Avoid Common Scams
Avoid common scams
Phishing scams
Phishing scams attempt to trick people into providing passwords or other sensitive information by imitating legitimate websites and legitimate email messages. Phishing attempts have become increasingly prevelant and more targeted. IMSS is implementing new email security measures to counter these attacks. You can help protect yourself and your coworkers by knowing how to recognize a scam.
Imposter/gift card scams
The criminal looks at public information such as directories and org charts to select a faculty or staff member to impersonate. The first contact is often a short message such as "Are you available?". A reply from the victim results in followup messages culminating with the request to buy gift cards.
Sextortion scams
An attacker claims that they have been monitoring the victim's computer activity, including enabling their computer's camera to record them while they were visiting pornographic sites. The scammer then demands a Bitcoin payment in exchange for NOT exposing the victim's computer habits to the world. This is a lie and the attacker does not actually have what they are claiming to have. Sometimes the attacker will include a password that the victim has used at some point in the past which was obtained through an unrelated breach in order to trick the victim into believing the lie about the webcam video.
Examples
Below are several examples of scams you may encounter. Familiarize yourself with some of the tell-tale signs and don't be fooled. If you receive a message that seems suspicious, you are encouraged to contact IMSS for assistance. Forward the suspicious message to security@caltech.edu or contact the Help Desk at x3500.
