Active Email Phishing Threat Advisory November 07, 2018

From: Office of Information Technology < No-Reply@ccny.cuny.edu >
Sent: Wednesday, November 07, 2018 3:40 PM
To: City College Community
Subject: Active Email Phishing Threat Advisory

CCNY OITCCNY IT header image

 

Dear City College Community Member:


There is an active phishing email threat targeting City College and CUNY student email accounts. The email seems to come from an unknown sender using an external email address. If you received or responded to similar email please report it to ITsecurity@ccny.cuny.edu and delete the email immediately.
Phishing Technique

The student receives email(s) on student Office 365 account offering employment. The messages were forwarded to the student by other students who also presumed it was a legit offer. The student follows the link, applies, and then receives a packet in the mail with a check (compensation) and instructions. The instructions provided a pretext of performing experience evaluations ("secret shoppers") in return for the compensation. It says to purchase iTunes or Amazon gift cards, scratch off to reveal the code and forward a picture of the card and code and information about the purchase experience. A $100 bonus would be sent if this is done within 24 hours. Of course the check was fake and bounced, but by that time the student had purchased the gift cards, provided the codes, and the victimization was complete. See sample below:


email alert


General Information

  • This is a phishing scam and not a legitimate offer of employment.
  • Do not provide the numbers on the back of an iTunes or Amazon gift card to someone you do not know.
  • Immediately report potential scams to your local police department as well as the FTC (ftccomplaintassistant.gov ).

For more information please read the CUNY Phishing Advisory posted at CUNY Issued Security Advisories under the CUNY Issued Security Advisories.
In addition, we suggest you complete the 30-minute Security Awareness Course viewable here: Security Awareness Course

The following links provide useful resources to help you better understand, identify and avoid phishing scams and how to protect yourself from cyber fraud:

Screenshots of Convincing Phishing Emails
http://www.malwarehelp.org/screenshots-of-phishing-email-messages.html

Ouch! security newsletter on the topic
http://www.ccny.cuny.edu/it/upload/2013-02_OUCH_Email-Phishing-Attacks.pdf

CCNY Information Security website, including CCNY/ CUNY policies
https://www.ccny.cuny.edu/it/security

United States Computer Emergency Readiness Team
https://www.us-cert.gov/report-phishing

Federal Trade Commission
http://www.consumer.ftc.gov/topics/repairing-identity-theft
If you received or responded to similar email please report it to
ITsecurity@ccny.cuny.edu and delete the email immediately.


The Office of Information Technology

servicedesk@ccny.cuny.edu " shape="rect" /> Facebook IT Twitter CCNY IT YouTubeIT footer