It’s a new school year, and as usual the scammers are coming out in full force to try to find ways to take advantage of students.
This year we’re seeing a few different types of scams. One of the more successful ones over the past year have been bogus honor societies that have had invitations hitting inboxes at universities nationwide.
A lot of these messages that at first glance may appear very legitimate:
- Offers of $2,500 cash scholarships
- Offers of $100 reward cards for amazon.com, jcpenney.com, Best Buy, WalMart, and other retailers
- Notifications about (non-existent) background checks performed against you
- Provide information about miracle cures, skin treatments, etc.
- Notifications about non-existent overdrafts or overcharges
- Notifications claiming to be from Washburn ITS or other Washburn departments
These have been successful at getting through spam and malicious content filters nationwide. The details of these messages vary: some take you to sites that host malicious software, some present fake login pages to try to get you to enter your username and password for retailer websites, some try to get you to enter credit card information, and some try to get you to provide your e-mail account credentials to them.
Instead of hitting large numbers of inboxes with the same message, the message often varies slightly from person to person and are usually only sent to a small number of people at a time to avoid triggering automatic responses to mass e-mails.
- Be wary of any message that wants you to take urgent action, they often want you to act before you can think about the message
- Check the FROM: e-mail address and any reply e-mail addresses in the message. These will often be different, sometimes subtly, sometimes radically from what the organization it claims to be from uses
- Never respond to an e-mail that instructs you to send your username and password. Washburn ITS and other legitimate websites will never ask you to do so
- Don’t respond to e-mails requesting personal information
- Don’t click the links in e-mails, if one claims to be directing you to Amazon.com or Washburn.edu, enter that website in your web browser yourself. They’ll often make the links look similar to real ones, though close examination may reveal minor variations
- If something is too good to be true, it probably is. Feel free to contact Washburn ITS is you have a question about such a message. You may contact us at 785.670.3000, email@example.com, or by coming by the support window in Bennett 104
More information about identifying and dealing with such messages can be found at the links below:
UPDATE (8/17/2015): A previous version of this blog post made reference to some non-ACHS organizations. These organizations were referenced because they were listed in an alert by the Association of College Honors Societies (“ACHS”), apparently due to the entities not being members of ACHS. Lack of membership in the ACHS does not mean that an entity is not legitimate.