Tag Archive: Phishing Scams

Google Docs Massive Phishing Scam

As you may have heard, over a million Google users were hit by a phishing scam on May 3rd. This scam came in the form of an email that looked a lot like a harmless invite from a Google user to join a Google document. Now, if you were suspicious (and I hope you were), you may have noticed that the email was addressed to hhhhhhhhhhhhhhh. When you see something like this or the red warning bar from Gmail (see left), this should be a pretty good indicator that something is amiss.

Just in case you may have accidentally clicked on the blue button invite, which was cleverly disguised to look remarkably like a legitimate Google button, here’s what you can do to protect yourself from further compromise by the spammer.

  1. Reset your password. This is one of the best ways to prevent a hacker from continued access to your account.
  2. Run Google’s Security Checkup to see what programs and add-ons have been granted access to your account. Look for an app called Google Docs, and remove it. It’s not really Google Docs and if you accidentally remove something you need, you can always grant access to it again the next time you attempt to open a legitimate Google Doc.

Once again, don’t open ANYTHING, even an email, from someone you don’t know or recognize and definitely don’t click on any links in emails from people you don’t know or aren’t familiar with why you were sent the message.


Don’t Let Phishing Emails Catch You Off Guard

2015-02-13_1435We’ve all heard the news about the computer hacking incidents at Sony, Anthem, and even the Department of Defense. What you may not know is that hackers often take advantage of the heightened fear over protecting sensitive information that follows these types of incidents by soliciting victims’ passwords and other account info via phising emails.

Many of you have seen these types of emails before. Some are easy to spot, such as those promising millions of dollars from a long-lost relative if you simply supply your bank account information for the wire transfer. (Trust me, if I had a rich relative, I’d know about them already.) Or how about the one requesting that you wire money immediately to help one of your friends who was mugged while traveling abroad? (Were we really that good of friends anyway?)

On the other hand, some of these emails may appear very legitimate. They usually arrive in your inbox with an alarming subject line warning that your password has expired or is not strong enough to protect your account. These emails encourage victims to click on a link to update their password immediately. However, victims who fall prey to this scheme are actually providing hackers access to their login info.

Many victims often remark how convincing the emails were (some emails, like the one above even contain official company branding). Most victims say they merely trying to protect their account and follow instructions. After all isn’t that what us IT guys always say? “Update your passwords often!” However, if you follow the following 2 rules, you should be able to avoid getting hooked in a phishing scam.

1. If in doubt, DELETE it! – If something looks suspicious, just throw it away. It is always best to play it safe and err on the side of caution. If you think it might be real, check the sender’s address. If you don’t recognize the sender, delete the email or contact the sender to verify the validity of their request.

2. Check Before Entering Your Password – Don’t ever enter your password, unless the website has the following:

  • Encryption – the web address must show https or the lock icon
  • Matching Domain – the web address should match the organization

While it is perhaps best to simply never supply sensitive information over email, we are fortunate enough to belong to a small community here at Pepperdine where it is easy to verify if someone legitimately needs your personal info. I personally abide by the old adage “if someone really needs my information, they’ll call (or write) back.” So please help protect yourself and Pepperdine’s network by following the above guidelines to avoid phishing scams.download (9)

If you would like more information on how to recognize and eliminate phising email, please visit Pepperdine Univeristy’s Phishing Information Page, check out the phishing FAQ, or view Examples of Phishing and suspicious emails.

TIP: Remember, you can always view the full address of a hyperlink by simply hovering over the link without clicking on it. If the address isn’t linking to a trusted site, DON’T CLICK!

Protecting Yourself from Cyber Criminials

Dr. Kim Cary, Pepperdine University’s Chief Information Security Officer writes:

sheepCybercriminals are now trying to use your password to change direct deposit information at Universities. If they trick you into giving away your password, in addition to getting your account locked out and receiving tons of non-delivery notices from the spam they sent with your account, you may now find that your WaveNet account has been accessed. This is happening at other Universities, and I’m writing to you to try to prevent it from happening here.

You Hold the Power Against Cyber criminals!

You are your own last line of defense. To protect yourself and the University from these cybercriminals, visit our website and learn to use two simple skills to avoid being inconvenienced or robbed.


How can you avoid being phished?

1. Check Before Acting On Unexpected Email Requests

Whenever you receive an unexpected email request, especially one that is urgent or enticing, use common sense to evaluate the message:

  • If it seems suspicious – just delete it!
  • If it seems likely to be real – contact the sender to confirm it!

Remember: Let your common sense guide you as to whether the message seems suspicious or real when you receive an unexpected email request, then act accordingly.

2. Check Before Entering Your Password

Whenever you need to enter your password, don’t enter your password, unless the website has the following:

  • Encryption – the web address must show https or the lock icon
  • Matching Domain – the web address should match the organization

Remember: Do these two quick checks every time before you enter a password, just like you always quickly check your mirrors before changing lanes on the road.

Pepperdine Spam Filter Effectiveness:

Did you know that just in the past 5 weeks, Pepperdine’s spam filter blocked an average of 1,007,843 spam a week? The daily average per address is 81 spam blocked, deleted or quarantined. However, spam volume has tripled since April 2012 and some of these dangerous scam messages will make it through our highly effective filter.