The Information Security and Public Safety teams ask you to please watch out for email phishing scams asking you for a favor or for your cell phone number. Generally, these messages come from Gmail or other external addresses created in the name of someone at IC that you know. They’ll start by asking you for a quick favor or for your cell number, and after a couple email or text messages back and forth they’ll ask you to purchase gift cards and send them the codes on the back.
The messages have subjects along the lines of “urgent request,” “Hi <recipient-name>,” or “quick favor,” with an initial message something like “Are you available?” or “I’m planning to surprise some staff with gifts.” The initial message is often vague, in an attempt to start a dialog to get your guard down before specifying the nature of the request.
What you can do:
1. Check the sender’s email address. Be suspicious of any messages appearing to be from an employee’s personal email account. It will help us all recognize phishing scams if all IC faculty, staff, and students use only their IC email accounts, and not external personal accounts, for IC-related communication.
2. Be suspicious of any message that asks you to do something unusual, especially if it involves a financial transaction, a bank account or credit card number, wiring funds, gift cards, etc. There is an industry of phishing professionals working to extract money and cash equivalents from victims who are trying to be helpful.
3. Call the sender on the phone to verify it’s them. Con artists want you to act before you have time to think, and they take advantage of your helpfulness. They create a sense of urgency, and explain why they’re unavailable to take care of this themselves. If it needs to be done now, it’s worth a phone call to verify they are who they say they are (even if they say they’re in a meeting). Any legitimate requester should be understanding of your cautiousness.
If you have received a message like this, use the “Report Message” feature in Outlook (in the toolbar on Windows and macOS and via the “…” menu on mobile devices) or the “Junk” button in Outlook on the Web and select “Phishing” to send a copy to the Information Security team. If you believe you’ve been tricked by one of these scams, please contact the IT Service Desk immediately.
Information Technology Service Desk
104 Job Hall
servicedesk@ithaca.edu
607-274-1000
https://www.ithaca.edu/intercom/article.php/20200304095028885