Scams: Phishing and Other Fraudulent E-mail

If you suspect an email is phishing, use the report email function in Outlook. If you feel you may have fallen for a scam, contact DoTS. If your identity was stolen or you suffered a financial loss, contact the police where the incident occurred.

Spam is irrelevant or inappropriate messages sent on the Internet to a large number of recipients. Items on this page are more malicious than receiving spam.

What is Phishing?

Phishing Drills Scheduled Dec 4-8, 2017E-mail accounts are easy targets for a wide variety of fraudulent communications for scams (such as fake job opportunities) and phishing (emails asking you to reply or taking you fake websites to obtain your credentials). While our e-mail filtering services prevent many of these from reaching your Inbox, some do make it through.

There is also "Smishing" for SMS (text messages) and "Vishing" for voice calls.  Beware of portal media also, such as USB devices or flash cards which could be infected with viruses.

The University is required to conduct continuous awareness training events.  On-going phishing drills will be ran through out the year, so be on your toes! Don't click the link!  Don't answer the text message.  Hang up on the fraudulent caller.  Do not plug that thumb drive you found into your computer!

Don't Click the Link!

UW-La Crosse has a great video on "Don't Click on the Link" that helps to illustrate some of the methods we describe below.

Recognizing Phishing E-mails

Phishing e-mails are messages designed to obtain your account credentials.  Once the sender has obtained your credentials, they're most often used to send out junk mail, though in some cases the logins have been used to obtain access to identity information.  These usually have one or more of the following properties:

  • Bad spelling and/or grammar - official e-mails are usually reviewed by multiple people prior to being sent to ensure proper spelling and grammar.
  • Links to click to log in - legitimate e-mails sometimes contain links to a login page, but more often will link to a page with more information. You can often hover your mouse pointer over an e-mail link in a message to gain additional clues; your computer's web browser should display the actual link destination either near the link or in its status bar.  If you unsure are whether the message is legitimate, please check with the purported source or with DoTS before clicking a link in the message.
  • Threats - phishing e-mails usually contain a time-sensitive threat regarding your account access. While DoTS does send notices regarding account access, the notices do not offer the opportunity to avoid access loss.  See the list of related articles on this page for more information on when Falcon Account access is removed.
  • Faking/spoofing legitimate branding or logos - phishing e-mails and websites sometimes contain legitimate-looking graphics.  Most legitimate official e-mails do not contain branding. If you are on a page asking you to log in with your Falcon account credentials, verify the web address in the URL bar starts with a uwrf.edu address such as https://idp.uwrf.edu/ or that you were sent to the login page from a legitimate uwrf.edu site.

If you question whether an e-mail or login page is legitimate, please contact DoTS.  We are happy to answer questions about the legitimacy of a questionable e-mail or website.

Recognizing Scam E-mails

Scam e-mails encompass a wide variety of fake opportunities:

  • "Old-Fashioned" Fraud Schemes (some of which predate e-mail): bogus business opportunities, chain letters, work-at-home schemes, health and diet scams, easy money, "free" goods, investment opportunities, bulk e-mail schemes and "guaranteed" loans. As with many things, if it's "too good to be true", it probably is not legitimate.
  • Bogus Job Opportunities: opportunities which promise you a great deal of money with very little effort, including phrases like "work only hours a week", "set your own hours" and "work from home".  Once contacted, these employers may contact you to obtain financial information under the guise of setting up payroll. While some job opportunities may be legitimate, it's always better to be safe than sorry, particularly when your bank and/or identity information is involved.  Never provide banking information, your social security number, or ID information unless you are certain it is for a legitimate reason. Often times, bogus job opportunity e-mails contain wording including “money transfers”, “wiring funds”, and “cashier’s checks”.  Be cautious if a contact e-mail address does not utilize a primary domain.  For example, an employer named "Omega Inc." with a Yahoo! e-mail address is suspicious.  Grammar and spelling errors are also red flags that an opportunity may be a scam.  Contact Career Services if you have questions about a job opportunity.
  • Health and Diet Scams: these scams prey on insecurities some people have about the state of their well-being. They attempt to lure customers with promises of quick fixes and amazing results, discounted pricing, fast delivery, waived prescription requirements, privacy and discreet packaging. These scams may contain phrases similar to "reduce body fat and build lean muscle without exercise", "takes years off your appearance", and "gives energy and burns fat".  Though they may seem to be backed by customer testimonials, beware: the products don't work.  Contact Student Health Services or your doctor if you have questions about health offers.
  • Discount Software Offers: these offers may offer popular and expensive software at low prices.  As a student or university employee, you have access to software discounts through a number of avenues, including Microsoft Office 365 and the University Bookstore. There are a number of easy-to-find legitimate retailers online as well. If you have questions about an offer, please contact DoTS.
  • Advanced Fee Fraud (419/Nigerian Scams): these schemes are quite elaborate and despite their somewhat preposterous appearance manage to hook a surprising number of victims, enticing them into a bogus plot to acquire and split a large sum of cash.  These messages often request urgent response and may reference African locations or nationalities. There are thousands of variations of these messages, but in short if you receive an e-mail proposing an arrangement to secure and split funds in a foreign land, you can safely assume it's a scam.

Related Sites

Details

Article ID: 11103
Created
Mon 2/8/16 10:22 AM
Modified
Fri 2/16/24 2:26 PM

Related Articles (5)

Cisco IP Phone: Caller ID
Caller identification (Caller ID) technologies: Inbound, Outbound, Number, Name and Spoofing
Falcon Account: When is access given or removed?
When do I lose access to technology resources after I leave UWRF?
Microsoft Office 365: I clicked a link in a phishing email
I think someone knows more about me than I want them to.
Security
Helping to protect against threats.