Phishing Alert: Gift Card Email Scams

Posted on February 22, 2019 by lparmet

The latest email phishing scam attempts to trick you with a vague, urgent request for help from a senior member of the administration or faculty.  At a glance, the sender’s name and email address may look legitimate, but a closer inspection will reveal the email is not from a wellesley.edu address, but from a fake yet similar address (such as from my.com, or gmail.com).  If you miss that this is a scam the first time and reply, the follow-up request from the sender will be an urgent request for money, typically via gift card or wire transfer, again with very little context or explanation.

  • If an email looks suspicious either in tone or from someone who usually does not reach out to you, examine the from address. If it is not from @wellesley.edu, do not respond and forward the message to the LTS Help Desk at helpdesk@wellesley.edu.
  • If by mistake you responded to the first email, you will almost always get a subsequent email asking you for money in some form. DO NOT RESPOND to this email and send it immediately to the LTS Help Desk at helpdesk@wellesley.edu.
  • When the Help Desk is notified of these scams, we block those suspicious email addresses so no future emails will get through, so it is very important for you to forward such emails to helpdesk@wellesley.edu.

More about phishing.

A note about faking email addresses

As you know, there are many free email services in the internet where you can go and register to have any email address that is available. Most of these systems trust that you are who you say you are and grant you the email address you requested. Some systems want you to provide an alternate email address and want you to confirm the registration, but there is no way for these systems to still verify any of the information. As a result, a scammer can create email addresses on these free systems that look similar to Wellesley College email addresses.

The bottom line is that it is not that hard to acquire a fake email address using free email services. It does not mean that a hacker broke into a person’s email first and then set up a similar email address elsewhere; that is not necessary.

To: Everyone
From: Lori Parmet, LTS, x2171
More Info: Computing Help Desk, LTS, x3333 (faculty/staff) x7777 (students), helpdesk@wellesley.edu

This entry was posted in Uncategorized. Bookmark the permalink.