The Christmas holiday season is a favorite time of the year for cybercriminals to conduct frauds, scams, and other phishing schemes.
The TTU IT Division has received information that scammers are actively targeting individuals through email, phone calls, and SMS text messages. Responding to these scams can result in the loss of sensitive information such as financial account data, credit card information, personal data, and passwords.
In order to protect information resources on your organization's network, the following should be removed from the network:
- Vulnerable systems (e.g. computers running Windows 7, outdated versions of Office or anti-virus software or unpatched computers); and
- Compromised systems and accounts. In addition to cybercriminal activities, compromised systems and accounts can also result in a ransomware infection, a form of malware that limits you from accessing your files and information until the "ransom" is paid (usually in bitcoins) to remove the restrictions. Frequently, access is not restored even after the "ransom" is paid.
Though reports vary, common schemes for these attacks include the following tactics:
- Coronavirus (COVID-19) scams related to the following:
- Vaccines
- False websites and information
- Work-from-home device vulnerabilities
- Contact tracing apps
- Telehealth/online health care
- Impersonating corporate employees, including administrators and offices.
- Package delivery notices.
- Claims of past due payments and alternate payment methods.
- Impersonating account websites and notices ("expired" accounts, mailbox quotas, online file storage links, password changes).
Common tactics that scammers use:
- Scare tactics. These aggressive and sophisticated scams try to scare people into providing confidential information or money. Many phone scams use threats to try to intimidate you and may also leave "urgent" callback requests, sometimes through automated email lists or phone calls ("robo-calls");
- Requests for immediate action or information. These callers often request personal information such as birth date, SSN, mother's maiden name, etc… under the guise of "verifying your identity." They may also ask for money, gift cards, credit card numbers, or Western Union money transfers;
- Caller ID spoofing. Scammers often alter caller ID to make it look like a particular organization or an official agency is calling. The callers may use official titles and fake premises to appear legitimate. They may use online resources to get your name, address, and other details about your life to make the call sound legitimate; and
- Phishing email and regular mail. Scammers copy and use official letterhead in email or regular mail they send to victims in an attempt to make the scam look official.