Body
October is Cybersecurity Awareness Month, so I'll be sharing not only our monthly tip - but weekly tips on keeping your digital life safe. These will be tips that can help you against many of the threats to our privacy and security, whether at work, school, or in your personal life. You can find this and our other advisories/tips at: www.newpaltz.edu/securityadvisories
This week, we're covering the most common scams that we see via email, phone, websites, etc., and how you can be prepared for them. You can view many examples of scam emails at our "Phish Bowl" on our support site.
Reset/verify your account scams
These are phishing scams (fraudulent attempts to trick recipients into giving out personal information - typically usernames, passwords, and even MFA codes.
These are when you receive an email purporting to be from a company or organization, asking you to verify your account. They'll usually have you go to a link that brings you to some sort of form site asking for sensitive information such as your passwords.
Some ways to recognize this:
-
False sense of urgency ("Act now!", "Act within 24 hours or else your account will be disabled", or similar phrases)
-
A request to reset your account when you made no such request.
-
An email that mentions that they are trying to fix the fact that you have two different accounts from two different colleges or universities.
-
If you clicked on a link - see what the web address for that link is. If it is anything like a Google Form, a Microsoft Form, or any sort of survey site, it is definitely bogus.
-
Many of these emails (or the destination links) have a ton of misspelled words. This is so they can get around filtering on the free form sites that prevent someone from just asking for "Password" so they may show as "PA$$W0RD" (with $ instead of S, or zeros instead of the letter O).
Impersonation scams
These start with some communication (a message on social media, an email, a text message, etc). There are a few similar versions of these:
-
They may impersonate a family member, friend, or colleague and will claim to need money urgently for a medical or legal emergency.
-
They may impersonate a colleague (especially here at New Paltz where the faculty/staff directory is public).
-
Some will impersonate law enforcement or hospitals, claiming that your friend or relative is in danger and they need money transferred over the phone (for medical bills, bail, etc.).
-
Some will even claim to be a kidnapper asking for ransom (pay us or we'll hurt or kill the person).
Some ways to spot this:
-
If you can contact the person through other means, such as calling their cell, then hang up and do so!
-
The purported family member or friend doesn’t want you contacting them.
-
They ask for money through unconventional methods, such as gift cards, venmo or similar services, or via cryptocurrency.
-
You are asked to follow a link to reach out to them.
-
The text incites a sense of urgency or has a threatening tone.
One thing that is becoming increasingly less reliable with the rise of AI is that you recognize their voice. Scammers have started using publicly available videos to replicate people's voice and make a convincing message that sounds like the person you know. The New Yorker has a great article about this: The Terrifying A.I. Scam That Uses Your Loved One’s Voice
Fake Job postings
These target college and university students, trying to trick them into giving out sensitive information under the guise of it being needed for a job. It may be for 'required training' for a new job, with a promise of reimbursement.
Some of these scammers have very authentic looking websites for their fake companies. Be skeptical about any requirements to pay up-front for training, or if you're asked to pay via Venmo, Zelle, or similar person-to-person payment services.
If you are uncertain about whether a job offer is legitimate, you should reach out to the Career Resource Center (www.newpaltz.edu/careers) for more information.