Phishing Scams

Reported: November 21, 2023
What: Bereavement request from ESU Official
Type: Phishing done via Email
Problem: An email sincerely disguised as a request for help after the passing of ESU Faculty's parent.
Severity: High

Scenario: An very sincerely worded email is sent, on the behalf of President Long. It requests your help with a professor's parent passing. The email asked if the reader wants the tool set owned by the parent or other item be sent to them. And the reader is asked to sent their personal email address for quicker response.

Do not respond nor send any personal or busy information

What To Check: Check to see if the situation did happened. Check to see if the email is sent from an ESU issued email account. (Emails from @esu.edu are ESU employee email. There are a few exceptions). Only official ESU emails are sent from ESU Email addresses. Don't share personal information. By rule, personal information should not be sent in response to an ESU email. If personal information is needed, you can ask the sender if this is true.

Resolution: Please do not respond with your personal email account or other personal information. Forward a copy of the email to the ESU Phishing Team. Ask them for their help.

Reported: November 11, 2023
What: An invoice or receipt from Best Buy/Geek Squad
Type: Phishing done via Email
Problem: A malicious attack disguised as an invoice or receipt from Best Buy.
Severity: High

Scenario: An email is sent to remind the owner that payment has been made or payment is due (invoice or receipt). The owner is asked to call the toll free number to request a refund. The email uses an authentic Geek Squad logo and styling. Due to the look of the email, users may want to call to verify the email.

Do not respond, call or open any links and attachments.

What To Check: Are you expecting a receipt or invoice from Geek Squad? If you don't use your ESU email for purchases then you shouldn't expect this email. If you are expecting receipts or charges, verify thru BestBuy.com that the information is correct.

Resolution: Please do not call to verify any information in response to the email. Check with BestBuy.com if you think its a valid email. If not, forward the email to the ESU Phishing Team, and get their help.

Reported: October 24, 2023
What: Phishing attack asking to download a file from President Long
Type: Phishing done via Email
Problem: Could be a virus or other malicious item attacked to the email or the links in the email.
Severity: High

Scenario: An email sent with urgency on behalf of President Long. It ask that you open the file being shared with you.

Do not respond or open the links and attachments.

What To Check: The email is from a non-ESU source. High ranking officials would not ask outsiders to send on their behalf. Unless you are told to expect this email, then assume its a fraud.

Resolution: Please do not text any information in response to the email. Forward the email to the ESU Phishing Team, and get their help.

Cellphone Request From Manager

Reported: April 28, 2023
What: Phishing attack seeking workers personal cellphone number
Type: Phishing done via Email
Problem: An email, assumed to be sent from an ESU employee or manager asking for a co-workers personal cellphone number.
Severity: High

Scenario: An email is sent from a manager or supervisor to their employee asking for their personal cellphone number. The message is short. Asking if they are available and what is the best cellphone number to text them.

Do not respond with personal, private or ESU information!

What To Check: The email is very convincing. Using the correct ESU's director name and title. Several parts are amiss. First, it is sent from a non-ESU(esu.edu) issued email address. If they are emailing you internally, you would not see the message "originated outside ESU". Next, there is no subject to the message. Also, the message was flagged in the ESU Junk Mail system. Finally, there is not a personal greeting or a more secure way of relaying the information, such as handing the information in person.

Resolution: Please do not text any information in response to the email. Forward the email to the ESU Phishing Team, and get their help.

RA Needed Urgently: Job Offer

Reported: April 10, 2023
What: Phishing attack seeking workers # 1
Type: Phishing done via Email
Problem: An email, assumed to be sent from an ESU Professor offering employment as a Student Research Assistant.
Severity: High

Scenario: Email is sent as an urgent limited Job Offer. With the person seeking a Student Research Assistant. The job is being offered as a paid remote internship. The email is requesting that the student text the "professor" their full name, email, department and year of study.

Do not click or follow the link supplied!

What To Check: The email is very "wordy" but not saying anything of note. They may use the name of an actual faculty/staff member, but keep in mind that every email will have a different phone number to text. When applying to any job on campus, a true employment opportunity will not ask you to text an individual, but will post the job accordingly.

Resolution: Please do not text any information to the number in the email. All Faculty and Staff official contact information can be found on the website. Forward the email to the ESU Phishing Team, and get their help.

Urgent Open Slot Job Offer!!!

Reported: March 21, 2023
What: Phishing attack seeking workers # 2
Type: Phishing done via Email
Problem: An email, assumed to be sent from an ESU Professor offering employment as a Student Research Assistant.
Severity: High

Scenario: Email is sent as an urgent limited Job Offer. With the person seeking a Student Research Assistant. The job is being offered as a paid remote internship. The email is requesting that the student text the "professor" their full name, email, department and year of study. The wording is slightly different, but this is the same scam being conducted as the previous email on April 10th.

Do not click or follow the link supplied!

What To Check: The email is very "wordy" but not saying anything of note. They may use the name of an actual faculty/staff member, but keep in mind that every email will have a different phone number to text. When applying to any job on campus, a true job post will not ask you to text an individual, but will post the job accordingly. Even if you recognize these phishing emails, keep in mind that different variations may still be floating around. So be vigilant when reading your emails.

Resolution: Please do not text any information to the number in the email. All Faculty and Staff official contact information can be found on the website. Forward the email to the ESU Phishing Team, and get their help.

Job Offer

Reported: January 18, 2023
What: Phishing attack seeking workers
Type: Phishing done via Email
Problem: An email, assumed to sent from ESU offering employment as a Personal Assistant.
Severity: High

Scenario: Email is sent as a Job Offer. With a person seeking a personal assistant. Duties include handling payments/monies, sending gifts, record keeping and paperwork. The email shows average or above average pay, few weekly work hours required and the comfort of working from home, school or any location. Requires you to click the link to continue and for more details.

Do not click or follow the link supplied!

What To Check: There is little details with the message except to say a big promise for little effort. That it is offering a convenient job that wouldn't take a lot of time away from a person. Also, the email suggests its from Job Placement & Student Services which is not a currently ran department at ESU. Again, there is no other, pertinent details explaining who they are, why they are sending the email nor proper ways to contact ESU in person.

Resolution: The email leave no way to contact them or ESU except via the link provided. This would show as a SPAM. Please do not follow or click the link provided. Forward the email to the ESU Phishing Team, and get their help.

Important Message from the President - Shared A File With You

Reported: January 17, 2023
What: Phishing attack requesting an immediate favor
Type: Phishing done via Email
Problem: A person, impersonating a well known or prominent member of ESU asking for help.
Severity: High

Scenario: An email is sent from a high ranking official or prominent person. The person could be a member of ESU or not. The email states the message is important and has shared a file with you to open!

Do not open or download the file!

What To Check: There is very little details with the message except to say its important, whose its from and what to. There is no other, pertinent details explaining who it is, why they are sending or what to do if you have questions. Its a direct and frank email that is asking you to open the file. The message and details are very vague and too frank. Asking just to open the file.

Resolution: You could contact the person or their office to verify the message. Better to send the email to the ESU Phishing Team, and get their help.

Urgent Request To Purchase Apple Gift Cards

Reported: January 17, 2023
What: Phishing attack requesting an immediate favor
Type: Phishing done via Text messages
Problem: A person, impersonating a well known or prominent member of ESU asking for help.
Severity: High

Scenario: This Phishing attack is an interactive texting by a caller pretending to be an high ranking or prominent member of ESU. The offender calls or text asking for a favor. They are in a meeting and cannot leave. They ask if you are available and could buy gift cards. They build the scene by asking if you are busy and if you have the time to do them a favor. They let you know this is an urgent matter.

Do not buy or send gift cards!

What To Check: Its hard not to take the text seriously since its from an ESU official. But the person fully identifies himself. If you know or work with the ESU Official, you and they would know this and there wouldn't be such a formal introduction.

Also, they test your sincerity. The request is posed as an urgent request and not a command to be executed. Also, what is asked is also in question. Why would you go to the local store, Walmart or CVS. This would take time. Also, you may assume the gifts should be brought to the meeting or gift card mailed/emailed after the meeting.

Be curious of this texting Check for irregularities. You will notice the email is signed by an ESU Member but the email address is not theirs' or not an ESU email account. Check the list of senders. You may see a list of emails who receive this notice and some or all may be unfamiliar or not sent to the ESU members. Also, check the notice. It says its an urgent or immediate request prompting you to respond quickly. Very little to no other instructions are given except to open the file from a prominent ESU member. So unless you are expecting this, do not open the email or click the link.

Resolution: You could contact the ESU Official and or their office to see if they are in a meeting as stated. Contact the owner or their office to verify the email. If its not a legitimate request or you believe the email is false, please forward the email to the ESU Phishing Team, to check the email and make updates to our Spam and Phishing security.

Document Shared with you: "Evaluation.Docx"

Reported: January 17, 2023
What: Phishing attack requesting to share a fake Word Doc
Type: Email, Word Doc
Problem: A person Is sharing a Word Document. Pretending it is part of a group project and you are asked to do your share in reading and opening the document.
Severity: High

Scenario: The Spammer is pretending to share a document to a group. They hope you believe its a document to a group or project you are working on and they want you to open the file.

Do not download the file, click the open button or open the file

What To Check: Check the author of the email. The name is a prominent or high ranking member of the ESU Staff but the email address is not an ESU email account. Official ESU correspondence will be sent from ESU email accounts. Also, the document is a script file, meaning it will be code that maybe executed upon reading. So this may contain a virus or other malicious program.

The spammer took advantage of the free services offered by Google, Dropbox or other services to send a malicious program or virus to your account.

Resolution: If you see an email with errors such as this, do not open or click the link that is offered. If you question if the email is for you, you can contact the owner or their office and find out if they sent the email. If its not a legitimate request or you believe the email is false, please forward the email to the ESU Phishing Team, to check the email and we can make updates to our Spam and Phishing security.