Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company and ask you to provide sensitive information. This is usually done by including a link that will appear to take you to the company’s website to fill in your information – but the website is a clever fake and the information you provide goes straight to the crooks behind the scam.
The term ’phishing’ is a spin on the word fishing, because criminals are dangling a fake ’lure’ (the email that looks legitimate, as well as the website that looks legitimate) hoping users will ’bite’ by providing the information the criminals have requested – such as credit card numbers, account numbers, passwords, usernames, and more.
How do I spot a phishing email?
- The email doesn’t specify your name.
"Dear Customer" or “Dear” isn’t an identifier. If you receive an email like this, there is a very high chance that this is a phishing email.
- The email asks you to confirm personal information.
Keep an eye out for emails requesting you to confirm personal information that you would never usually provide, such as banking details or login credentials. Do not reply or click any links and if you think there’s a possibility that the email is genuine, you should search online and contact the organization directly – do not use any communication method provided in the email.
- The email comes with urgent requests.
It is common for phishing emails to instill panic in the recipient. The email may claim that your account may have been compromised, and the only way to verify it is to enter your login details. Alternatively, the email might state that your account will be closed if you do not act immediately. If you are an international student or scholar, they may say that they have proof that you’re involved in certain criminal activities and that if you don’t call the following number or click the following link immediately, your visa will be canceled or you have to leave American soil in 48 hours.
Whenever you see urgent requests like this, always look online to find the official website or numbers, then contact them to verify the situation. Do not click on the links or call the numbers they provided.
How do I protect myself from phishing attacks?
Your email spam filters may keep many phishing emails out of your inbox. But scammers are always trying to outsmart spam filters, so it’s a good idea to add extra layers of protection. Here are five steps you can take today to protect yourself from phishing attacks.
- Protect your computer by using security software. Set the software to update automatically so it can deal with any new security threats.
- Do not click on any links listed in an email message, and do not open any attachments contained in a suspicious email. Do not enter personal information in a pop-up screen. Legitimate companies, agencies, and organizations don't ask for personal information via pop-up screens.
- If you receive an unexpected email about a lost package, security warning, or billing change, don’t click the link. Simply visit the online store or service the way you normally would. If there is really an issue, you’ll see a notification there.
- Never share passwords, personal information, or financial information over email. You should only provide private information such as credit card numbers or account information using a secure website or telephone. Email is not a secure way to send sensitive information.
Welcome to the
Phish Bowl!
The following scams are the latest phishing campaigns we are investigating that you should be aware of.
"I have full control of your device"
01.05.2021
This is a scam. The name in the "From" field is easily faked. The body of the email looks like this:
Hi
Did you notice that I sent you an email from your address? Yes, that means I have full control of your device. I am aware you watch adults contents with underage teens frequently. My spyware recorded a video of you masturbating. I also got access to your address book. I am happy to share these interesting videos with your address list and social media contacts. To prevent this from happening, you need to send me 1000 (USD) in bitcoins.
Bitcoin wallet part 1: [REDACTED]
Bitcoin wallet part 2: [REDACTED]
Combine part 1 and part 2 with no space between them to get the full bitcoin wallet.
Quick tip! You can procure bitcoins from Paxful. Use Google to find it.
Once I receive the compensation (Yes, consider it a compensation), I will immediately delete the videos, and you will never hear from me again. You have three days to send the amount. I will receive a notification once this email is opened, and the countdown will begin.
"Recover emails"
12.03.2020
This is a phishing attempt to get you to click on a malicious link and is not sent from any valid Rice address. The body of the email looks like this:
2 incoming emails to your %Column_01% inbox bounced back to the sender as of 02/12/2020 09:16am.
Recover_bounced_emails <---suspicious link
Rice OIT Help Desk
Copyright © 2020 Rice University
"We are deactivating your email account!"
08.14.2020
This is a phishing attempt to get you to click on a malicious link and is not sent from any valid Rice address. The body of the email looks like this:
Hello <username>
rice.edu Services Agreement will take effect in deactivating your email account on the 15th August 2020. Due to violation of our terms and conditions.
Cancel Email Deactivation (<----malicious link)
You’re receiving this email because we are updating/upgrading the rice.edu Services Agreement, which applies to one or more of our products or services you use. We’re making these updates to clarify our terms and to confirm your email is still active.
This email was sent from an unmonitored mailbox.
Privacy Statement
rice.edu Corporation, One Microsoft Way, Redmond, WA 98052 USA
"Part-Time Job Offer."
07.10.2020
This is a money scam disguised as a job offer which requests that you reply to the email with your phone number and/or contact information. This is a fake job which can be an attempt to scam you out of money or involve you in criminal activity. Please remember when applying for jobs to be cautious when providing information and to verify the legitimacy of the potential employer. The body of the email looks like this:
The services of a student administrative assistant is urgently required to work part-time and get paid $300 weekly. Tasks will be carried out remotely and work time is 7hrs/week. If interested, send a copy of your updated resume and a functional phone number to our human resource department via this email address to proceed.
"Campus Jobs"
07.01.2020
This is a money scam disguised as a job offer which requests that you reply to the email with your phone number and/or contact information. This is a fake job which can be an attempt to steal personal information about you or steal money or bank account information from you. This can also be an effort to involve you in criminal activity. Please remember when applying for jobs to be cautious when providing information and to verify the legitimacy of the potential employer.
"Mailbox Storage Limit"
05.20.2020
This is a phishing scam that attempts to obtain passwords. The subject contains something similar to "Helpdesk" or and looks like this:
Your mailbox storage has reached 95% on the email server.
At 100% limit, Certain email features like;
· Sending messages
· Receiving messages
· Forwarding messages
will not be available for your utilization. Visit the Outlook Storage Access and log in to Increase, adjust and maintain your Mailbox Storage and get more news on Corona virus research team.
Information Technology Service
"Your account has been hacked"
03.10.2020
This is a fraudulent claim of hacking in order to extort bitcoin money. The email appears to come from the user's email address, but this is faked. If you have received this email you can delete it and you do not need to report it.
If you responded to this message, contact OIT at helpdesk@rice.edu and change your password immediately. If you have not responded, you may delete the email and do not need to report it.
If you responded to this email please contact RUPD at dispatch@rice.edu. If you have not responded, you may delete the email and do not need to report it.
Other Scams
If you receive any other kind of scamming or phishing message, please send a ticket to helpdesk@rice.edu.