Don't take the bait! This page shows example computing threats, such as phishing scams, that you should avoid. Phishers are fishing for your personal information, such as passwords and credit card numbers. Never provide this information by replying or following links in the email. Under no circumstances will CUS or other members of the CIS department ask for your password. If in doubt about the legitimacy of an email, contact CUS. To learn how to keep yourself protected, visit our phishing page.
To report a phishing scam you receive, email it (with full headers) to email@example.com.
School billing statement malware - Posted
School is starting, and scammers are running wild, attempting to prey on the unsuspecting! If you receive an unsolicited email requesting that you click a link or download an attached "school statement" to make a payment... be skeptical! Contact Reed's Business Office (503-777-7505) to confirm that the message is legitimate.
Below is an example of an infected attachment in an email going around. Gmail caught this one, but don't rely on Google to warn you of suspicious attachments.
Amazon phish targeting mailing lists - PostedAn phishing message purportedly from Amazon is targeting Reed's mailing lists. Don't follow the link in the email.
Printer toner phone scam - Posted
A printer toner phone scam is popping up on campus once again, just in time for summer.
Your phone rings, and the voice on the other end says, "Oh hi! I've got your HP toner order all ready to ship out to you – sorry for the delay. I'll just need to get payment info, and it will be out the door today." Wording and details may, of course, be different. They might say Xerox toner, or Canon, or Brother... they will be quite insistent that you've ordered the toner.
You respond, "Sorry, our vendor provides toner to us as part of our contract. Could you please tell me your name and telephone number? I'd like to direct you to our IT department." At this point, the scammer either hangs up, or provides a bogus name and telephone number.
Be vigilant! Be firm! And definitely don't give payment information to someone you don't know who's just called you!
The phone scammer calling around today provided a bogus phone number, and identified himself as "Chris Griffin". We have to imagine he looks a lot like this Chris Griffin:
"New schedule message" - PostedA spear phishing message is targeting the Reed community. It mentions a "new payroll schedule" and links to a page that looks like Reed's weblogin page. The email itself isn't very convincing and fortunately Gmail identifies it as a scam. Don't be fooled into entering your Reed username and password on the fake login site.
Someone has shared a document on Google Docs with you - Posted
But have they really?
You may receive an email that appears to be From: a colleague, indicating that they have shared a Google Doc with you... when you unwittingly click the link included in the email (egads, don't do that!), you'll be prompted to "Allow" access to your Reed account.
If you receive such an email, don't click the link to open the Doc! Your colleague's account may have been compromised (by a similar phishing message from someone they know), and been used to mass email the nasty phishing message to everyone in their contact list. If you click on the link (or any link in an unsolicited email), your account could be compromised next!
If you've clicked a link such as the one above, please get in touch with Computer User Services. We can help resecure your account, and make sure you haven't granted permissions to any bad people out on the internet.