Several Campus Departments are receiving reports of email phishing attempts and job scams targeting the IWU community. This presents a great opportunity to share information about phishing, online scams, how to avoid being a victim, and what we can do to reduce or stop phishing scams.
The job scams have an attacker posing as an IWU alumni or Professor seeking to employ an IWU student via email. While seeming legitimate at first, this person is actually trying to obtain your personal information and seek financial gain and is not associated with the University in any way..
Some job scams are easy to spot while others appear legitimate. So how do you know who to trust? You can start with these basic guidelines to avoid a potential scam.
- Never give out personal information like your social security or bank account number over email or phone.
- Never take cashier’s checks or money orders as a form of payment. Fake checks are common and the bank where you cash it will hold you accountable.
- Never cash a check that comes with “extra” money. Scammers send checks that require you to deposit a check at your bank, withdraw the “extra” money as cash, and then deposit that cash elsewhere. The check will bounce and you will be held accountable.
- Never wire funds via Western Union, MoneyGram or any other service. Anyone who asks you to wire money is a scammer.
- Never apply for jobs listed by someone far away or in another country.
- Never agree to a background check unless you have met the employer in person.
- Never apply for a job that is emailed to you out of the blue.
- Be skeptical. If a job is offering a lot of money for very little work, it could be a scammer trying to get personal information from you.
- Research the employer. Do they have a reputable website or professional references? Is the job listing you want to apply for also on their main career page? Note: work-study jobs may not be advertised on employer websites.
- Meet face-to-face with a potential employer. An in person interview or informal chat over coffee will help you determine the employer’s intentions.Be sure to choose a public place to meet, tell someone where you are going and bring your cell phone, just in case.
- Trust your instincts. If a job sounds too good to be true, it is likely a scam.
Please see the following information to learn more or to file a complaint with the FBI and FTC –
Federal Trade Commission – Job Scams
Federal Trade Commission – Scam Alerts
Report Being a Victim to the FBI
File a Complaint with the FTC
Phishing is a form of social engineering. Phishing attacks use email, malicious websites, social network sites, or phone calls, to solicit personal information or money by posing as a trustworthy organization, friend, co-worker, etc. The latest email phishing attempt on our campus has an attacker posing as an IWU faculty or staff member by using an email address that looks very similar to our @iwu.edu accounts. The attacker has created @gmail.com accounts that use faculty and staff members names in a format that could easily be mistaken for an actual @iwu.edu account at first glance. For example – Tommy Titan’s IWU email account is firstname.lastname@example.org. The fake accounts being used in the phishing scheme look like email@example.com. (Notice that this is not an @iwu.edu account, but an @gmail.com account).
What to do if you receive one of these or any phishing message –
Report the phishing email –
On Thursday, June 7, at approximately 10:00 a.m., Information Technology Services (ITS) is performing a Wide Area Network upgrade with assistance from CIRBN, Frontier, and Heart Technologies. Internet bandwidth is being doubled and new technology is being introduced for better routing capabilities, redundancy, and control over cloud service support. There will be a disruption of campus Internet service as the move to the new bandwidth circuits is made. Internet access will range from non-existent, to sporadic, to normal access, as the morning/day progresses.
We thank you for your patience as we perform this work in order to deliver a more reliable, more robust, and more manageable Internet connection to the campus community.
An email seemingly sent from IWU Health Services is circulating @iwu.edu email accounts. A member of our campus community had their account compromised and this account was used to send a message that attempts to obtain your IWU account information.
- Know that the University will never ask you for your user name and password combination!
- Never share your user name/password credentials with anyone!
- Understand the importance of using strong and secure passwords not only your IWU account, but for all of you online accounts.
If you responded to the message or provided your login information, please change your password immediately.
Things to notice about this and many phishing scheme messages –
- Seemingly sent from Health Services, but the from email address is not a Heath Services employee
- Dear faculties and staffs – strange salutation
- You have an important Health information – Poorly written
Again – never provide your IWU credentials to anyone in any format! We will never ask!!!
Don’t fall for a phishing attack!
Phishing is a form of social engineering. Phishing attacks use email, malicious websites, social network sites, or phone calls, to solicit personal information by posing as a trustworthy organization, friend, co-worker, etc. For example, the latest phishing attempt on our campus has an attacker posing as an IWU alumni that is seeking to employ an IWU student, but this person is actually trying to obtain your personal information.
How do you avoid being a victim?
- Be suspicious of unsolicited phone calls, visits, or email messages, from individuals asking for personal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company or trusted resources.
- Look closely at return email addresses and hover over website links to verify who you are actually responding to, or where a website link is actually taking you. Does the senders name match the email address? If not, be skeptical!
- Typos and grammatical errors indicate the message may be a phishing attempt.
- Never give out personal information over the phone if you did not initiate the call.
- Do not provide personal information or information about yourself or your organization unless you are certain of a person’s authority to have the information.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
- If you are unsure whether a request for your personal information is legitimate, try to verify it by contacting the company directly or by asking for contact information of the person asking so you can call and verify they are who they say they are.
- Never provide your email password to anyone!
What do you do if you think you are a victim?
- Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
- Report any email messages you feel may be phishing schemes to Information Technology Services.
- If you believe you might have revealed sensitive information, please contact Information Technology Services or Campus Safety.
Update – ERP Services were restored by 6:00pm on 8/28/17.
Thank you to the ITS Staff work worked to determine and restore services.
ADMINISTRATIVE SYSTEM PROBLEM – 8/28/2017
The server that supports the University’s Administrative System is experiencing unexpected service issues. The Banner Administrative System supports many service operations across the University. Applications such as registration (including add/drop) are experiencing service interruptions.
ITS Staff are working with the vendor Ellucian to correct the problem as soon as possible. We are expecting to have services restored by 6:00pm this evening.
We apologize for the inconvenience this service interruption may cause.
Your IWU password is an important piece of information that must be managed carefully. IWU passwords expire every 180 day to help maintain secure systems. Email messages are sent out to advise that a password is expiring 7 days prior to your password expiration.
You have an opportunity to enter a mobile phone number when you change your password to help with password recovery if you fail to remember your current password or the password expires. The phone number is only used to send a text message with a password reset code in case you need it. The phone number must be entered each time you reset your password.
We hope you take advantage of this password reset service that can save you time and frustration when it is time to reset your password.
There is a Google Apps issue where many are receiving email with the subject:
(name) has shared a document on Google Docs with you
The message is from firstname.lastname@example.org
DO NOT CLICK ON THE OPEN IN DOCS button. Just delete the message
If you do, go to the passchange site and change your password.
Further information will follow as we receive it from Google.