State of the Scams, Fall 2023

Scam emails continue to grow in sophistication

September 15, 2023

Scam emails continue to grow in sophistication. Previously, misspellings and poor grammar were some of the indicators of a scam email. With the advent of ChatGPT, even non-English speakers can develop effective and misleading messages. Worse yet, these messages breach spam filters occasionally, meaning you will likely come across at least one at some point this semester in your work, school, or personal account. With that in mind, let’s look at some red flags to watch out for regarding scams this fall.

A Sense of Urgency
Scammers are dependent upon you clicking links in their emails rather than going to a real site to check. Thus, you will see messages warning you that your account is about to be suspended or in need of attention. The account may be a popular web vendor such as Amazon; a gaming or entertainment site; a social media site; an online email account; or a financial site such as one of the national banks, credit cards or PayPal and Venmo. The email will carry dire warnings and offer a link for you to “click now.” The link of course leads to a scammer’s site which will then glean your login information, lock you out of the account and drain any money available.

Solution:
If you receive an urgent warning of an account closing, do not open the email. Instead, head to the site and enter your information directly at a known URL. If your account is due to be closed, you will receive notifications there and can change your information directly, if needed.

Friends, Family and Coworkers Phishing Emails
One of the issues with being a public institution is that people’s positions, emails and phone numbers are readily available on the web. Scammers can send pretend emails to multiple targets in the college with accurate names and information. Emails may be addressed to you personally, or to a smaller group in which you are included. The message may have details such as the name and work information of an employee and appear to be legitimate. These often send you “offsite” for more information, to another email address or URL where money or personal information is to be exchanged.

Solution:
As a general solution, if there is the slightest hesitation, listen to it and stop. Don't click. Call the Help Desk and we can further investigate together. Solicitation is a policy violation and employees are not supposed to use their Blinn accounts for personal profit or political purposes. If something is for sale, it should not be advertised over a taxpayer-funded venue such as our network or email system. Most employees know this, so if you see an email suggesting such, it should automatically be suspect. Another thing to check is the “from” window. The signature of an email may have a legitimate person, title, and phone number, but if it is sent from an off-campus account, it is suspect. Even if the address checks out, if everything else in the message tries to move you offsite, it is suspect.

Nearly Accurate Retail Websites
Emails, and on occasion web searches, sometimes include sites off by one letter in their URL, or otherwise play off popular brand names. Unwitting customers access the sites, which appear very similar to the real ones. You order something by entering credit card and shipping info. You might even receive a confirmation email and additional messages indicating the shipment is delayed. But you never receive the product.

Solution:
Be diligent about checking URLs and making sure you are at the proper site. Only purchase from trusted retail sites with names you know. Sometimes scammers will get similar names for popular sites to show up second or third in a Google search, so it pays to give close attention and double check a new retail site the first time you use it. Better yet, procure items from trusted retailers only.

Something for Nothing Scams
Any email that requests you send money for something too good to be true probably indeed is too good to be true. These scams prey on the same psychological tricks casinos and lotteries use: invest a small amount in the hopes of gaining a far larger sum. Invariably, the smaller amounts disappear in the pockets of scammers, and you get nothing. Variations on this scam include the promise of a free item such as a grand piano in exchange for sending a modest storage fee, or a request to cash a (bogus) check for a large amount and send a portion back in the form of a gift card or some other untraceable financial means.

Solution:
To guard against Something for Nothing scams, avoid sending money to strangers on the internet without safety nets in place, such as those found on legitimate marketplaces like Etsy or eBay. Buying something sight unseen is always risky, especially from strangers.

PDF Attachments
One particular scam combines Something for Nothing with the use of hijacked or spoofed email addresses and an attachment. Recipients receive a PDF file attached to the email with various promises within if only they click a link. This results in the spread of malware or, more commonly, a request for personal info which is then used for nefarious purposes.

Solution:
It is often best to delete unsolicited emails with attachments before opening. Again, if it sounds too good to be true, it probably is. And never enter personal or financial info in unknown or untrusted sites.

In conclusion, be aware that scammers play an increasingly sophisticated game and adapt novel techniques over time. New tools allow emails to occasionally worm through filters and evade traditional red flags such as poor grammar and spelling. Always be diligent about where you send money and post personal information on the internet, sticking to trusted sites you browse to directly rather than by clicking links in an email. And if it sounds too good to be true, it probably is.

For more on the current state of email and internet scams, please see the following useful sites and articles:

https://www.usa.gov/scams-and-fraud

https://www.zdnet.com/article/6-simple-cybersecurity-rules-to-live-by/

https://arstechnica.com/security/2023/08/ongoing-scam-tricks-kids-playing-roblox-and-fortnite/