From: Information Technology

Have you seen an increase in phishing and scam emails attempting to steal your passwords, sensitive information, or money? Hackers and scammers use social engineering techniques and tidbits of data about you in an effort to trick you into giving away information that you normally would not share. This practice is known as spear phishing. This semester, Virginia Tech’s IT Security Office has received increased reports of two types of spear phishing scams in particular - sextortion and impostor scams.

In a sextortion scam, the sender attempts to convince you that your system has been hacked, that files have been stolen, browsing habits tracked, and salacious details about you have been recorded using your webcam. Sometimes a legitimate, but older, password is used to try to prove that the scammer really does have the data in question. The email ends with a threat of exposure unless money, often bitcoin, is sent to the scammer.

Impostor scams may come in the form of phone calls, emails, or online contacts. The sender or caller may claim to be a government official, or a relative or close friend. They may also seem to come from someone you are dating online. Whatever the story, the request is ultimately the same: they need you to wire money to pay taxes, fees, airline tickets, or to help someone in a crisis. The scammer often uses information gleaned from social media or other online sources to seem legitimate and usually the scammer’s request comes with a sense of urgency.

Here are some cyber security tips you can follow to protect yourself online:

  • Don’t send bitcoin to anyone
  • Refuse to send money via wire transfer. Call the person or the government agency using their known telephone number to get the real story and decide what to do. No government agency will ever ask you to wire money
  • Use privacy settings to restrict who can see and post on your social media profiles. Limit your online friends to people you actually know
  • Do not open attachments from senders that you do not recognize or you are not expecting to receive
  • Don’t reply to text, email, or pop-up messages asking you to reply with personal information
  • Watch for emails where the sender does not match the source of the email (e.g., email claiming to be from Virginia Tech, but which does not come from vt.edu)
  • Mouse over links in emails to see their true destination
  •  

You can also be a security hero by forwarding suspicious emails to abuse@vt.edu and itso@vt.edu. When doing this, always be sure to include the email header! By doing so, you enable us to block new malicious senders and malicious links, keeping others safe as well.

Virginia Tech departments can learn more about how to detect phishing scams by requesting departmental security awareness training via the 4Help service catalog.

Additional Resources:

From the Federal Trade Commission (FTC) -https://www.consumer.ftc.gov/features/scam-alerts

From the Consumer Federation - https://consumerfed.org/in_the_media/fraud-videos-and-audio/