for that.  We (ITS) will instead, instruct you to go to your WesPortal to change your credentials but provide no link.  Just instructions.  Any time you are asked for your credentials report the email to security@wesleyan.edu then delete it.  Additionally, if you do click a link you should look at the web page address.  It is very likely not associated with Wesleyan.  It will not start with www.wesleyan.edu/.

 

If you have any questions or concerns please, contact:

Vince Spiars—Information Security and Operations Manager—ext3072/vspiars@

Antonio Crespo–Chief Information Security  Officer-ext. 2855/acrespo@

Security@   This will generate a ServiceNow ticket and either Antonio or Vince will respond to you.

 

 

This is an example of a blackmail email.  The passwords are old and form one of the countless breaches companies have had the lsat several years.  The phrasing can vary a bit and the password will be old.  However, it may be active if you haven’t ever changed it.

 

Please, red the article on passwords Antonio (our CISO–Chief Information Security Officer)  and I wrote for the Wesleyan Blog. It speaks to the importance of passwords, having different passwords and how to mange them all if needed.

ITS Urges Users to Use Different Passwords at Different Websites

 

Here is the example

 

It appears that, (finally), is your password. Will possibly not know me and you are probably wondering why you’re getting this e mail, right?

actually, I put in place a malware on the adult vids (adult porn) web-site and you know what, you visited this web site to have fun (you know what What i’m saying is). During the time you were watching videos, your internet browser began functioning like a RDP (Remote Desktop) which provided me accessibility of your screen and web camera. from then on, my computer software obtained all your contacts from your Messenger, Outlook, FB, as well as emails.

What did I really do?

I created a double-screen video clip. Very first part shows the video you were watching (you have a good taste haha . . .), and 2nd part shows the recording of your web cam.

what exactly should you do?

Well, in my opinion, $1000 is a reasonable price for your little secret. You will make the payment by Bitcoin (if you do not know this, search “how to buy bitcoin” search engines like google).

Bitcoin Address: 1KTKyyeoVRsEdL5hnPfUBh7HNgp5TdG83GFR34gH  <–Edited but similar
(It’s case sensitive, so copy and paste it)

Very important:
You’ve one day to make the payment. (I’ve a unique pixel in this e-mail, and at this moment I know that you have read through this email message). If I do not get the BitCoins, I will certainly send out your video recording to all of your contacts including family members, coworkers, and so forth. Having said that, if I receive the payment, I’ll destroy the video immidiately. If you’d like evidence, reply with “Yes!” and I will definitely mail out your videos to your 6 contacts. It is a non-negotiable offer, that being said don’t waste my personal time and yours by answering this message.

Dear Wesleyan Community,

The PeopleSoft Student System will be upgraded this weekend.  The upgrade will require two distinct downtimes:

Downtime #1

WesPortal, WFS, and HR will come down for one hour from noon to 1:00 pm on Friday, March 16, 2018 for data backup.

Downtime #2

The Student system will also come down at noon, Friday, March 16, 2018, but it will remain down until 6:00 pm on Sunday, March 18.

During Downtime #2; WesPortal, PeopleSoft Human Resources and the Wesleyan Financial System will be up and available.  Any WesPortal applications dependent on the PeopleSoft Student System will not function.  All other IT systems will remain operational during both downtimes.

Thank you,
Steve Machuga

Director of Administrative Systems, ITS

860.685.2138

Older Posts »

Log in