document iconmyCSUSM
cougar courses logoCOUGAR COURSES
email iconEMAIL
email iconMS OFFICE APPS
password iconPASSWORD
MANAGEMENT
Your  Account:
document iconmyCSUSM
cougar courses logoCOUGAR COURSES
email iconEMAIL
office iconMS OFFICE APPS
password iconPASSWORD
MANAGEMENT
Cybersecurity Education Hub

'Idcard' or 'Are You Available' Scam

Wednesday, Jan. 23, 2019

Hello, 

Before the 2018 winter break, the Information Security Office warned the campus of the following email scam:

Faculty and staff around the campus have been receiving emails where the message body of the email reads “Are you available???” or similar opening query. These messages are a scam. Do not respond to them. These messages will appear to come from your supervisor or a colleague.  The perpetrators of this scam are “spoofing” the Sent From name in the email message. For example, the Sent From name might read Jane Doe, but the email address will read <doe.jane@gmail.com> instead of the standard CSUSM email address of <jdoe@csusm.edu>.  If you respond to these messages, they will most often ask you to purchase some form of transferrable currency, usually a gift card, in an attempt to scam you out of your money.

You can tell that these are a scam message because they come from non-campus or private email addresses like @gmail.com, @hotmail.com, @outlook.com, @yahoo.com, etc., but the Sent From name will be someone that you know who works on our campus. The messages that we have confirmed as scams have appeared to have come from individuals ranging from department chairs to campus administration.

We want you to be aware that these messages are still circulating throughout the campus community. This appears to be a common scam afflicting many campuses.  At present, there is no good technology solution to filter out these simple messages, therefore we must rely on you to prevent these from being successful. 

Please do not respond to these messages. If you receive one, please send an email to abuse@csusm.edu and attach a copy of the malicious email. If you receive one of these messages and are unsure if it's malicious, please contact the sender in a separate email thread using their official @csusm.edu email address to either confirm or deny that they sent the message. When we are notified, we block that sender from being able to receive messages from @csusm.edu email addresses, and we prohibit any of our email addresses from sending to this address.  

Unfortunately, this often means that the next day they try the same scam with a different address.

If you want to test your ability to spot phishing messages, Google recently published this (rather difficult) phishing quiz - https://phishingquiz.withgoogle.com/. More information on confirmed phishing and email scams can be found at https://www.csusm.edu/security/scams/index.html.

Thank you,

CSUSM Information Security Office

infosec@csusm.edu

csusm.edu/security