Scam Targeting DSS Students as Extra Help
This scam appeared to utilize some sort of AI language model to produce a convincing
document that was sent out to DSS students. (See ticket for document) The way it was
reported was first by a student to the DSS Director, Allison Robinson, who then forwarded
it to the Help Desk.
Scammers Pretending to be Rosemary Costigan
This scam was someone posing as Rosemary. They did this by creating a gmail account
using Rosemary’s name while also creating an email handle that sounds official such
as executivem65@gmail.com. Reported to the Help Desk by another staff member at the
college.
Scammers Pretending to be a System/HD Notification
This scam was someone pretending to be a system attempting to notify a user. The email
handle is typically a long or complicated string of text that might trick a user into
thinking its an automated response. For exmaple, this tickets email was from
“New verification - Help Desk Console - Accounts <info=Exchange=Account-806533 =new=notice=96215
=unknow> <terry@integrityconstructiongroup.net>”
This could lead the victim to believe it’s a legit email/system so they can click
links, provide info, etc.
Scammers Pretending to be Meghan Hughes
In this scam they use an email named after Meghan Hughes, as well as an email handle
of “presidentgm8@gmail.com” to try and trick a staff member.
Scammers Using Compromised CCRI Accounts
Sometimes scammers get access to CCRI accounts, both student and faculty/staff. From
there, the scammers will likely send out spam emails internally to avoid the [External]
tag.
These can include job offers, tutoring help, etc. Realistically, any scenario the
scammers could potentially obtain sensitive information, bank information, or even
direct cash they will attempt to use.
Scammers Pretending to Sell Something
It is very often that we receive spam reports for emails attempting to sell items
or services. In this example, someone was posing as a Staff member of the college,
emailing users to try selling a piano.
This is a tactic often used to obtain personal contact information and, depending
on how far the scam gets, your financial information.
Keep an Eye Out for [External] Tags
Any incoming emails originating outside of CCRI will be marked with an [External]
tag at the start of the subject line.
Keep an Eye Out for Quarantined Emails
Microsoft's Quarantined Emails feature automatically isolates potentially harmful
or suspicious emails, preventing them from reaching the user's inbox. Users can review
and release legitimate emails from the quarantine if needed. However, most of the
emails that end up in quarantine are actually spam and can be manually deleted or
will be automatically deleted after 30 days.
Week 1: Security Culture
Tip - Report any suspicious activity promptly. If you see something unusual, don't hesitate
to inform the Help Desk or supervisor.
Tip - Always lock your computer when you step away, even if it's just for a few minutes.
Locking your computer helps protect your data and prevents unauthorized access.
Tip - Two-Factor Authentication (2FA) is your friend. This adds an extra layer of security
and is a strong deterrent against unauthorized access.
Tip - Use Strong and Unique Passwords, avoid using easily guessable passwords or using
the same password for multiple accounts.
Tip – Don’t be the Weakest Link, Security is only as strong as the weakest link in the
chain.
Week 2: Ransomware
Tip - Regularly backup important data to a secondary storage location to prevent data
loss in case of a ransomware attack.
Tip - Use a reputable antivirus software to add an extra layer of protection to your
devices.
Week 3: Social Media and AI
Tip - Share Information, but Wisely.
Tip - Consider your digital footprint carefully. Anything you post online, even seemingly
harmless information, can be used to gather details about you. Be mindful of what
you share to protect your privacy.
Tip - Be cautious when accepting friend requests on social media, verify profiles to
avoid imposters. Scammers may pose as people close to you to lower your guard.
Week 4: You Can Make a Difference
Tip - Participate in Security Training.
Tip - Regularly Update Your Software.
Tip - Practice good cyber hygiene by keeping your devices and software up to date with
the latest security patches.