This summer saw a global spike in certain email phishing scams and other scams. The Northwestern Information Security team keeps a running list of phishing messages targeting our community to help provide awareness and recognition to email threats. Below are four of the most common scams seen by Northwestern University over the summer.
Gift Card Scam
https://sites.northwestern.edu/secureit/2020/07/02/quick-request-scam/
- Also known as the “Task” or “Quick Request” scam, this attack begins with a scammer pretending to be someone known to the recipient, typically an authority figure. The scammer will pretend to need urgent help with some task and will ask for a cell number where they can reach the recipient. The end goal of this scam is to convince the victim over text messages to purchase gift cards and provide them to the scammer. While not an incredibly sophisticated ruse, scammers have seen enough success to continue attempting this popular con.
Unemployment Fraud (Identity Theft)
- This scheme involves thieves obtaining people’s personal information and using their stolen identities it to fill out fraudulent unemployment claims. This plot is often identified when a victim’s employer receives notice that they have filed for unemployment, or when the victim attempts to legitimately apply for unemployment, only to learn that a fraudulent application, using their information, has been filed in the past.
COVID-19 Related Scams
- These deceptions have relied on exploiting the unusual circumstances of life during a pandemic. The attempted cybercrime typically involves either phishing or malware. In the malware version of the attack, attackers claim to be representatives from a trusted source (such as the CDC) and will send emails including malicious attachments that can infect a victim’s computer. Phishing scams in this subgroup include invitations for fake videoconferencing meetings or webinars, naming services such as WebEx or Zoom. When a user clicks the bogus videoconferencing link and enters their credentials, the scammer gains access to their accounts.
Phishing/Spear phishing through sending phony links
https://sites.northwestern.edu/secureit/2020/08/21/anatomy-of-the-spear-phish/
- One of the most common ways for scammers to meet their various nefarious goals is by phishing (or spear phishing) for users’ credentials through emails. Phishing emails typically include a link that takes victims to a site that requests they enter their credentials. Once a victim provides their username and password, the scammer gains access to the victim’s account.
Guard against all four of these scams by securing your identity, protecting your passwords, and using multi-factor authentication whenever possible.