Computing & Information Services

Computing Threats

Don't take the bait! This page shows example computing threats, such as phishing scams, that you should avoid. Phishers are fishing for your personal information, such as passwords and credit card numbers. Never provide this information by replying or following links in the email. Under no circumstances will CUS or other members of the CIS department ask for your password. If in doubt about the legitimacy of an email, contact CUS. To learn how to keep yourself protected, visit our phishing page.

To report a phishing scam you receive, email it (with full headers) to cus@reed.edu.

Printer toner phone scam - Posted

A printer toner phone scam is popping up on campus once again, just in time for summer.

Your phone rings, and the voice on the other end says, "Oh hi! I've got your HP toner order all ready to ship out to you – sorry for the delay. I'll just need to get payment info, and it will be out the door today." Wording and details may, of course, be different. They might say Xerox toner, or Canon, or Brother... they will be quite insistent that you've ordered the toner.

You respond, "Sorry, our vendor provides toner to us as part of our contract. Could you please tell me your name and telephone number? I'd like to direct you to our IT department." At this point, the scammer either hangs up, or provides a bogus name and telephone number.

Be vigilant! Be firm! And definitely don't give payment information to someone you don't know who's just called you!

The phone scammer calling around today provided a bogus phone number, and identified himself as "Chris Griffin". We have to imagine he looks a lot like this Chris Griffin:

chris.jpg

"New schedule message" - Posted

A spear phishing message is targeting the Reed community. It mentions a "new payroll schedule" and links to a page that looks like Reed's weblogin page. The email itself isn't very convincing and fortunately Gmail identifies it as a scam. Don't be fooled into entering your Reed username and password on the fake login site.
spearphish20170510.png

Someone has shared a document on Google Docs with you - Posted

But have they really?

You may receive an email that appears to be From: a colleague, indicating that they have shared a Google Doc with you... when you unwittingly click the link included in the email (egads, don't do that!), you'll be prompted to "Allow" access to your Reed account.

If you receive such an email, don't click the link to open the Doc!  Your colleague's account may have been compromised (by a similar phishing message from someone they know), and been used to mass email the nasty phishing message to everyone in their contact list.  If you click on the link (or any link in an unsolicited email), your account could be compromised next!

If you've clicked a link such as the one above, please get in touch with Computer User Services.  We can help resecure your account, and make sure you haven't granted permissions to any bad people out on the internet.

shared-doc-threat.png

"Important Notice" phish - Posted

A phishing message sent to a mailing list directs users to update their “employment data” and contains a link to the “staff enrollment portal” where they ask for personal information such as social security number, driver’s license, salary info, etc. Do not fill out the form!

phish_2017-04-25.png

phish_form.png

"Apple Support" Telephone Scam - Posted

A new angle on an old scam has bubbled up in recent days.
http://fortune.com/2017/02/27/apple-icloud-scam/

A Reed community member reports that they've received persistent robo-call message from "Apple iCloud Premium Support", where the robo-caller indicates there is a "problem with your account" and provides a telephone number to call for additional instructions. If an unsuspecting person dials that number, they are directed to a website where the baddies attempt to convince them to give control of their computer.

Don't take the bait! Apple (or Microsoft, or any other legitimate vendor with which you don't have a pre-existing relationship) is not going to call you and ask to take control of your computer. It could be a robo-call, or a potentially convincing live person on the other end of the phone, and they could claim to be from a variety of sources (Apple, Microsoft, Reed IT, the IRS, the FBI...).

So what should you do? Hang up! If you're a bit concerned that you may have hung up on someone who is NOT a scammer... contact CUS (cus@reed.edu, 503-777-7525), and we'll help determine what happened, and whether or you need to apologize for rudely hanging up. Better safe than sorry!

 View Threat History

How to maintain this page ( CIS only )