Job Scams and Phishing Schemes

Several Campus Departments are receiving reports of email phishing attempts and job scams targeting the IWU community.  This presents a great opportunity to share information about phishing, online scams, how to avoid being a victim, and what we can do to reduce or stop phishing scams.

Job Scams:
The job scams have an attacker posing as an IWU alumni or Professor seeking to employ an IWU student via email.  While seeming legitimate at first, this person is actually trying to obtain your personal information and seek financial gain and is not associated with the University in any way..

Some job scams are easy to spot while others appear legitimate. So how do you know who to trust?  You can start with these basic guidelines to avoid a potential scam.

Never:

  • Never give out personal information like your social security or bank account number over email or phone.
  • Never take cashier’s checks or money orders as a form of payment. Fake checks are common and the bank where you cash it will hold you accountable.
  • Never cash a check that comes with “extra” money. Scammers send checks that require you to deposit a check at your bank, withdraw the “extra” money as cash, and then deposit that cash elsewhere. The check will bounce and you will be held accountable.
  • Never wire funds via Western Union, MoneyGram or any other service. Anyone who asks you to wire money is a scammer.
  • Never apply for jobs listed by someone far away or in another country.
  • Never agree to a background check unless you have met the employer in person.
  • Never apply for a job that is emailed to you out of the blue.

Always:

  • Be skeptical. If a job is offering a lot of money for very little work, it could be a scammer trying to get personal information from you.
  • Research the employer. Do they have a reputable website or professional references? Is the job listing you want to apply for also on their main career page? Note: work-study jobs may not be advertised on employer websites.
  • Meet face-to-face with a potential employer. An in person interview or informal chat over coffee will help you determine the employer’s intentions.Be sure to choose a public place to meet, tell someone where you are going and bring your cell phone, just in case.
  • Trust your instincts. If a job sounds too good to be true, it is likely a scam.

Please see the following information to learn more or to file a complaint with the FBI and FTC –
Federal Trade Commission – Job Scams
Federal Trade Commission – Scam Alerts
Report Being a Victim to the FBI
File a Complaint with the FTC

Phishing:
Phishing is a form of social engineering. Phishing attacks use email, malicious websites, social network sites, or phone calls, to solicit personal information or money by posing as a trustworthy organization, friend, co-worker, etc.  The latest email phishing attempt on our campus has an attacker posing as an IWU faculty or staff member by using an email address that looks very similar to our @iwu.edu accounts.  The attacker has created @gmail.com accounts that use faculty and staff members names in a format that could easily be mistaken for an actual @iwu.edu account at first glance.  For example – Tommy Titan’s IWU email account is ttitan@iwu.edu.  The fake accounts being used in the phishing scheme look like ttitan.iwu.edu@gmail.com.  (Notice that this is not an @iwu.edu account, but an @gmail.com account).

What to do if you receive one of these or any phishing message –
Report the phishing email –

  1. On a computer, go to Gmail.
  2. Open the message.
  3. Next to Reply Reply, click  Screen Shot 2019-05-09 at 11.34.33 AM.png  More
    Note: If you’re using classic Gmail, click the Down arrow Down Arrow
  4. Click Report phishing.

 

Phishing Schemes – Avoid Becoming a Victim

Phishing Schemes – tips to avoid becoming a victim

Don’t fall for a phishing attack!

Phishing is a form of social engineering. Phishing attacks use email, malicious websites, social network sites, or phone calls, to solicit personal information by posing as a trustworthy organization, friend, co-worker, etc. For example, the latest phishing attempt on our campus has an attacker posing as an IWU alumni that is seeking to employ an IWU student, but this person is actually trying to obtain your personal information.

How do you avoid being a victim?

  • Be suspicious of unsolicited phone calls, visits, or email messages, from individuals asking for personal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company or trusted resources.
  • Look closely at return email addresses and hover over website links to verify who you are actually responding to, or where a website link is actually taking you. Does the senders name match the email address?  If not, be skeptical!
  • Typos and grammatical errors indicate the message may be a phishing attempt.
  • Never give out personal information over the phone if you did not initiate the call.
  • Do not provide personal information or information about yourself or your organization unless you are certain of a person’s authority to have the information.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
  • If you are unsure whether a request for your personal information is legitimate, try to verify it by contacting the company directly or by asking for contact information of the person asking so you can call and verify they are who they say they are.
  • Never provide your email password to anyone!

What do you do if you think you are a victim?

  • Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
  • Report any email messages you feel may be phishing schemes to Information Technology Services.
  • If you believe you might have revealed sensitive information, please contact Information Technology Services or Campus Safety.

Internet Disruption During Planned Upgrades on Thursday 6/7/2018

On Thursday, June 7, at approximately 10:00 a.m., Information Technology Services (ITS) is performing a Wide Area Network upgrade with assistance from CIRBN, Frontier, and Heart Technologies. Internet bandwidth is being doubled and new technology is being introduced for better routing capabilities, redundancy, and control over cloud service support. There will be a disruption of campus Internet service as the move to the new bandwidth circuits is made. Internet access will range from non-existent, to sporadic, to normal access, as the morning/day progresses.

We thank you for your patience as we perform this work in order to deliver a more reliable, more robust, and more manageable Internet connection to the campus community.

HEALTH SERVICES PHISHING EMAIL – DON”T SHARE YOUR USERNAME AND PASSWORD

An email seemingly sent from IWU Health Services is circulating @iwu.edu email accounts.  A member of our campus community had their account compromised and this account was used to send a message that attempts to obtain your IWU account information.

  • Know that the University will never ask you for your user name and password combination!
  • Never share your user name/password credentials with anyone!
  • Understand the importance of using strong and secure passwords not only your IWU account, but for all of you online accounts.
If you responded to the message or provided your login information, please change your password immediately.
Things to notice about this and many phishing scheme messages –
  • Seemingly sent from Health Services, but the from email address is not a Heath Services employee
  • Dear faculties and staffs – strange salutation
  • You have an important Health information – Poorly written
Again – never provide your IWU credentials to anyone in any format!  We will never ask!!!

Phishing Schemes – tips to avoid becoming a victim

Don’t fall for a phishing attack!

Phishing is a form of social engineering. Phishing attacks use email, malicious websites, social network sites, or phone calls, to solicit personal information by posing as a trustworthy organization, friend, co-worker, etc. For example, the latest phishing attempt on our campus has an attacker posing as an IWU alumni that is seeking to employ an IWU student, but this person is actually trying to obtain your personal information.

How do you avoid being a victim?

  • Be suspicious of unsolicited phone calls, visits, or email messages, from individuals asking for personal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company or trusted resources.
  • Look closely at return email addresses and hover over website links to verify who you are actually responding to, or where a website link is actually taking you. Does the senders name match the email address?  If not, be skeptical!
  • Typos and grammatical errors indicate the message may be a phishing attempt.
  • Never give out personal information over the phone if you did not initiate the call.
  • Do not provide personal information or information about yourself or your organization unless you are certain of a person’s authority to have the information.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
  • If you are unsure whether a request for your personal information is legitimate, try to verify it by contacting the company directly or by asking for contact information of the person asking so you can call and verify they are who they say they are.
  • Never provide your email password to anyone!

What do you do if you think you are a victim?

  • Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
  • Report any email messages you feel may be phishing schemes to Information Technology Services.
  • If you believe you might have revealed sensitive information, please contact Information Technology Services or Campus Safety.

Access to Banner Services

Update – ERP Services were restored by 6:00pm on 8/28/17.

Thank you to the ITS Staff work worked to determine and restore services.

ADMINISTRATIVE SYSTEM PROBLEM – 8/28/2017

The server that supports the University’s Administrative System is experiencing unexpected service issues.  The Banner Administrative System supports many service operations across the University.  Applications such as registration (including add/drop) are experiencing service interruptions.

ITS Staff are working with the vendor Ellucian to correct the problem as soon as possible.  We are expecting to have services restored by 6:00pm this evening.

We apologize for the inconvenience this service interruption may cause.

Password Assistance

Your IWU password is an important piece of information that must be managed carefully.  IWU passwords expire every 180 day to help maintain secure systems.  Email messages are sent out to advise that a password is expiring 7 days prior to your password expiration.

You have an opportunity to enter a mobile phone number when you change your password to help with password recovery if you fail to remember your current password or the password expires.  The phone number is only used to send a text message with a password reset code in case you need it.  The phone number must be entered each time you reset your password.

We hope you take advantage of this password reset service that can save you time and frustration when it is time to reset your password.

 

Self-Service Password Reset

ITS has implemented a new self-service feature to the Password Change Tool located at https://passchange.iwu.edu/ If you forget your campus password associated with your NetID, the tool will send you a code via text message that you can use to reset your password. IMPORTANT: you must enter a cell phone number as part of a regular password update prior to using the self-service reset feature. So, every time you update your password, you should enter a cell phone number even if it has not changed. For a walkthrough of how the tool works, check out this video: https://www.youtube.com/watch?v=YymMVZ99YtY