Email Phishing Attacks - Fraud/Scams/Intimidation

Introduction

Please forward phishing emails you receive to phishing@amherst.edu. We will block the phishing websites as soon as possible after receiving the phishing email sample.

Please DO NOT forward examples of spam to phishing@amherst.edu. Spam is annoying marketing clutter, while phishing is an attempt to defraud you.

Email phishing attacks are a type of fraud. Phishing is the practice of sending email that looks like it is from an institution such as a college, university, bank, brokerage house, IRS, USA or other government, law firm, the Post Office, UPS, FedEx, Amazon, eBay, PayPal or any store or social media.

Spear Phishing is a even more sneaky type of phishing, it is the practice of sending targeted messages, such as sending messages to those affiliated with Amherst College that pretend to be from Amherst College, Amherst IT, or an Amherst department, as a few examples.

Sometimes the email says that your email account is over quota, that you must click a link to reactivate or update your account, or that your must provide your user information to keep your account active. A common successfull type of phishing says you have a package waiting and to click to claim it or get the tracking information. Another common successful type of phishing says there is a problem with your Apple ID and tries to capture your Apple ID log in credentials. These are all made up things designed to obtain your user name and password and/or direct you to an attack website.  

Phishing emails often contain a link to a web page and/or explicitly ask you to enter your username and password. Once phishers have your account information, they could access your accounts for any sort of nefarious purpose including sending out large volumes of nuisance email or worse for identity and monetary theft. Attacks involving financial institutions or purchasing sites such as Amazon or iTunes often aim to steal money. Attacks asking for your Amherst username and password can be used to send thousands of spam messages from your account.

Spam is the electronic equivalent of junk, unsolicited and unwanted mail. The ultimate goal of the sender is to make a sale. 

How do you address each? For spam, you can set up a spam filter in your email. When it comes to phishing attempts: if something sounds or looks strange, it’s preferable that you do not take action based on the message, and instead report it to us for a recommendation by forwarding it to phishing@amherst.edu.

Intimidation are emails that threaten you with harm, that threaten with blackmail including saying they "know what you did" or that claim to know your browser or purchasing history and will publicize this, that purport to be from the IRS or other government agency and threaten you with audits or prosecution, and that say you have to send money to someone espeically by requesting gift cards. Do not engage with and immediately report intimidation emails to your local authorities. If received while on campus contact the Amherst College Police Department.

Instructions

Instructions: 

Protect yourself from phishing.

  • Do not share any passwords with anyone ever.
  • Amherst IT, your bank, FedEx, the IRS, your credit card company, etc. will never ask for your password, not by email, phone, text message or in person.
  • Financial institutions will communicate with you via secure messaging. Via regular email they will only notify you of waiting messages in their secure systems.
  • Don't send sensitive information including social security number, bank account, or credit card numbers via unencrypted email or text message ever.  
  • Do not purchase gift or cash cards or wire money because an email or text directed you to do, even if the message claims to be from someone you know. Always verify via another method such as a phone call, Skype or FaceTime, if the message seems to be from someone you know.
  • One sign of a phishing attempt is that the message may end with a simple signature line such as "Amherst College", "IT", or "Tech Support".
  • Never enter an account password into a spreadsheet, an email message, a text message or an unknown website.
  • Use our guide to Know where you are logging in.
  • Do not open or reply to phishing emails.
  • Do not click any buttons, images or links in any phishing emails especially those that say "unsubscribe" or "remove me from mailing list". Clicking anything in a phishing email could install malware on your computer. It will also cause you to receive more email from the spammers because they will know your email account is active.
  • Report intimidation messages to your local authorities.

Please forward phishing emails you receive to phishing@amherst.edu. We will block the phishing websites as soon as possible after receiving the phishing email sample.

If you reply to a phishing message with your Amherst user information call the IT Help Desk immediately at (413) 542 - 2526, email us at AskIt @amherst.edu or please fill out a Help Request Form.

If you replied to a phishing message with your financial account and/or credit card user information, first immediately notify your financial institution that your account is comprimised. Second report any theft or fradulent use of your identity to the police.

 


Additional Information

Additional Information: 

On this page below we will list some of the known phishing attacks on campus. For more, detailed information on phishing and spam, please visit the Cyber Security Alliance web site Stay Safe Online.

Service Categories

Service Categories: 
Security

Audience

Audience: 
Students
Faculty
Staff
Alumni
Five College Students
Applicants
Others

Tags

Examples of Phishing Attempts


This recent phishing attempt asks recipients to reply and include their account credentials. Please do not reply to such messages, and you can forward them to phishing@amherst.edu. We will never request your account credentials and we do not need them to provide support.  

Sent: Friday, September 30, 2016 7:30 AM
Subject: To All Faculty/Staff.

Message from HelpDesk, New security updates need to be performed on our servers, due to the rate of phishing and We are changing our Microsoft server to the new outlook web access, send to help us verify with the information below,

Name....

Email....

Domain/username...

Password....

Department... 

Reply via ICT Helpdesk Email; microteam@consultant.com 

Sincerely,

IT Department

©2016 Microsoft outlook. All rights reserved.

This e-mail message is for the sole use of the intended recipient(s) and may contain certain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by e-mail and destroy all copies of the original message.

 

 

This email was correctly identified as SPAM and asks you to click a link "Click here" which goes to a non-Amherst website of http://www.freekvandelen.nl/media/amherst.htm.  With the website address endign in .nl this is a commercial website located in the Netherlands and is not part of Amherst College which ends .edu and then might have directories such as .edu/offices/it, etc. Also it directs to an email address of overstr @scf.edu which is not a school and not associated with Amherst College. Last it is signed not from a person but just a title which we do not do at Amherst.

From: Amherst College [mailto:overstr@scf.edu] 
Sent: Tuesday, March 03, 2015 9:42 AM
Subject: {SPAM?} {SPAM?}{phish-03} Amherst College Email Server Update!!!

Dear User,

We are currently updating our email server database. We advice you to Click hereto update your email account to avoid your account being blocked or loss of data.

Thanks,

Mail System Administrator

2015 Amherst College

 

This email asks you to click a link which goes to a non-Amherst website of amherst-edu.webflow.com. With the website address endign in .com this is a commercial website, not part of Amherst which ends .edu and then might have directories such as .edu/offices/it, etc. Also it directs to an email address of admin@amherst.edu which is fake, there is no such legitimate Amherst email address.

This is an automated message is from Amherst College notify you that our
> technical admin team has detected an attempt to access your e-mail account
> from an unrecognized device that damage your e-mail , Febraury 08, 2015
>
> Unrecognized Location : London , United Kingdom
> IP Address : 66.23.232.50
> Host Name: Cable Net
> ISP: Interserver Inc
>
> Was this you ? If so kindly ignore this message .
> If you did not, we encourage you to click the
> http://amherst-edu.webflow.com/
> to fill the data correctly to save your current IP address in our database,
> as this will improve increase security in your e-mail account and against
> any virus or spam content by e- mail sent to you.
>
> admin@amherst.edu
> Amherst College
> Amherst MA 01002-5000
> (413) 524-2000


 

This email asks you to click a link which goes to an attack website. We blocked access to that website when someone forwarded us this email.

From: Anderson, Winston A [wanderson @ Howard.edu]
Sent: Tuesday, May 13, 2014 11:04 AM
To: Anderson, Winston A
Subject: RE: Staff and Faculty Members only ( Admin Notice )

(IMAP) Server - requires Increase, Mailbox has exceeded its storage limit.

Click on Faculty and Staff Portal to increase

Mailbox SEND/RECEIVE Functions will be disabled if account increase is not completed.

Copyright © 2014 Staff and Faculty Mailbox Portal.


 

This type of fraud email wants you to confirm your email address is real, so it can then send you a large volume of spam. Do not reply to or click any images or links in these type of messages as you could install malware/viruses onto your computer. Delete this type of message and empty the deleted items folder to make sure it doesn't stay around. 

From: "xxxxxx,xxxxx S.B.M." <x.xxxxxx@xxxxxxx.nl<mailto:x.xxxxxxxx@xxxxx.nl>>
Date: March 16, 2014 at 8:04:34 EDT
To: Undisclosed recipients:;
Subject: Re;

I have an Inheritance for you email me now: xxxxxx@outlook.com<mailto:xxxxxx@outlook.com>

Hide quoted text
________________________________
Op deze e-mail zijn de volgende voorwaarden van toepassing:
http://www.xxxxx.nl/disclaimer
The above disclaimer applies to this e-mail message.


 

This phishing email provides a link "Click here to start" that goes to a business website called "Gerrards Crosspond" and is located in the UK. The From: address of techsupport@amherst.edu is not real, there is no such email address in use at Amherst. Also it uses the terminology "tech support" where we typically use "IT" or Information Technology.  This email is signed with the vague "Technical Department" rather than a person's name as real email from Amherst Information Technology would be. Last there is no such thing as compulsory account updates for the institution database. Amherst IT will never ask for your password and you should not share it with anyone. 

---------- Forwarded message ----------
From: Support <techsupport@amherst.edu>
Date: Wed, Mar 27, 2013 at 10:18 AM
Subject: Important update

**

Dear user,

The institution database is being upgraded, and your account
has been subjected to a compulsory update.

*Click here to start <gerrardscrosspond.co.uk>*

*Important Notice* - Update is mandatory

Technical Department

Phishing Alert: Announcement

This one is very tricky with the return address showing as an amherst.edu account and the web address disguising the fact that it points to a non Amherst Web site.

From: Amherst [mailto:webmasterr@amherst.edu]
Sent: Friday, July 08, 2011 10:59 AM
To: undisclosed-recipients
Subject: Announcement

 

Dear web mail Owner,
We are contacting you to inform you that our Account Review Team
identified some unusual errors in your account profile.This may be due to the following

 

* Using a shared computer to access your online webmail.
* Not logging off after webmail usage.

Due to this an account update has been issued to rectify.Follow the Link Below providing the required security information correctly to re-gain access or we will  locked your account permanently


click here:amherst.edu/securityupdate


**Thanks *

Copyright © 2011 Amherst College

Phishing Attack Alert: "Dear amh.amherst.edu Email Account Owner"

A phishing message with the above subject was reported by various users today. As always, Amherst IT will never ask for your username and password. If you see this message, or something similar, do not reply to it for any reason. We recommend deleting it immediately.

The body of the message is as follows:

Dear amh.amherst.edu Email Account Owner,

 This message is from amh.amherst.edu messaging center. We are  currently upgrading our database and e-mail account center.

 We are canceling all email accounts that have not been Upgraded to create  more spaces for new accounts.

 To prevent your account from closing you will have to update it  below so that we will know it's status as a currently used our Email  account Services.

 CONFIRM YOUR EMAIL IDENTITY BELOW

 EMAIL USERNAME :

 EMAIL PASSWORD :

 DATE OF BIRTH :

 CITY/ZIPCODE :

 Warning!!! Any account owner that refuses to update his or her  account within three days of this update notification will loose his  or her account permanently.

 Thank you for using amh.amherst.edu Services!

 Warning Code

 Account Manager

 Julia Ernesto

 

If you think you may have replied to this e-mail with your Amherst user information call the Faculty/Staff  IT Help Desk immediately at (413) 542 - 2526.

You can stay up to date with known phishing attacks on campus at this IT web page. If you'd like to report another phishing message, fill out the Help Request Form.

 

Phishing Attack Alert: "Mailbox is over its size limit"

A phishing message with the above subject was reported by various users today. As always, Amherst IT will never ask for your username and password. If you see this message, or something similar, do not reply to it for any reason. We recommend deleting it immediately.

The body of the message is as follows:

Your mailbox has exceeded the storage limit set by your administrator. You may not be able to send or receive new mail until your mailbox size is increased by your system administrator. You are required to contact your system administrator through e-mail with your Username:{ } and Password:{ } to increase your storage limit.

System Administrator
E-mail: systemhelpteam2009@live.com

You will continue to receive this warning message periodically if your inbox size continues to exceed its size limit.
This email is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential.

If you think you may have replied to this e-mail with your Amherst user information call the Faculty/Staff  IT Help Desk immediately at (413) 542 - 2526.

You can stay up to date with known phishing attacks on campus at this IT web page. If you'd like to report another phishing message, fill out the Help Request Form.

Phishing Attack Alert: "Webmail Help Desk - Dear Webmail User"

Submitted on Wednesday, 3/12/2014, at 11:16 AM

A phishing message with the above subject was reported by various users today. As always, Amherst IT will never ask for your username and password. If you see this message, or something similar, do not reply to it for any reason. We recommend deleting it immediately.

The body of the message is as follows:

Dear Webmail User,

This message was sent automatically by a program on Webmail which periodically checks the size of inboxes, where new messages are received. The program is run weekly to ensure no one's inbox grows too large. If your inbox becomes too large, you will be unable to receive new email. Just before this message was sent, you had 18 Megabytes (MB) or more of messages stored in your inbox on your Webmail. To help us re-set your SPACE on our database prior to maintain your INBOX, you must reply to this e-mail and enter your:

Current User name: { }

and Password: { }

You will continue to receive this warning message periodically if your inbox size continues to be between 18 and 20 MB. If your inbox size grows to 20 MB, then a program on Bates Webmail will move your oldest email to a folder in your home directory to ensure that you will continue to be able to receive incoming email. You will be notified by email that this has taken place. If your inbox grows to 25 MB, you will be unable to receive new email as it will be returned to the sender.

After you read a message, it is best to REPLY and SAVE a copy.

Thank you for your cooperation.

Webmail Help Desk.

If you think you may have replied to this e-mail with your Amherst user information call the Faculty/Staff  IT Help Desk immediately at (413) 542 - 2526.

You can stay up to date with known phishing attacks on campus at this IT web page. If you'd like to report another phishing message, fill out the Help Request Form.

 

 

Phishing Attack Alert: Amherst College Account Subscriber

These people can't get their threats straight: first it's 48 hours before your account is suspended, then it's 24 hours before you lose it permanently.

From: Technical Support Team [mailto:office@amherst.edu]
Sent: Wed 1/27/2010 7:00 AM
To: undisclosed-recipients
Subject: Amherst College Account Subscriber

Attn: Amherst College Account Owner,

This Email is from Customer Care and we are sending it to every Email User
Accounts Owner for safety. We are having congestions due to the anonymous
registration of Accounts. So we are shutting and your Account was among
those to be deleted. We are sending this e-mail to you so that you can
verify and let us know if you still want to use this account.

If you are still interested please confirm your account by filling the
space below. Your User name, password, date of birth and your country
information would be needed to verify your Account.

Due to the congestion in all users and removal of all unused Accounts,
would be shutting down all unused Accounts, You will have to confirm your
E-mail by filling out your Login Information below after clicking the
reply button, or your account will be suspended within 48HRS hours for
security reasons.

* Username: .....................
* Password: .....................
* Date of Birth: ................
* Country Or Territory: .........

After following the instructions in the sheet, your account will not be
interrupted and will continue as normal.Thanks for your attention to this
request.

We apologize for any inconveniences.

Warning!!! Account owner that refuses to update his/her account after
24HRS of receiving this warning will lose his or her account permanently.

Sincerely,

Mr. Joseph Wilson
Customer Care Unit,
Webmaster Team.

--
This message has been scanned for viruses and
dangerous content by PHQ MailScanner, and is
believed to be clean.

Phishing Attack Alert: ATTENTION

Check out the sign-off on this one: "Thanks for understanding our plight."  Poor identity thieves; it must be getting harder to steal logon credentials these days.

From: upgrading [mailto:service@edu.com]
Sent: Friday, September 18, 2009 5:54 AM

Subject:
ATTENTION ,

 We wish to inform you that we are currently undergoing slight maintenance and upgrading of our site. And we are also using this medium to delete the inactive email id users,You are therefore required to send your account details for proper verification immediately:

User name: (*********)
Password: *********)
Date Of Birth(DOB)*********)
Country*********)

CAUTION:

   Failure to complete the above process within the shortest possible time will result in both inbound and outbound failures on your email.This will prevent you from sending or receiving email messages.

 We are sorry for any inconvinence we might have cause you, Expect our new mail features.

Please do help spread this important information by forwarding it to other users.

  You will be sent a confirmation letter from our customer service after our upgrading.

 Thanks for understanding our plight.

Phishing Attack Alert: CONFIRM YOUR Amherst College EMAIL ACCOUNT TO AVIOD CLOSURE

This one caught a number of people on campus, even though the return address is plainly to a gmail account!

Please Submit Your e-mail account information to this

E-mail: (universitywebmailaccess@gmail.com)

 DEAR Amherst College webmail holders

This is a message from the Amherst College
WEBMAIL ACCOUNT Message Center for Communication to
all of our Amherst College Webmail owners.

We are currently working on our database e-mail
In users.We are delecting all old unused
Amherst College Webmail Account, for  more space
for new users.

To prevent your account not be delected from
our database you are advised to confirm your
Amherst College webmail account immediately.

 Submit your account information below

Login Website ....................
Username :...........................
Password ............................
Date of Birth: ......................
Country or territory: ...............

Warning! E-mail  owners who refuse to submit

E-mail account details, within seven days from
this date of receipt will loses his/her Webmail
account permanetly.

 Thank you,

 Amherst College Webmail Team

 Please Submit Your e-mail account information to this

E-mail: (universitywebmailaccess@gmail.com)

Phishing Attack Alert: Dear 'amherst.edu' E-mail User

This one is pretty transparent. Whoever n.aragao@transultransporte.com.br is, s/he doesn't work for Amherst IT

From: "info@amherst.edu" <n.aragao@transultransporte.com.br>
Reply-To: "helpdesk@amherst.edu" <ITdesk@email.com>
Date: Thu, 12 Apr 2012 17:48:10 -0300
To: <undisclosed-recipients:;>
Subject: "amherst.edu"IT HELP DESK

Dear 'amherst.edu' E-mail User,

We are currrently upgrading our database and all account need to be verified.To complete your account activation with us, you are required to reply to this message and enter your password in the space provided (*******) you are required to do this before the next 48 hours of the receipt of this email or your database will be de-activated from our database.

Full Name:

username:

Password:

Thank you for using amherst.edu

Copyright 2012 © amherst.edu web Team.