Watch out for Coronavirus Phishing Scams
With all the recent news on coronavirus, this is a dream come true for criminals who will use it as the basis for email attacks designed to snag personal information, steal money and infect computers with malware. A global health disaster like this creates a golden opportunity for fraudsters, as there is no population or demographic that is not paying attention. Email scammers often try to elicit a sense of fear and urgency in victims and add links to webpages in emails designed to infect the user's computer once clicked.
ITS requires all staff and faculty to complete assigned security awareness training, KnowBe4, which is available in MyUTampa. Students are also highly encouraged to complete the training.
The videos will educate you on what to look for in these types of email attacks. If you have any reservations about an email, don’t click on links and contact the person or department that sent the email to verify its authenticity. You can also contact firstname.lastname@example.org for us to verify the legitimacy of the email.
Don't Let Tax Scams Be Taxing
Recent Email Scams
Directed at E-Learning
Another University received the below email. The hackers knew that they were going to an online learning environment.
Subject: You have a Faculty E-learning message from your department
You have a Faculty E-Learning message notification file . For security reasons, Your message has been encoded. Kindly SIGN IN HERE again to open and read your message notification. Thank you.
Once they clicked on the page it took them to a login page asking for username and password.
While we have not seen any phishing or scam emails come into the University email system, Information Technology and Security is actively monitoring the situation and will send out notices as needed.
Directed at Employment
Sent: Friday, February 28, 2020 8:07:46 PM
Subject: Invitation to pet sit
This is to notify you about an available part time vacancy. Mrs. Ruth Stone needs a part time pet sitter to care for her lovely pet dog for nine hours every week.
She offers to pay three hundred and fifty dollars weekly. Please contact ( email@example.com ) for more information. Remember to email her with your private email not your school email when applying.
Email Security Tips
- Don’t trust the display name.
A favorite phishing tactic among cybercriminals is to spoof the display name of an email. Here’s how it works: If a fraudster wanted to impersonate a University email, it may look something like: John Doe firstname.lastname@example.org
- Check for spelling mistakes.
Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.
- Don’t give up personal or company confidential information.
Most companies will never ask for personal credentials via email – especially banks. Never provide your username and password.
- Don’t believe everything you see.
Phishers and scammers are extremely good at what they do. Many malicious emails include convincing brand logos, language and a seemingly valid email address. If something just doesn't look right, be skeptical when it comes to your email messages—if it looks even remotely suspicious, do not open it. Report it to email@example.com.
- Don’t click on attachments.
Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.
- They ask you to reply with a personal email and not your school email.
The University of Tampa can block email senders from sending to spartans.ut.edu accounts. For personal emails accounts such as Gmail or Yahoo, you would have to block the sender yourself.
- Beware of urgent or threatening language in the subject line.
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your account has been suspended.
- Stay clear of listings that offer you high income for part-time hours.
For example, someone offering to pay you $360 for nine hours of work. That equates to $40 per hour.
- You're asked to send money to cover expenses.
Someone wants to send you a check for services you have not performed yet, or they want you to purchase some items for future use and then send the rest of the money to another person or place by money order or money gram.
- Be wary of people relocating.
People asking you to perform some action because they are relocating is a scam. They do not want to meet you; they are trying to get information, such as a phone number and home address, so they can send a fraud check.
- Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment.They may…
- say they’ve noticed some suspicious activity or log-in attempts;
- claim there’s a problem with your account or your payment information;
- say you must confirm some personal information;
- include a fake invoice;
- want you to click on a link to make a payment;
- say you’re eligible to register for a government refund; or offer a coupon for free stuff.
If you have any questions, please contact firstname.lastname@example.org or call (813) 257-3950 to report any suspicious emails.