How to report a Phish sent to your Tufts email
Send the message to the Service Desk it@tufts.edu. First, open a new email, and then add the phish email as an attachment. This will make it possible to see the “headers,” which is information that isn’t displayed in the message you’ve seen. The headers include lots of useful details about how the email has been routed. If you need help, just call the Service Desk at 617 627-3376.
Sample Phish Received at Tufts
From: <john.doe.tuffts.edu@gmail.com>
Date: Thu, Aug 6, 2020 at 12:04 PM
Subject: Quick Request
To: <XXXXX@tufts.edu>
Send me your available text number that I can reach you at ?? –
---Tufts University
From: Tufts University <aheadproject83@fastmail.com>
Date: Tuesday, September 1, 2020 at 4:55 PM
To: "XXXXX@tufts.edu" <XXXXX@tufts.edu>
Subject: RE: Part-Time Intern!
Hello and welcome to Tufts University!
My name is Dr. Stephan Smith and I work as a clinical counselor for the Department of Disability Resources and Educational Services (DRES).
The Disability Resource Center (DRC) works in partnership with the University to eliminate, minimize barriers and facilitate inclusion on campus by providing services designed to support student success by creating a welcoming, inclusive and accessible environment in making a positive lifestyle changes.
The motive of this project is to give students like you the opportunity to make extra money during their terms of study and even after studies and to promote awareness and consistency in the application of best practices to students with disabilities statewide in making a positive lifestyle changes.
This job only consumes an hour or two of your day and could come up 3 times in a week, which gives you the opportunity to be $620.00 richer every other week. You will be paid in advance for all tasks and purchases to be done on my behalf.
I am currently away, helping the disabled students in Canada and upon my arrival we will discuss the possibility of making this a long-term employment if I am impressed with your services. My arrival is scheduled for the Third week of September, 2020.
To be considered for this position, reply with this information
Name
Age:
Residential Address:
Alternate email (different from school email):
Cell #:
Regards,
From: John, Doe [JDoe@cheo.on.ca]
Sent: Wednesday, January 15, 2020 9:07 AM
To: XXXXXXX
Subject: IT-Service Desk.
Dear All, E-mail User
Please click on Outlook Web Access<https://XXXX-XXX--XX-authlogon-XXXXXX.weebly.com/> to update your outlook email account to the new secured version.
Thank You
IT-SERVICE DESK
APPROVED.
From: "Information Technology" <IT@web.edu> <J_Doe@surg2.med.kyushu-u.ac.jp>
Sent: Tuesday, October 15, 2019 5:56 PM
To: info@web.com
Subject: Password Check Required Immediately
Dear Staff,
As part of ongoing efforts to maintain regulatory compliance we have updated our password policy and we need everyone to check their password immediately to ensure that it meets our Minimum Security Requirements.
Please click here to do that:
Check Password<https://forms.office.com/XXXXXX/XXXXXX.XXXXXXXXX?id=XXXXXXXXXX_XXXXXXX-X_XXXXXXXXXXXXXXXXXXXXX>
Please do this right away.
Thanks!
Information Technology
From: John Doe <JDoe@pcm.gob.pe>
Reply-To: "XXXXXXXXXX@tufts.edu" <XXXXXXXX@tufts.edu>
Date: Sunday, May 24, 2020 at 7:46 PM
Subject: Account Notification ( Treat Urgent )
Attention:
Your Email Account was recently signed in from an unknown location.
Please click here for verification to avoid closure of your Email Account<https://discoveryXXXXXXXXXXXXXXXXXXX>
To complete this verification, simply or click here<https://discoveryXXXXXXXXXXXXXXXXX>
Sincerely,
Email Support<https:XXXXXXXXXXXXXXXXXXXXXX>
Common Vishing Phone Calls and Texts
These may be calls or texts by a person or a robocall or robotext.
- From the IRS - saying you owe money you must pay immediately. The call may threaten jail time or revoking your Driver’s License.
- The IRS will never ask for money to be paid over the phone.
- The IRS will not call offering big refunds.
- From immigration authorities threatening that you will be arrested and deported
- From the Social Security Administration offering help with future or current benefits and asking for your full Social Security number.
- From the police, threatening arrest or other action.
The imposters may ask you to give them your password or to click on a link in an email they send to update your email account or to use an updated service, such as the VPN.
These often claim they have detected a virus on our computer and ask to be given access to your computer to clean it.
These calls may ask to change where a payment is sent. They may also attempt to get bank account information. They may offer a special deal if you first make a payment.
These often target grandparents or other relatives and ask them to send gift cards or money orders.
The bail scam was targeted at families of college students in 2017.
These often say you need to first pay some amount to get your prize, or you have to give your bank account information or Social Security number for tax purposes.
These may be trying to get a recording of your voice saying “yes” to use as part of another scam. Ask instead Who is calling?
Some Common Tricks Vishers Use:
- Threatening a bad event unless you take immediate action
- Being especially nice to make you think they are calling to help you
- Spoofing the number that is calling to match a real, legitimate number
- Having another criminal follow-up with a separate call or email that seems to validate the first call
- Knowing the last 4 digits of your Social Security number
- Having noise in the background that sounds like a real office