Main content

Beware Phishing Scams - Don’t be a Victim

Beware Phishing Scams - Don’t Become a Victim

We have been warning about email Phishing scams for a long time, and while the situation has improved due to a combination of increased awareness and vigilance and improved technical countermeasures – Phishing remains a real threat.

The message remains the same – when using email and web systems, be careful where you click. Never give your account credentials to anyone, for any reason. Purchase College will never ask you to confirm or validate your UserID and password via email.

Spotting the telltale signs of a scam:
Purchase College will never threaten to disable your account on such short notice, or threaten the loss of all of the information in your mailbox. While you are prompted to enter your College credentials when you log into a Purchase College server, those will always be on a college-owned site - xyz.purchase.edu- or on a federated xyz.suny.edusite.

Placing your cursor over the embedded “click here” link in the message above clearly shows that this is NOT a Purchase College link. A torrent of threats – it expires today – it’s full – you are going to loose (sic) all your information – and the other nonsensical text – are all clear indications that this is a scam.

But don’t be lulled into complacency – some spammers can actually both spell and construct whole sentences. Always check the links, and please call CTS if you have any doubts whatsoever. We would much rather congratulate you on your phish-finding skills than clean up a mess after the fact.

Not all phishing comes through email – if you get a call asking about your account, your computer, or anything that seems out of the ordinary – and you don’t actually know the caller, be suspicious and let someone know.

In spring 2014 alone, 24 faculty, students and staff fell victim to phishing scams. Those accounts sent over 18,000 additional spam or phishing messages. Our automated “phish net” detection system suspends the account within minutes, but by then the damage is done. The individual is unable to send or receive mail, and our institutional reputation is damaged as other domains flag Purchase College as a source of spam - and decline to accept mail from us.

A constant stream of phishing and email scams continues to be sent to the Purchase College community. The ones that ask for your UserID and Password may be obvious fakes, and most people may quickly recognize those - but other spammers are sneakier and harder to spot - they depend on our inclination to follow specific instructions or harmless looking links, and they exploit our fear of losing access to our accounts, or our wishfullness that “your salary raise” has been confirmed - or anything else that might appeal to someone.

Telltale signs that a message should be treated with caution:
• Messages that ask you to do something – respond with information, open the attachment, follow a link to provide more information, re-validate your account or mailbox, prevent loss of access to your mailbox, etc.
• Messages about your tax return or tax liabilities
• Messages about a package delivery – when you aren’t expecting a package.
• Any message offering you an investment opportunity or asking for your assistance
• Messages from an anonymous source like “System Administrator” - or from a source outside the college
• Poorly written, misspellings or poor grammar (“Your Mailbox Has Exceeded It Storage Limit”)
• CTS maintains the college’s servers and workstations, and does not ask the campus community to patch their own machines or assist us in maintaining our systems.

If you receive a message with these telltale signs in it:
• Watch the URLs that appear in the bottom of your browser window when you hover your over a link.
Watch out for links to foreign countries (i.e. domain names that end in “.ru” or “.cz”) slightly misspelled versions of major brands (i.e. “payapl.com”) or “exe” file types at the end of the URL.
• Look at the originator’s address – spammers sometimes attempt to disguise by inserting “something.purchase.edu…” in front of the actual domain name (the 2ndto last part of the address) “Somesuch.Purchase.edu.Concentral.net” is really “ConCentral.net” – and NOT purchase.edu.

Phish are easier to spot if you understand the structure of Web addresses or URLs. URLs have three components, separated by dots - “Host.Domain.Type” – so “www.purchase.edu” is the “www” host (a host is a specific server name) in the domain “purchase,” which is an “edu”(cation) domain. The host name (specific server name) is considered to be anything to the left of the second period ( the whatserver part of “whatserver.purchase.edu”) and the hostname can be qualified by additional periods – for example “independent.blogs.purchase.edu” (blogs is the server name, independent is one of the blogs).

Spammers count on us reading from left to right , but with URL’s you really should read from right to left. For example, www.purchase.edu.something.evile.phishermen.com may start out sounding ok, but you end up at the domain evile.phishermen.com. The last two sections on the right are the domain this destination is in, and everything to the left of those last two sections is just a server name - and far less meaningful. Spammers are counting on us not reading the URLs carefully.

What about those cute Tiny URLs?
TinyURLs are those are gobbledygook redirects that aren’t any easier to remember or pronounce than the longer ones they replace – they are just shorter – and maybe cuter: i.e. http://tinyurl.com/a7su6- but since there is no way of knowing where you are being redirected to, Purchase College will not use tiny URL links in official communications, nor do most other legitimate enterprises.

Can you spot a phish?
Think you can spot a phisherman when you see one? Try taking the phishing test and see how well you do. When I take the test I usually score 7 or 8 out of 10 – can you do better? After taking the test, make sure you look at the “Why” links for the ones you missed.

https://www.sonicwall.com/en-us/phishing-iq-test-landing

 

Harder phish:
There is also a growing trend toward “spear-phishing” – specifically targeting high-value individuals like managers and executives whose accounts have elevated access.

Thought the cold-war was over? It just moved. The majority of phishing messages can be traced to countries behind the Iron Curtain, or to China - and many experts suspect there is tacit state sponsorship. Many Phishing messages aim for identity theft - but many others aim for theft of trade secrets, research, and intellectual property.

The news is FULL of reports of major commercial, banking and government agencies whose systems have been compromised, and phishing is the main way that these evildoers get in.

Please, exercise caution in handling email messages and unknown callers. If you have any doubts, it never hurts to call CTS and ask.