A new round of scam emails have been making their way into Arkansas Tech University email mailboxes, and it is one that users might find very convincing.
The scam messages appear to be from valid Tech email addresses and tell users to click on a link to access their Blackboard Learning notifications. However, the link doesn’t lead to a Tech-affiliated website. Instead, it leads to a site maintained by scammers.
Trying to find out exactly what scammers want came be difficult, Chris Moss, the university’s information security officer, said.
“Once you get an email, let’s say it’s a malicious email, nobody knows for certain other than the person who sent it what the end goal is,” Moss said. “It may be something as simple as trying to get you to give up your credentials so they can log on and see if there’s any information about the university that they themselves can use. It may be that they’re trying to get you to click on a link which takes you to a site that winds up downloading some version of cryptolocker that locks your files.”
Moss said that they do their best to keep spam messages out of university email mailboxes.
“We’re concerned about it, of course, and we do our due diligence and the best that we can to try and keep that stuff from coming into the university. And we’re always looking at new ways and things we can do to stop it.”
The precautions that the Office of Information Services puts in place doesn’t always stop spam messages, which is why users need to be cautious of what emails they are receiving.
“We can do what we can, we can keep an updated spam filter and have all types of spam stuff running like we do, but I mean, you can’t catch all of it,” Moss said.
The following tips can help users avoid falling for scam emails:
Check the URL: Links can say one thing and actually lead to a different website. Hovering over the link before clicking it will show the website that it will actually lead to, Moss said.
If the site requires a user to login, there’s a good chance that it will be secured and have an “https:” prefix. If it doesn’t, that’s a red flag.
Don’t give out passwords: “We’re not ever going to ask for your username and password because we don’t need it,” Moss said. “Your bank, your credit card company, they don’t need your username and password, so they’re not going to ask.”
Be wary of improper grammar and spelling: A lot of scam emails have improper grammar and spelling mistakes, Moss said.
Slow down: Moss said email scammers will often say things are “urgent” so a user won’t think through what’s happening. Users should slow down and think about what they are clicking before they do so.
Be wary of the unexpected: Scammers sometimes send out notices around the Christmas holiday season, urging users to click on a link to see details about their package being shipped. If you don’t remember ordering a package, be especially cautious about the email.
Call the technology helpdesk if unsure: The Office of Information services has a helpdesk that can advise users who are unsure if an email is legitimate or not. “Don’t ever be afraid to ask a question . . . it’s better to be safe than sorry,” Moss said.
Editor’s note: This article was originally published in the September 15, 2016 print edition of The Arka Tech under the headline “Info systems advice about scam emails”