Phishing

IRS Warns Universities of Scam

The Internal Revenue Service warned of an ongoing IRS-impersonation scam that appears to primarily target educational institutions, including students and staff who have “.edu” email addresses.

The IRS has received complaints about the impersonation scam in recent weeks from people with email addresses ending in “.edu.” The phishing emails appear to target university and college students from both public and private institutions.

The suspect emails display the IRS logo and use various subject lines such as “Tax Refund Payment” or “Recalculation of your tax refund payment.” It asks people to click a link and submit a form to claim their refund.

The phishing website requests taxpayers provide their:

  • Social Security number
  • First Name
  • Last Name
  • Date of Birth
  • Prior Year Annual Gross Income (AGI)
  • Driver’s License Number
  • Current Address
  • City
  • State/U.S. Territory
  • ZIP Code/Postal Code
  • Electronic Filing PIN

If you received a phishing email you should delete it without clicking on links or replying.

Phishing, Security

Job Scam Emails

CSU, Chico students are often targeted with scams promising jobs. Students have been scammed out of money or had campus accounts compromised by job-related phishing scams. If an email or job offer sounds too good to be true it probably is. Most legitimate jobs do not require you to pay money or send personal information via email.

Do Not Respond to any job advertisement or offer that requires you to:

  • Give your credit card or bank account numbers or copies of personal documents.
  • Send payment by wire service or courier.
  • Deposit checks or transfer money into your bank account.
  • Receive or process a large check.

Don’t hesitate to check with ITSS if you are unsure about the authenticity of an email you’ve received. The Career Center can also help you determine if a job posting is a scam.

More information about information security and employment scams:

Example of a recent job scam email:

job scam email example
Phishing, Security

Campus Spearfishing Attack

Over the past two weeks Chico State has been specifically targeted by people who have analyzed our org chart and are crafting email attacks based on that data by creating bogus @gmail accounts and then emailing spearphishing attacks “from” a manager to their staff.

spearphishing example

If you reply to these emails they will ask you to purchase gift cards.

I will be having a busy day and I want to surprise some of the staffs with gift card. The type of card I need is steam wallet gift cards $100 denomination, I need $100 X 7 cards so that will be $700 i will be reimbursing back to you. You will purchase the cards from a nearby store to you, when you get the cards, Scratch out the back to reveal the card codes, take pictures of each cards and send it to me here. How soon

can you get that done? Its Urgent and I want you to keep the physical card safe with you cos I will get them from you later.

Once the scammer has the card codes they can take the money from the cards, even without physical access to the cards.

More information about phishing is available at https://www.csuchico.edu/isec/resources/avoid-threats/spam-phishing.shtml

Phishing

Targeted Phishing Email

A targeted phishing email was recently sent to campus email accounts. It requested people reply with their username and password to “confirm your California State University, Chico Account login/usage Frequency.” ITSS will never ask you to email your password.

If you replied to this email go to Account Center in the Portal and reset your password.

Phishing

COVID-19 Phishing Attacks

In the first of likely many COVID-19 themed phishing attacks targeting campus, this email was sent to campus employees this morning:

COVID-19 Phishing Example

The link goes to a form posing as a file sharing service sign in page. If you clicked on the link and entered your credentials in this form you should go to the Portal and use Account Center to reset your password.

More information about COVID-19 phishing attacks is available at https://cofense.com/solutions/topic/coronavirus-infocenter/.

Phishing, Security

NCSAM Week 2: Phishing

October is National Cybersecurity Awareness Month. For week two CSU, Chico’s Information Security is focusing on Phishing.

Phishing is the act of sending an email to a user falsely claiming to be an established enterprise in attempt to scam the user into giving up private information for identity theft. ISEC has listed some tips for spotting phishing and what to do about phishing scams. This includes paying attention to the From email address, the formatting of the email, and the content.

Please read these tips to avoid becoming a victim of phishing, and follow along each week of Cybersecurity Month to stay safer and more secure online.