|Phishing (e-mail scams)||St. Norbert College|
"Phishing" e-mails – scams designed to get you to reveal your personal information so they can access your accounts and steal your identity – have become more frequent and more targeted to SNC. This targeting makes them more dangerous because they’ve learned things about the College and adjusted their messages accordingly to try and make them seem more legitimate. Sometimes they even take over an SNC account and use it to send scams to other SNC people. Unfortunately, some SNC users have fallen for these scams and the results have been very serious, both for the individuals and the College. The most important thing to know about these types of messages is:
They are never legitimate. No one who works at St. Norbert College will ever ask you for your password, and we never send e-mail asking for personal information.
The only time we ever contact you about your account is:
It is important to learn to recognize legitimate message from SNC:
View samples of those legitimate messages and tips to help you discern whether a message is legitimate (login required)
If you ever have any concerns about a message, ASK! We would much rather have people call and ask every day than have even one person fall for a scam.
Another important thing to remember: Messages from SNC Tech Support/Help Desk/IT will never be in your spam quarantine. If it's in there, it's not from us!
What happens when someone responds to a phishing scam
What happens to you: Your e-mail account is taken over. The perpetrators can then send spam & scams from your account, forward your mail to their own account so they get a copy of everything you get, and read/copy everything you have saved in your e-mail. Think about all of the things in your e-mail – pay stubs with bank account numbers, messages from banks and other online accounts, etc. With the information you send them and what they collect from your e-mail, the criminals will probably have enough to steal your identity.
What happens to the College: It only takes one person to mess things up for the entire College. How? Once they’re in your account, they use it to send spam. Spam coming from an snc.edu address causes SNC to get blacklisted, so e-mail from all snc.edu addresses is blocked by outside companies/organizations. This gives SNC a bad reputation, causes a lot of work for our IT staff who have to get us off of the blacklists, and frustrates a lot of SNC people who can't send e-mail to their colleagues, friends, & relatives. Further, once they get in to your account, they may use it as a gateway to other accounts/systems, jeopardizing the safety of the College's systems and other users.
Examples of some of the scams we’ve seen
Subject: ST. NORBERT COLLEGE INTERNET USER
From: St. Norbert College <firstname.lastname@example.org>
Message body: asks for User ID and Password, and threatens to deactivate the webmail account if the recipient does not reply.
Subject: Confirm Your School Webmail Details
From: School WebMail Support Team <email@example.com>
Message body: asks for E-mail id, Password, and Date of Birth, and threatens to suspend the webmail account if the recipient does not reply.
Subject: Dear Edu Subscriber
Message body: asks for your "Edu Email Account Username and Password" and threatens to "render your email account deactivated from our database."
Subject: Your mailbox has exceed it's quota limit
From: "St. Norbert College"
Message body: says you have exceed the storage limit on your mailbox and directs you to click a non-SNC link to "upgrade your account."
For non-SNC scams, the messages appear to come from an established business (AOL, Amazon.com, eBay, PayPal, etc.) or financial institution (US Bank, Wells Fargo, Citibank, etc.) with whom lots of people do business. They may claim that there's a problem with your account, that they've had computer system problems and lost your information, or that there's been fraudulent activity on your account (which is exactly what they intend to perform!). They ask you to click on a link in the message to go to the company's web site and "verify" or "update" your information. If you click the link in the e-mail message, however, the web site it takes you to will be a fake site run by the scammers, which they've set up to look exactly like the real site for that company. Whatever information you enter on the fake site gets sent to the criminals, who then use that information to get into your account(s).
There's no end to the types of clever scams they think up. There are even scams where they take over someone's e-mail account, and then e-mail all the person's friends pretending to be the person. They claim to be having some kind of problem and need money, for example that they've traveled to another country and were robbed and need money to get home. There are many variations of these scams, so you can't rely on any particular word, address, or other indicator to identify them. Instead, just remember that no legitimate company or organization would solicit your personal information in this way.
What to do when you get a phishing message
Just delete it.
How to avoid becoming a victim of one of these scams
This is an area where the technology can't protect you (until someone invents anti-scumbag software!), so you have to protect yourself. There’s no need to avoid online shopping, banking, and bill paying, just use good common sense & caution.
What to do if you’ve responded to a phishing scam
Immediately change your password to something that’s as complicated as you can make it – using symbols, upper- and lower-case letters, and numbers – and is completely unlike your previous password. (No, you can’t just stick a different number to the end of the same password. You shouldn’t be doing that anyway!)
If it’s your SNC account, call the Tech Support Help Desk right away and ask to speak to a professional so that we can assess any damage to the College’s systems and resources and advise you further. If it’s a non-SNC account, contact the company via telephone, explain what happened, and have them put the appropriate fraud alerts on your account.
If you only remember one thing...
No one who works at St. Norbert College will ever ask you for your password, and we never send e-mail asking for personal information.
If you have questions about this information, or if you are ever unsure about the legitimacy of an e-mail message, contact the Information Technology Services Service Desk at (920) 403-4040 or firstname.lastname@example.org.
Printable version of this page