Email Phishing

Email phishing, a common concern for universities and businesses everywhere, is a form of fraud that attempts to obtain a users' sensitive information such as credit card details, usernames, passwords, and other confidential data. Hackers often disquise emails to look as though they come from a legitimite organization, but include a hyperlink to a fake website, rather than a real one. When innocent users click those links, hackers are then able to intercept their confidential information and use it for financial gains.

The following are samples of phishing emails received by BGSU account holders. These messages have been reviewed by the ITS Security Team and determined to be fraudulent. If you receive a message similar to the ones displayed below, do not respond by providing information, clicking on any provided link or by calling any provided phone number. It is recommended that you delete the message.

11/12/2017

111017a

11/10/2017

111017a

10/22/2017

fraud10202017a

10/4/2017

fraud10042017a 

10/2/2017

Fraud100217

9/29/2017

fraud092917a

9/25/2017

fraud092517b

9/25/2017

fraud092517a

9/22/2017

fraud092217

9/15/2017

Fraud 9 15 2017

 

9/8/2017

Fraud 9 8 17

8/14/2017

Fraud08142017

8/8/2017

Fraud2017220

 

8/2/2017

fraud08022017a

7/20/2017

fraud07202017

7/19/2017

fraud07192017

7/11/2017

fraud07112017

7/4/2017

07042017a

7/3/2017

fraud07032017a

7/2/2017

fraud07022017a

6/8/2017

fraud06082017

5/30/2017

fraud05302017a

5/24/2017

fraud05242017a

5/8/2017

fraud05082017b

5/8/2017

fraud05082017a

5/3/2017

Fraudulent Email Example

4/20/2017

Fraudulent Email Example

4/19/2017

Fraudulent Email Example

4/6/2017

Fraudulent Email Example

Fraudulent Email Example

4/3/2017

Fraudulent Email Example

Archived Fraudulent Emails (Older than the past 6 months)

Have you received an email that you suspect is fraudulent? Follow the steps below to report it to the ITS Security Team!

  1. Do NOT respond or click on any of the links in the message
  2. Forward the message in question to abuse@bgsu.edu
  3. Delete the message from your Inbox

Should the ITS Security Team discover that the email is fraudulent and being sent to a broad base of BGSU account holders and/or known victims, and ITS Fraud Notification message will be sent to campus that will include a warning and more information about the message. Otherwise, the individual reporting the suspicious email may receive a direct message back from an ITS security analyst.

**If you believe you have fallen victim to a phishing email, ITS recommends that you immediately log in to the MyBGSU portal and change your password under the "Help Desk" tab. You may also contact the Technology Support Center and ask to speak with Information Security to discuss how to best respond if any sensitive information may have been exposed.**

Phishing Email Scams

Attackers often send a large number of messages at once.  They may have your email address but often do not have your name.  Be suspicious of any messages you receive with a generic greeting such as “Dear Customer” or “Attention Account Holder”.

Any legitimate organization will proofread emails prior to sending.  Although a professional looking document with no grammar or spelling mistakes may still be a scam, any email from a professional company with multiple grammar and spelling errors is not legitimate.

Example:  An email claiming to be from Capital One bank is a scam if it is full of grammar and spelling mistakes.

Be suspicious of unsolicited email messages from individuals that attempt to create a sense of urgency by claiming things such as “your account will be deactivated” or “your account has been compromised”.  The attacker is attempting to take advantage of your concern and trick you in to providing confidential information.

***BGSU will never send you an email and ask you to validate your account.***

-Does the sender claim to be from BGSU but the email address ends in something other than @bgsu.edu? 

-Does the sender appear to be using a legitimate BGSU account but is not one that you recognize such as “Technology Support Center”.

-Email accounts can be compromised or the sending address can be impersonated even without gaining access to the email account.  Does the message come from someone you do recognize, but the content of the message seems out of character for that person?

 

 

-If you hover, but do not click, the link, does it show a URL with a domain name that ends in bgsu.edu?  (e.g.  https://mail.bgsu.edu/ instead of https://bgsu.edu.weebly.com/)  If you do receive an email with a link similar to this the message can be forwarded to abuse@bgsu.edu to have someone confirm whether or not it was sent by BGSU.

-Attackers will sometimes include authentic links along with fake links, such as a genuine privacy policy link.  This is done to make the message appear more realistic. 

 

 

Work from home scams

  • Unsolicited email offering to pay you a certain amount, such as $300/day, to work from home.
  • You receive a check and the sender asks you to deposit it and forward money in any way.  This is an attempt to steal your money.  Fraudulent employers may ask you to do this as a part of an application process or a test before they will hire you.  Do not send any money no matter what they tell you.  You could be held personally responsible for any forged checks, wire transfers, or illegal money transfers that you handled.
  • You are asked to receive packages then reship elsewhere. The packaged items have probably been obtained illegally, and the scammers are using you to make the shipping address appear local. Participation could be viewed as aiding fraud.
  • You are asked for an up-front payment before you can get the job. Most likely there is no job, the scammers are just attempting just to take your money.
  • You are hired without an interview.  It is not a common practice for any employer to hire someone after a simple email correspondence or exchange of contact information.