The online e-mail phishing and spear-phishing scams have been increasing in frequency as the semester ends. The two favorite scams are to spoof e-mails from department directors (or even the VPAA, or CTO, or President's office) to direct reports asking for a "favor". The scam is to try and get you to either purchase gift cards or some other financial related transaction as the "favor". The other scam is to offer a "job" and pay you to attach an advertisement to your vehicle and drive around town with it. Both are bogus.
To help combat these spoofs, Information Technology has activated a feature in our Microsoft e-mail to alert you if an e-mail message you get originated outside of TLU. An example is below. While not foolproof, it is intended as another tool to help TLU faculty/staff and students stay vigilant. Keep in mind that an e-mail that does not have this warning is not 100% safe either but at least it should help filter the ones that try to fake it.
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe
What to do:
- If you get an obvious scam the easiest thing to do is delete it.
- If you get a blackmail e-mail – do not reply. Delete it or send to firstname.lastname@example.org if you are concerned. We will report the abuse to the domain site and if need be contact law enforcement.
- If you get an e-mail that lists a password that you have used before, make sure that the password listed is not one you are using anywhere. If you are, change it to be safe.
- Do not use the same password for both personal accounts and TLU credentials. Make it harder for a hacker to gain access to all of your data.
- If you get an e-mail from someone you know that seems out of character, question it. Rather than reply (since that will go to the scammer), send a new message to the person asking them if it was legitimate. We have seen a lot of spoofed messages that were not really sent by the sender listed.
Finally, as a reminder, TLU IT will never ask you for your password over e-mail or by clicking any link or to renew or activate anything via an email link. So if you get an e-mail asking for that , no matter how official looking it is, it is a scam. Thanks for staying vigilant and helping keep TLU secure!