FROM: University Technology Services RE: RE: UTech Security Awareness Bulletin - Fake Cal U SharePoint Messages
Sent: 3/30/2021 3:47:49 PM
To: Students, Faculty, Staff
From: UTech Security
RE: UTech Security Awareness Bulletin - Fake Cal U SharePoint Messages
Recently, a flood of fake SharePoint file download messages have been circulating through e-mail. These messages claim to originate from California University of Pennsylvania, and attempt to trick the user into clicking a link and providing their username and password. The file may also be malicious.
Phishing is the act of sending an e-mail to a user falsely claiming to be another trusted user or company in an attempt to steal their credentials. The e-mail can contain a link to a fake web site that asks the user to enter personal information such as username, password, credit card number, etc. or download malicious files which can result in a ransomware infection.
There are several signs you should look for to identify a phishing e-mail:
- The most obvious is the ‘from’ address. Is this a valid Cal U email address? Many times the address in a phishing message is not.
- Any e-mail asking for your name, birth date, social security number, e-mail username, e-mail password, or any other type of personal information, no matter who the e-mail appears to be from, is almost certainly a scam. California University of Pennsylvania and most other businesses do not send unsolicited e-mail requesting personal or financial information.
- E-mails that are poorly worded, have typos, or have phrases such as "this is not a joke" or "forward this message to your friends" are generally scam e-mails.
- Emails that contain the: [External]: This email originated from outside of California University of Pennsylvania tag…yet are supposedly from a Cal U email account indicate phishing.
- Phishing mail often includes official-looking logos and other identifying information taken directly from legitimate Web sites, and it may include convincing details about your personal information that scammers found on your social networking pages.
- Emails where the information doesn’t align. Does it say that 2 different people shared a file with you in the same email? That’s impossible and a scam intended to trick you!
- A few phrases to look for if you think an e-mail message is a phishing scam are:
- "Verify your account."
- "If you don't respond within 48 hours, your account will be closed."
- "You have won the lottery.”
How to avoid being a victim:
- Verify the sender (from) address. This should be the 1st thing that you do on a suspicious email.
- Verify the URL (web address) of a website before clicking on a link. Malicious websites may look identical to a legitimate site, but the URL may use a variation of spelling or a different name.
- Don’t send sensitive information over the Internet before checking a website’s security.
- Guard your username/password and really be careful before you enter it into websites.
- Do not reveal personal or financial information, and do not respond to e-mail solicitations for this information. This includes following links sent in e-mail.
- Never respond to suspicious e-mails or click on links/downloads inside suspicious messages. Be especially careful when clicking a file to download! The stakes are high - Clicking the wrong file could result in a ransomware infection where all files on your computer are unreadable! Make sure that you are 100% sure that a file is legit before opening it.
Note: California University of PA will NEVER ask you for a password or account information via e-mail.
If you are unsure if an email is legit, DO NOT open it and forward it to abuse@calu.edu. Please err on the side of caution!