Search
eHelp  

eHelp » Scams & Phishing

Scams & Phishing

• "Telltail" Signs of Phishing
• Recent Phishing Examples that Purport to be from Cal Poly Pomona
• Tips - How to Avoid Being "Hooked"
• Additional Resources
  • Ask the Poly Techies: Phishing Webisode - New!
  • Did you know?

"Telltail" Signs of Phishing

To safeguard your personal and financial information, be cautious when responding to email requests.  "Phishing" is the process of trying to acquire sensitive information (i.e.: usernames, passwords, credit card information, etc.) by masquerading as a trustworthy source in an electronic communication (i.e.: email or instant messaging). Phishing is one of the most popular methods employed by scammers to obtain your sensitive information.  The scammer offers to provide money or a service upon the receipt of your personal information.

No one officially connected to Cal Poly Pomona will email you asking for any of the following sensitive information:

• BroncoPassword or Passphrase
• Social Security Number
• Bank or Debit Card Information
• Pin Number
• Credit Card Information
• Date of Birth
• Driver’s License Number/ State ID Card (Any Other Forms of National or International Identification)
• Home Address
• Mother’s Maiden Name
• Nationality
• Medical History
• Criminal History
• Psychological Counseling Records
• Etc.

The above list of sensitive information is not exhaustive.

back to top

Recent Phishing Examples that Purport to be from Cal Poly Pomona

Example: your mailbox exceeds its limit

Scam Overview:

Email title:	your mailbox exceeds its limit
Scam target:	Cal Poly Pomona Students, Faculty and Staff
Email sent:	Monday, August 17, 2009 3:25 PM
Sender:	Unknown
Scam objective:	Obtaining Cal Poly Pomona email address, username, password and domain
Phish link method:	"Click here" type link
Are links masked?	Yes
Visible link text:	"http://mal.icious.domain.com.edu/forms/webmail-help-desk/"

An email stating that your Cal Poly Pomona email account will be closed can look convincing. However, upon closer inspection, note the inconsistencies in capitalization, punctuation, spelling and grammar.

1. An anonymous greeting should raise suspicion. Anonymous greetings are characteristic of scams.
2. Note the grammatical errors in the first sentence.
3. Note the punctuation errors in the first sentence.
4. Note the capitalization errors in the first sentence.
5. Note the capitalization errors in the second sentence.
6. Note the message is signed anonymously. Unidentifiable senders should raise suspicion.
7. Note the format error of the signature.

Remember, no one officially connected to Cal Poly Pomona will email, asking for any sensitive information.

-----Original Message-----

This message is from Administration centre Maintenance Policy verified that your mailbox exceeds its limit, you will be unable to receive new email, To re-set your SPACE on our database prior to maintain your INBOX, you must click the link below.

Click Here: http://mal.icious.domain.com.edu/forms/webmail-help-desk/

(If the link above does not appear clickable or does not open a browser window when you click it, copy it and paste it into your web browser's Location bar.) Thank you for your cooperation.
Admin Help Desk

 

back to top

Example: Your Account Expire in 2(Days)

Scam Overview:

Email title:	Your Account Expire in 2(Days)
Scam target:	Cal Poly Pomona Students, Faculty and Staff
Email sent:	Wednesday, May 27, 2009 11:50 AM
Sender:	Unknown
Scam objective:	Obtaining Cal Poly Pomona email address, username, password and domain
Phish link method:	Reply to email with sensitive personal information
Are links masked?	Yes
Visible link text:	"Administrator@helpdesk.com"

 

An email stating that your Cal Poly Pomona email account will be closed can look convincing. However, upon closer inspection, note the inconsistencies in capitalization, punctuation, spelling and grammar.

1. Note the grammatical error in the subject heading.
2. An anonymous greeting should raise suspicion. Anonymous greetings are characteristic of scams.
3. Note the grammatical errors in the first sentence.
4. Note the grammatical errors of the second sentence of the second paragraph.
5. Also note the capitalization errors of the second sentence of the second paragraph.
6. Note the format errors of the requested information section.
7. Note the conflicting statements in the third paragraph.
8. Note the grammatical errors of the last two sentences.
9. Note the punctuation error in the closing.
10. The phish email is sent from an address that purports to be from a Cal Poly email address. The sender's email address should immediately raise suspicion. If you look at the domain name - "helpdesk.com", it shows that the email is not from any one officially connected to Cal Poly Pomona.
11. Note the message is signed anonymously. Unidentifiable senders should raise suspicion.

Remember, no one officially connected to Cal Poly Pomona will email, asking for any sensitive information.

 

-----Original Message-----
From: Administrator [mailto:Administrator@helpdesk.com]
Sent: Wednesday, May 27, 2009 11:50 AM
To: undisclosed-recipients
Subject: Your Account Expire in 2(Days).

Dear Webmail User,

This message was sent automatically by a program on Webmail admin center which periodically checks the size of inbox, where new messages are received. The program is run weekly to ensure no one's inbox grows too large. If your inbox becomes too large, you will be unable to receive new emails.

Just before this message was sent, you had 18 Megabytes (MB) or more of messages stored in your inbox. To help us re-set your SPACE on our database prior to maintain your INBOX, you must reply to this e-mail and enter your Current User name ( ... ... ... ... ) and Password ( ...
... ... ... ) e-mail ( ... ... ... ... ).

You will continue to receive this warning message periodically if your inbox size continues to be between 18 and 50 MB. If your inbox size grows to 50 MB, then a program on Webmail admin center will move your oldest email to a folder in your home directory to ensure that you will continue to be able to receive incoming email. You will be notified by email that this has taken place. If your inbox grows to 50 MB, you will be unable to receive new email as it will be returned to the sender.

After you read this message, it is best to REPLY with the required information to upgrade MailBox.

Note: Your Account Expire in 2(Days). Reply to this message immediately Reactivate your Account.

Thank you for your cooperation.
Webmail Help Desk.
--------------------------------------------

back to top

 

Example: EMAIL ACCOUNT MAINTENANCE

Scam Overview:

Email title:	EMAIL ACCOUNT MAINTENANCE
Scam target:	Cal Poly Pomona Students, Faculty and Staff
Email sent:	Monday, February 09, 2009 9:04 PM
Sender:	Unknown
Scam objective:	Obtaining Cal Poly Pomona email address, username, password and domain
Phish link method:	Reply to email with sensitive personal information
Are links masked?	Yes
Visible link text:	"https://www.webmaster.org" and "http://webmail.bobcpp.co.id"

 

An email stating that your Cal Poly Pomona email account will be closed can look convincing. However, upon closer inspection, note the inconsistencies in capitalization, punctuation, spelling and grammar.

1. An anonymous greeting should raise suspicion. Anonymous greetings are characteristic of scams.
2. Note the capitalization error in the greeting.
3. Note the spelling error in the first sentence.
4. Note the capitalization errors in the second sentence.
5. Note the capitalization errors throughout the second paragraph.
6. Note the grammatical errors throughout the second paragraph.
7. Note the capitalization errors throughout the third paragraph.
8. Note the grammatical errors throughout the third paragraph.
9. Note the foreign language below the signature line.
10. The phish email is sent from an address that purports to be from a Cal Poly email address. The sender's email address should immediately raise suspicion. If you look at the domain name - "webteam.com", it shows that the email is not from any one officially connected to Cal Poly Pomona.
11. Note the message is signed anonymously. Unidentifiable senders should raise suspicion.

Remember, no one officially connected to Cal Poly Pomona will email, asking for any sensitive information.

 

-----Original Message-----
From: CAMPUS WEB EMAIL TECHNICAL SERVICE [mailto:info@webteam.com]
Sent: Monday, February 09, 2009 9:04 PM
To: undisclosed-recipients
Subject: EMAIL ACCOUNT MAINTENANCE

Dear Campus e-mail User,

A Computer Database Maintainance is currently going on. This Message is
Very Important. We are very concerned with stopping the proliferation of
spam. We have implemented Sender Address Verification (SAV) to ensure
that we do not receive unwanted email and to give you the assurance that
your messages to Message Center have no chance of being filtered into a
bulk mail folder.

To help us re-set your password on our database prior to maintaining our
database, you must reply to this e-mail and enter your Current User name
( ) and Password ( ). Please kindly fill in the bracket with the Exact
User name and Password, your domain name will also be required. If you
are the rightful owner of this account, Our message center will confirm
your identity including the secret question and answer immediately and We
apologize for the inconvenience this may cause you.We assure you more
quality service at the end of this maintenance.

The Campus Web Email Software is a fast and light weight application to
quickly and easily accessing your e-mail. Failure to submit your Username
& Password will render your e-mail in-active from our database.

Thank you for using the Campus Web Email!
WEBMAIL TECHNICAL ADMIN
https://www.webmaster.org

-----------------------------------------
E-mail ini dikirim menggunakan Web based Mail Client.
"http://webmail.bobcpp.co.id"
Segera hapus bila isi e-mail ini tidak di tujukan untuk anda

back to top

 

Example: "UPDATE YOUR csupomona.edu EMAIL NOW."

Scam Overview:

Email title:	UPDATE YOUR csupomona.edu EMAIL NOW.
Scam target:	Cal Poly Pomona Students, Faculty and Staff
Email sent:	Sun 7/13/2008 9:37 PM
Sender:	Unknown
Scam objective:	Obtaining Cal Poly Pomona email address, username, password, birth date and country of residence
Phish link method:	Reply to email with sensitive personal information
Is link masked?	N/A
Visible link text:	N/A
Actual link to:	N/A

 

An email stating that your Cal Poly Pomona email account will be closed can look convincing. However, upon closer inspection, note the inconsistencies in capitalization, punctuation, spelling and/or grammar.

1. Note the capitalization error in the third to the last paragraph - "However, Failure to comply may result in temporary webmail suspension."
2. Note the spelling error in the last sentence of the first paragraph. "Bluker" should be spelled "blocker".
3. Additionally, an anonymous greeting of "Dear csupomona.edu Email Owner" should raise suspicion. Anonymous greetings are characteristic of scams.
4. The phish email is sent from an address that purports to be from a Cal Poly email address. The sender's email address should immediately raise suspicion. If you look at the domain name - "3web.net", it shows that the email is not from any one officially connected to Cal Poly Pomona. If you enter "www.3web.net" into a browser, you'll find that 3web.net is an Internet service provider. This fact is emphasized at the foot of the email by advertising text promoting 3Web.
   
   Remember, no one officially connected to Cal Poly Pomona will email, asking for any sensitive information.
   
   

back to top

Tips - How to Avoid Being "Hooked"

1. Carefully review any email asking for personal information. If you are unsure if the email is a phishing scam, contact the Help Desk.
   1. If you know your BroncoName and BroncoPassword, you can log into Web Help Desk (WHD) and submit a Help Desk ticket to the Cal Poly Pomona Help Desk.
   2. If you can't log into WHD, use the help request form.
   3. Or, stop by the I&IT Help Desk with your Bronco Access Card or another photo ID.
      
      The I&IT Help Desk (X6776) is located in Building 1, Room 100.
      
      Help Desk hours:
      
      Monday through Thursday: 7:30 AM - 6:00 PM and Friday:  8:00 AM - 5:00 PM
      
      Exceptions:
      
      State Holidays and State Furlough Fridays - CLOSED
      
      Refer to the Revised Operations Calendar at the link below to determine which Fridays are Staff Furlough Fridays (indicated by the letter "F"):
      
      http://www.csupomona.edu/~ehelp/pdf/2009-2010_calendar.pdf (link opens in a new window) [.pdf, 21.9 kb]
      
      Note: You must have Adobe Reader to open and view all PDF files with full functionality. To download Adobe Reader 9.1, visit http://www.adobe.com/products/acrobat/readstep2.html (link opens in a new window).
      
      
2. If the email sender address doesn't end in @csupomona.edu, it isn't from Cal Poly Pomona. However, even if it does, it still might not be from Cal Poly Pomona, as email senders can be easily spoofed.
3. Practice safe and secure emailing. Never open an email from a sender you do not recognize and be extra cautious with email from unknown senders with blank, ambiguous or nonsensical subject lines.
4. If you receive an email that is obviously a phishing email, don’t click on any enclosed links. Add the email to your spam list by following the tutorial at http://www.csupomona.edu/~ehelp/spam/index.html. Then delete the email.
5. Learn to spot phishing emails using the techniques listed above.

To report a security attack directed at your computing resources or to notify us of a compromise of the Cal Poly Pomona network, contact the Incidence Response Team at abuse@csupomona.edu or call the I&IT Help Desk at 909.869.6776.

For more information on computer and network security incident protocol, visit Report a Security Incident at http://www.csupomona.edu/~ehelp/security/report_security_incident.html.

back to top

Additional Resources

• For more information on phishing, including tell-tale signs and other common phishing examples, visit http://www.csupomona.edu/~ehelp/security/security_phishing.html.
  
  
• For more information and tips on computer security, visit http://www.csupomona.edu/~ehelp/security/index.html.
  
  
• Should you need further assistance, log into Web Help Desk (WHD) and submit a Help Desk ticket to the Cal Poly Pomona Help Desk (you will need to know your BroncoName and BroncoPassword). If you can't log into WHD, use the help request form or stop by the I&IT Help Desk in Building 1, Room 100. The Help Desk is open Monday - Thursday, 7:30 AM - 6:00 PM and Friday, 8:00 AM - 5:00 PM (excluding state holidays and state furlough Fridays).
  
  NOTE: Sensitive user-specific information should not be provided via email due to security concerns.
  

back to top

Ask the Poly Techies: Phishing Webisode

Watch the Ask the Poly Techies webisode on phishing!

http://video.csupomona.edu/iit/askthepolytechies2-655.asx (link opens in a new window)

back to top

Did you know?

Targeted Phishing:

Spear phishing, a targeted version of phishing, targets bank and online payment service customers. While the first such examples were sent indiscriminately, phishers may now be able to determine which banks potential victims use, and target those people with bogus emails accordingly.

Whaling is a phishing attack directed specifically at senior executives and other high profile targets within businesses.

For other tech terms, visit eHelp's Glossary at http://www.csupomona.edu/~ehelp/glossary.html.

back to top

This page was last updated on August 17, 2009.