Phishing

Phishing Scam Information

 

Phishing is the common name for email scams that try to trick you into giving up your login information or get you to send them money by offering jobs, asking for help buying gift cards, saying your account will be terminated or needs to be updated, or you that will lose data if you don't log in to their website.

    • Recent scams
      • Research Assistant Needed - May 2022
      • Student Job Offier scam - Spring 2022
      • Faculty & Staff Gift Card scam - Spring 2022
         
    • Tips to identify scams
      • Be aware of offers that are too good to be true, or urgent requests.
      • Check the From details of the email to make sure it comes from @wellesley.edu.
      • Don't click on links in emails, go to the Wellesley website directly.
         
    • Reporting a scam
      • Report it to the Computing Help Desk so we can notify the community.
      • Report it to Google so they can update their detection rules.
      • Report it to Campus Police if you transferred any money.
         
    • Additional information
      • Information scammers try to get from you
      • How to protect your accounts and information

    Recent scams

    May 2022 - Research Assistant Needed

    A scammer sent an email to ~800 accounts saying they were "Professor Davis Andrew" and looking for a student to be paid $350 a week for 6 hours of work per week.  This is a common money scam similar to the other scams sent in Spring 2022.
     

    • Name: "Professor Davis Andrew" from the Computer Science department.
    • Email addresses: lm2512550@gmail.com.
    • Subject: STUDENT RESEARCH ASSISTANT POSITION
    • Content:  Wellesley College, Department of Computer Science urgently requires the services of students to fill the position of Research Assistants and get paid $350 for 6 hours weekly. The position is open to students from any department of the institution and tasks will be carried out remotely for now. Materials needed to carry out assignments will be provided by the department. Contact the department desk officer with a copy of your resume via  this email or the departmental chair Professor Davis Andrew (320) 634-xxxx stating your full name, department and year of study to proceed further.
       
    • How the scam works:  The scammer will text you (to bypass any email filters or blocks that we put in place) with some fake details about the job, and send an image of a fake check.  They will urgently ask you to deposit the check into your bank account and ask you to send money to someone else to pay for your work supplies. The money you send will be immediately processed and removed from your account, and eventually your bank will discover the first check was fake, and you will be out both the money from the scammer's check and the money you sent to the supplier.

    Spring 2022 - Student Job Scams

    A scammer has been sending emails to students offiering various jobs, and in return asks the student to send money to someone else to complete the job hiring process.  No legiitmate job has ever asked someone to send money to someone else before starting work.  Never send money to anyone when starting a new job.
     

    • Name: This changes often, but usually impersonates Wellesley faculty, staff, and alumnae.
    • Email addresses: Often the scammer uses @gmail.com addresses.
    • Subject: Research Assistant Needed
    • Content: They offer a job with what sounds like a great deal, such as $300/week for part time remote personal assistant work and say that all expenses will be covered. They ask for a preferred phone number and email to contact you.
       
    • How the scam works:  The scammer will text you (to bypass any email filters or blocks that we put in place) with some fake details about the job, and send  an image of a fake check.  They will urgently ask you to deposit the check into your bank account and ask you to send money to someone else to pay for your work supplies. The money you send will be immediately processed and removed from your account, and eventually your bank will discover the first check was fake, and you will be out both the money from the scammer's check and the money you sent to the supplier.
       

    Wellesley does not give out student email addresses to anyone outside of the College. All student jobs should be posted either in Workday through Human Resources for on campus jobs, or in Handshake through Career Education for off-campus jobs.

    If you received this scam, but did not reply to it: Forward the email to helpdesk@wellesley.edu to let the Computing Help Desk know about the scam, and click on the three dots to the right of the email and choose Report Phishing or Report Scam to report it to Google.

    If you replied to the scammer, contact Campus Police immediately.  Campus Police will then work with you through their processes.

    Spring 2022 - Staff Impersonator scam

    A scammer impersonating Wellesley College faculty and staff has been sending emails to other faculty and staff asking if they are available to go to Walmart and buy gift cards, that they will be reimbursed for.  Never make any purchases for College business fromy our personal account without an in person or phone disucssion with your supervisor.
     

    • Name: various faculty and staff supervisors, directors, and department chairs.
    • Email addresses: The "Name" part of the email will appear to be someone at the College, but the actual email address will be a gmail.com address.
    • Subject: Are you available?
    • Content: The content varies, but it usually has some excuse about them being in a meeting or an urgent need for you to contact them via text. 
       
    • How the scam works:  They will then give a story about how they need funds through gift cards, asking you to go to a local store to buy $300-500 in gift cards, and text them pictures of the card number and pin, and then they will say you can be reimbursed for the cost.
       

    Nobody at the College would ever ask you to buy gift cards for any urgent reason with this kind of situation.  If you aren't sure, make sure you get a voice call or in person visit with the person to confirm they are the right person and that it is a valid request.  

    If you received this scam, but did not reply to it: Forward the email to helpdesk@wellesley.edu to let the Computing Help Desk know about the scam, and click on the three dots to the right of the email and choose Report Phishing or Report Scam to report it to Google.

    If you replied to the scammer, contact Campus Police immediately.  Campus Police will then work with you through their processes.


    Tips on identifying scams

    Phishing scams emails typically have a few things wrong with them:

    • The email promises of a job that's too good to be true.
      • Pay or benefits are well beyond similar jobs.
      • The job asks you to send money to someone else before starting any work.
      • The job came unsolicited from someone you didn't know or expect.
         
    • The From email details are not from a Wellesley email address.
      • Scammers are using the names of current people at Wellesley, even copying their email signatures.
      • When viewing an email, tap or click on the triangle or down arrow next to the To section of the email to see the details. 
      • Make sure the From address is from an @wellesley.edu address.
         
    • The email is a scary warning about your account, such as it will be deleted, cancelled, or terminated.
      • Your account will only be disabled if your status at the College changes.
      • We will NEVER ask you to login to a website to fix your account.
      • If you're concerned, email helpdesk@wellesley.edu or call 781-283-3333 before taking any action.
         
    • The link in the email goes to a website that isn't on wellesley.edu or google.com, and the website doesn't have a secure lock icon.
      • If you are ever concerned about an email, DO NOT click or tap on any links in the email.
      • Go to the Wellesley home page directly - www.wellesley.edu, then click on My Wellesley, login, and look for a link in the portal.

    Reporting a phishing scam
     

    If you haven't sent any personal info to the scammer, report it to the Computing Help Desk. Foward the email to helpdesk@wellesley.edu, or call 781-283-3333.  Also, if you still have the email, click or tap the three dots to the right of the email and choose either Report Phishing or Report Spam, to send an automated report to Google about the email.

    If you transferred money or funds with the scammer, report it to Campus Police urgently, at 781-283-2121.  They will take a full report, walk you through their process for completing a report of the situation.


    Information scammers try to get from you
     

    Scammers will try to trick you into giving up many different kinds of information.  Be aware of this and only give out this information to people you trust and have had communication with via voice call or in person for confirmation.

    • Your Wellesley Account: You should only log in to Duo SSO, Wellesley SSO, or specific Wellesley websites. If you are asked to login to a system you're not familiar with or the host name doesn't end in wellesley.edu, get confirmation before logging in.
    • Your Duo 2FA information: You should only enter your Duo 2FA information into the Duo popup during the login process on a valid Wellesley website.  If you get a Duo Prompt on your phone, make sure you were expecting it and that it's for the website you're attempting to login to.
    • Accounts where you've used your Wellesley email address:  If you have used your Wellesley email address as the login for external websites, such as Amazon, LinkedIn, Twitter, etc. use a different password for each site and enable any additional login methods if possible, such as two-factor authentication. 
    • Your bank account information:  Never deposit checks sent over text or email into your account.  Always wait the appropriate time your bank says for the check to fully clear before using the funds. 

    Protect your accounts and information

    Here are some tips to help keep your information secure.

    • Don't click on links in emails that ask you for your account information.
      • If you're concerned, open a browser and go to the correct website manually.
         
    • Be cautious about opening attachments or downloading files from emails you receive.
      • If you weren't expecting an attachment or download, ask the person sending it to confirm it's ok.
         
    • Use anti-virus and anti-spyware software and keep them updated.
    • Keep your web browser up to date.
      • Chrome and Firefox are usually quick to flag suspicious websites.
      • Go to Help > About in your browser to check for updates.
    • Monitor your credit card and bank accounts regularly.
      • Visit the FTC website AnnualCreditReport.com to get your free credit report.
      • Some credit cards also provide credit check services.
         
    • Use a different password for every website.
      • Hackers will break into a weak website and try the account info on more secure sites, such as banks.
      • When one website gets hacked, you won't have to worry about all the other websites you used that password on.
      • Use a password manager. The College does not have a subcription to one, but please check these reviews.
         
    • Visit the following websites for additional security tips: