Wednesday, Jan. 23, 2019
Hello,
Before the 2018 winter break, the Information Security Office warned the campus of
the following email scam:
Faculty and staff around the campus have been receiving emails where the message body
of the email reads “Are you available???” or similar opening query. These messages
are a scam. Do not respond to them. These messages will appear to come from your supervisor
or a colleague. The perpetrators of this scam are “spoofing” the Sent From name in
the email message. For example, the Sent From name might read Jane Doe, but the email
address will read <doe.jane@gmail.com> instead of the standard CSUSM email address of <jdoe@csusm.edu>. If you respond to these messages, they will most often ask you to purchase some
form of transferrable currency, usually a gift card, in an attempt to scam you out
of your money.
You can tell that these are a scam message because they come from non-campus or private
email addresses like @gmail.com, @hotmail.com, @outlook.com, @yahoo.com, etc., but
the Sent From name will be someone that you know who works on our campus. The messages
that we have confirmed as scams have appeared to have come from individuals ranging
from department chairs to campus administration.
We want you to be aware that these messages are still circulating throughout the
campus community. This appears to be a common scam afflicting many campuses. At present,
there is no good technology solution to filter out these simple messages, therefore
we must rely on you to prevent these from being successful.
Please do not respond to these messages. If you receive one, please send an email
to abuse@csusm.edu and attach a copy of the malicious email. If you receive one of these messages and
are unsure if it's malicious, please contact the sender in a separate email thread
using their official @csusm.edu email address to either confirm or deny that they
sent the message. When we are notified, we block that sender from being able to receive
messages from @csusm.edu email addresses, and we prohibit any of our email addresses
from sending to this address.
Unfortunately, this often means that the next day they try the same scam with a different
address.
If you want to test your ability to spot phishing messages, Google recently published
this (rather difficult) phishing quiz - https://phishingquiz.withgoogle.com/. More information on confirmed phishing and email scams can be found at https://www.csusm.edu/security/scams/index.html.
Thank you,
CSUSM Information Security Office
csusm.edu/security