Phishing

Watch out for email scams - don't get phished!

Phishing is the common name for email scams that try to trick you into giving up personal information through email.  The scams usually try to scare or trick you in various ways, such as offering jobs with absurd rewards, saying your account will be deleted/canceled/terminated, or you that will lose data if you don't log in to their website.


 

Information scammers can get if you fall for an account / login scam

If you enter your Wellesley account information on a scam website, the scammer will gain full access to everything your Wellesley domain account can access, such as:
 
  • Your Workday account, which includes salary info, pay stubs, tax information, and health information.
  • Your Google Apps account, which they can download your email, contacts, and files in Drive and scan them for personal information.
  • Accounts that use your Wellesley email address, such as Amazon, online banking, and online credit cards.
  • If you used the same email address and password on other sites, those sites are now compromised too. 

To keep scammers out of your Google and Workday accounts even if they get your password, enroll in Duo two-factor authentication.


How to spot a phishing scam and protect yourself

Phishing scams start with an email that looks official, but when you really analyze it, you can usually spot a few common errors

  • The email promises of a job that's too good to be true.
    • Pay or benefits are well beyond similar jobs.
    • The job came unsolicited from someone you didn't know.
    • The job isn't listed on Handshake.
       
  • The email signature doesn't include contact information of a valid department or person.
    • All emails from departments on campus will always have contact information.
    • Search the Wellesley website, or the Wellesley Directory for the name of the sender to make sure the info is correct.
       
  • The email is a scary warning about your account, such as it will be deleted, cancelled, or terminated.
    • Your account will only be disabled if your status at the College changes.
       
  • The link in the email goes to a website that isn't on wellesley.edu or google.com, and the website doesn't have a secure lock icon.
    • Correct, secure websites will have a green lock and either Wellesley College, or google.com in the address bar.

Protect your accounts and information

Here are some tips to help keep your information secure.

  • NEW: Sign up for Duo two-factor authentication to protect your Wellesley Google Apps and Workday accounts.
    • This is a new feature that protects your account by requiring phone authentication when logging in.
       
  • Don't click on links in emails that ask you for your account information.
    • If you're concerned, open a browser and go to the correct website manually.
       
  • Be cautious about opening attachments or downloading files from emails you receive.
    • If you weren't expecting an attachment or download, ask the person sending it to confirm it's ok.
       
  • Use anti-virus and anti-spyware software and keep them updated.
  • Keep your web browser up to date.
    • Chrome and Firefox are usually quick to flag suspicious websites.
    • Go to Help > About in your browser to check for updates.
  • Monitor your credit card and bank accounts regularly.
    • Visit the FTC website AnnualCreditReport.com to get your free credit report.
    • Some credit cards also provide credit check services.
       
  • Use a different password for every website.
    • Hackers will break into a weak website and try the account info on more secure sites, such as banks.
    • When one website gets hacked, you won't have to worry about all the other websites you used that password on.
    • Use a password manager, such as LastPass, 1Password, or KeePass.
       
  • Visit the following websites for additional security tips:

Report phishing scams

If you think you have received an email phishing scam, here are some things you can do:

Quickly report it to the Help Desk:

  1. Forward the email to helpdesk@wellesley.edu
  2. DO NOT click on any of the links or reply to the email until you get a response from the Help Desk.
  3. The Help Desk will respond during their normal hours.

Report additional details of the email to the Help Desk:

  1. When viewing the phishing scam email, next to the reply button on the left, there is a small button with a triangle on it.  Click on that and select Show Original.
  2. You should now get a new tab with additional information about the email.  Click the Download Original link, which will download an original_msg.txt file.
  3. Attach the file to an email and send it to helpdesk@wellesley.edu.

Report the phishing scam email to Google.

  1. When viewing the phishing email, and click on the down triangle and click Report Phishing.  
  2. You will then be asked if this really is a phishing scam. Click Yes.  
  3. This will report the phishing email to Google and put the email into your Spam folder.

Recent phishing scams

September 2018 - Administative Assistant Job Offer - Money Scam

This is similar to earlier money scams.  This scammer uses the following info:

  • Name: Catherine Robert
  • Email addressestrungvy0702@gmail.comdkmm04@gmail.com, or apple.mycity@gmail.com
  • Subject: (no subject)
  • Content: They claim to have contacted 'your school admin' and that they graduated here. They are looking for a Administative/Personal Assistant, and ask you to apply ASAP.

There is no 'school admin' that would give out Wellesley email addresses and approve of sending emails to students.  All non-Wellesley job offers should be done through Career Education and Handshake, where there is accountability such as contact information available to you.  

After you contact them, they will switch to contacting you via text messages to avoid any possible detection by scanners.  They will send you an image of a check and ask you to deposit it in your bank account.  They will then ask you to send money to other people, typically as gift cards, checks, or through online payment apps. A few days later, your bank will report the original check as fraudulent and you will be out the money you sent to the other people.

If you have given your information to this person, contact the Help Desk immediately.  Review your security questions on any online financial websites you have, and enable two-factor authentication on them if you haven't already.  To enable two-factor authentication on your Wellesley Google Apps and Workday accounts, enroll in Duo today.


February 2018 - Money Scam

Similar to the April and May money scam below, this scammer is trying to steal money from you.  This scammer uses the following info:

  • Name: Christopher Babbit
  • Email addresses: lindabrenda88516@gmail.com, lindabrenda88517@gmail.com, lindabrenda8850@gmail.com, and dsam25894@gmail.com
  • Subject: " **********Employment**********Employment*******"
  • Content: No email body, but a Job Details.txt file attachment.  The attachment he says he works for the department of "Disability Resources and Educational Services (DRES)" and asks you to send your name, address, a non-Wellesley email address, and mobile phone number.

There is no such department on campus, and there isn't an employee named Christopher Babbit.  He asks for the non-Wellesley address and mobile phone number so he can get around the protections we have setup to block these kinds of scams.

If you have given your information to him, contact the Help Desk immediately.  Review your security questions on any online financial websites you have, and enable two-factor authentication on them if you haven't already.  To enable two-factor authentication on your Wellesley Google Apps and Workday accounts, enroll in Duo today.

April  & May 2017 - Money Scam

This scam copied an email that a student organization sent out, but added a "reply-to" setting to the emails so that replies would go to the scammer.  The scammer would then offer checks to the recipient for up-front payment, and ask them to send checks for various amounts to other accounts for equipment or other things.  This is how the scam usually works:

  • The scammer sends a fake check to the recipient.
  • The recipient deposits the check in their account.
  • The recipient's bank releases the funds in 3-5 days.
  • The scammer asks the recpieint to send checks to other accounts for almost the same amount.
  • The recipient sends the checks, and the scammer moves the money from those accounts.
  • The recipient's bank figures out the check was a fake about 7-10 days from the initial deposit and takes the money out of the recipient's account.
  • The recipeint can't get the money back from the scammer, the fake accounts, or their bank, so the recipient is out the money they sent the scammer.
Money scam emails
First scam email
Second scam email
Scam email shown with reply-to field
 

January 2017

This scam copied our login page, even using our Wellesley College images!  What set the scam website apart was that it was not located at wellesley.edu and wasn't a secure website.  Always look for those things when viewing website, both on computers and mobile phones. See the images below where we've circled the differences.

Desktop website
Fake scammer website Official College website
Fake Scammer Website Official College Website

 

Mobile website
Fake scammer website Official College website
Fake Scammer Website Official College Website

Fall 2016

This scam used an email that said your email quota was going to change.  Gmail is unlimited and doesn't have a quota.  If you clicked on the link you'd see that the website is not a secure site (no lock icon next to the website address), does not go to a gmail.com or google.com website, has poor grammar, and the Cancel button is spelled wrong.

Phishing Scam Email Phishing Scam Website
Phishing Scam Email
 
Phishing Scam Website
 

Annual campus-wide test phishing scam

As of 2017, LTS performs an annual test scam by sending out a fake scam email to many Wellesley email addresses.  We then gather statistics on how many people view the email, click on the link, and completelty fall for the scam. We then post the results on the LTS News blog.