Email Phishing Alert - iTunes Gift Card Scam

10/24/18

Contributed by Karen Compton

The IT Information Security team has received several reports of an email phishing scheme related to iTunes gift cards.

The messages we’ve seen have come from external email accounts at Gmail, Yahoo, or other services, but show the sender as the name of an IC employee, generally a manager. They have subjects along the lines of “urgent request,” “Hi <recipient-name>,” or “quick favor,” with an initial message something like “Are you available? I need you to do something for me urgently. I’m in a meeting and won’t be able to talk on the phone.” The initial message is vague, in an attempt to start a dialog to get the victim’s guard down before specifying the nature of their request. 

If they get a response, the attackers then ask the victim to buy a few hundred dollars worth of iTunes gift cards (purportedly for some promotion or to give to someone). Either in the same email or in a follow-up message they ask the victim to scratch the cards to reveal the redemption code and then send them pictures of the cards showing the code. This is more elaborate than most phishing attacks, which makes it easier to be tricked. 

What you can do: 

1. Be suspicious of any message that asks you to do something unusual, especially if it involves a financial transaction, a bank account or credit card number, wiring funds, gift cards, etc. There is an industry of phishing professionals working to extract money and cash equivalents from victims who are trying to be helpful. 

2. Check the sender’s email address. Be extra suspicious of any messages purporting to come from an employee’s personal email account, and always use your IC email account, and not a personal account, for IC business. Now that all IC faculty and staff are using Duo for access to Office 365, our email accounts are more secure so criminals are resorting to attacking us from external accounts.

3. Call the sender on the phone. Con artists want you to act before you have time to think. They create a sense of urgency, and now that we’ve been advising people to call to verify unusual requests, they’ve started pre-empting that by telling you in the email that you shouldn’t call them because they’re in a meeting. If it needs to be done now, it’s worth a phone call to verify, and your supervisor should be understanding of your cautiousness. 

If you have received a message like this, use the “Report as Phishing” button in Outlook or Outlook on the Web to send a copy to the Information Security Team. If you believe you’ve been tricked by one of these scams, please contact the IT Service Desk immediately (servicedesk@ithaca.edu or 607-274-1000).

0 Comments



https://www.ithaca.edu/intercom/article.php/2018102410134784