Campus Phishing Alert – 6/18/2018

Many received an email sent June 18, 2018  with the subject of “Sign up! Extra Earning” or “Sign up And Earn Now” and looked like the example below.

Screenshot of Phishing Email

The link included in the message was directed to a malicious site that requests your username and password.  IT Security has already contacted the appropriate parties in order for them to remove the malicious site.

If you still have an email in your inbox with the subject of “Sign up! Extra Earning” or “Sign up And Earn Now”, please delete the email. No further action is required.

If you have already opened the email and visited the site and entered your username and password, please:

  • change your password as soon as possible at https://samweb.shsu.edu, by clicking on the IT@Sam menu, then on Account Password Change; and
  • contact the Service Desk (this will help us determine the magnitude of the Phishing incident).

Please contact the Service Desk should you have any questions, concerns, or trouble resetting your password.

Thank you,

IT@Sam Service Desk

 

Phone Scams – Be Alert

Traffic Sign with the words Scam AlertWe want to remind you that phone scams happen frequently and remind you to stay alert. The calls can be received on  any campus phone or cell phone. Although there are many different types of phone scams, the most common types are: IRS Scams, Jury Duty Scams, Tech Support Scams, and Government Grant Scams.

Most recently, a Government Imposter Scam is gaining momentum at universities and businesses around the country, including in Houston. Specifically, this scam impersonates the Chinese Consulate and claim’s the individual’s immigration status may be in jeopardy.

We know that identifying a scam can be tricky and with caller ID spoofing, this tricky task can become extremely difficult. Here are some tips to help you avoid becoming a victim of a phone scam:

  • Be suspicious. Never trust a name or number on your caller ID. It is ok to hang up if something does not feel “right.”
  • Never allow an unknown person access to your computer.
  • Never give out personal information such as account numbers, social security numbers, and passwords.
  • Never wire money to or purchase a gift card for a person you do not know.
  • File a complaint with the Federal Trade Commission. If the scam involved access to Sam Houston State University equipment, contact the IT@Sam Service Desk immediately.

Stay safe, Bearkats.

Identifying Phone Scams

Traffic Sign with the words Scam Alert

Have you recently received a phone call from someone telling you that there is something wrong with your computer and they need to fix it? If so, this was most likely a phone scam.

Identifying a scam can be tricky and with caller ID spoofing, this tricky task can become downright difficult.

There are four common types of phone scams:

IRS Scam

We are close to tax season, so be on high alert for this scam. This involves the caller threatening legal action and/or arrest if a fine is not paid. If you take the bait, they then “verify” your personal information by asking for sensitive information such as your social security number, credit card number, or bank account information.

Jury Duty Scam

This scam involves the caller claiming that they are a member of law enforcement and they are warning you of a warrant for your arrest due to not reporting for jury duty. Again, if you take the bait the call caller asks for you to verify your identity by providing sensitive information such as your social security number.

Tech Support Scam

A person calls you claiming to be from Apple, Microsoft, or even IT@Sam and tells you that your computer is experiencing problems that needs correction. If you take the bait, they will direct you to a website to install a program that will give them access to your computer. Once they have access they can install malware and/or obtain sensitive data from your computer.

Government Grant Scam

With this scam, you will receive a call offering you free money for various reasons. The catch is that you will have to pay a “processing fee” to receive the money. Once the person has your bank or credit card information, they take more than the “processing fee.”

General Tips

  • Never allow an unknown person access to your computer regardless of how convincing the caller may be.
  • Never give out personal information such as account numbers, social security numbers, mother’s maiden names, passwords or other identifying information in response to unexpected calls or if you are at all suspicious.
  • If you get an inquiry from someone who says they represent a company or a government agency seeking personal information, hang up and call the phone number on your account statement, in the phone book or on the company’s or government agency’s website to verify the authenticity of the request.
  • File a complaint with the Federal Trade Commission if you feel you have been the victim of a scam. If the scam involved access to Sam Houston State University equipment, contact the Service Desk as well.

As always, if you are unsure about the authenticity of a call, please contact the Service Desk at ServiceDesk@shsu.edu or x4-1950.

Epsilon Security Breach

Many of you may have received an email over the weekend from a company that you do business with that reads similarly to the following:

We have been informed by Epsilon, the vendor that sends email to you on our behalf, that your e-mail address may have been exposed by unauthorized entry into their system.

Epsilon has assured us that the only information that may have been obtained was your first and last name and e-mail address. REST ASSURED THAT THIS VENDOR DID NOT HAVE ACCESS TO OTHER MORE SENSITIVE INFORMATION SUCH AS SOCIAL SECURITY NUMBER OR CREDIT CARD DATA.

Please note, it is possible you may receive spam e-mail messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties.

In keeping with standard security practices, the <COMPANY> will never ask you to provide or confirm any information, including credit card numbers, unless you are on a secure <COMPANY> site.

Epsilon has reported this incident to, and is working with, the appropriate authorities.

We regret this has taken place and apologize for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.

Sincerely,

<COMPANY>

Security Week has published a story regarding this breach and is keeping it updated with the brands that have been affected. Please take a look and if you do business with any of the reported companies, please be extra cautious of any emails that appear to be sent from them to you in coming weeks, especially if they are asking you for personal information. If you are concerned about the legitimacy of an e-mail, it is always best to contact the company for verification.

Stay safe out there!