December 4, 2024
Resource: The Hacker News
Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses.
September 10, 2024
This email is a phishing attempt. Please report it using the PhishAlert button, forward it to spamFREEHUDSONCOUNTYCOMMUNITYCOLLEGE, or delete it. If you’ve interacted with the email, contact the Help Desk immediately.
August 2, 2024
“Information on a piano donation (Yamaha Grand)-HCCC” is a scam. Please report it using the PhishAlert button, forward it to spamFREEHUDSONCOUNTYCOMMUNITYCOLLEGE, or delete it. If you’ve interacted with the email, contact the Help Desk immediately.
May 2, 2024
The "Disposal of a Grand Piano" email is a scam. Do not communicate with the sender or the email address in the body of the message. This is a scam designed to trick you out of your hard-earned money.
There are a few red flags in the message:
If you’ve interacted with the call, contact the Help Desk immediately.
April 26, 2024
Several HCCC staff have received phone calls from "1-424-389-4274". This is likely a spoofed phone number. The caller stated that they were conducting a survey. They asked for the individual's Date of Birth. You should not provide your Date of Birth or other private information to callers over the phone unless you've verified who they are and their need for the information. If you’ve interacted with the call, contact the Help Desk immediately.
July 19, 2022
The FBI advised investors that cyber criminals are creating fraudulent cryptocurrency investment applications (apps) to defraud cryptocurrency investors. They recommend investors always to be wary of prompts to install investment apps from unknown individuals, to verify that the company behind such apps is legitimate, and to treat apps with broken or limited functionality with skepticism.
Cryptocurrency owners are also recommended to enable multi-factor authentication (MFA) on all their accounts, deny requests to use remote access apps, and always reach out to exchanges and payment companies using official phone numbers and email addresses.
When it sounds too good to be true, it probably is.
Please see more information here:
https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-cryptocurrency-apps-used-to-defraud-investors/
July 5, 2022
Scammers continue contacting people to gain access to your information or device(s). They may contact you on your personal email or phone. The setup is similar to this:
It’s a robocall that claims to be from Amazon’s fraud unit. There’s a fraudulent charge for $999 that was placed in Baltimore. Before Harry has a chance to respond to the prompt, he’s connected to a scam call center, most likely, overseas.
The call sounds convincing until the caller asks potential victims to download an app. They claim the download will help them remove the charge, but what the scammer really wants is to gain remote control of your computer and everything on it.
In this call, the scammer asks Harry to type in www.AnyDesk.com, which is a legitimate software company based in Germany.
Please see more information here:
https://www.cbs46.com/2021/12/14/scammers-posing-amazon-try-get-remote-access-better-call-harrys-computer/
March 22, 2022
New phishing toolkit allows anyone to create fake Chrome browser windows - beware the SSO from unknown sites.
January 27, 2022
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
By Owen Daugherty, NASFAA Staff Reporter
Publication Date: 3/31/2021
The Internal Revenue Service (IRS) issued a warning this week notifying those affiliated with higher education institutions of an ongoing email scam that appears to be primarily targeting those who have “.edu” email addresses.
The agency, in a release posted Tuesday, said it has received numerous complaints about the scam in recent weeks, noting that the emails to those with addresses ending in “.edu” have been targeting staff and students from both public and private, for-profit and nonprofit institutions.
The phishing emails, as they are commonly referred to, display the IRS logo and use various subject lines attempting to trick unsuspecting recipients, such as “Tax Refund Payment” or “Recalculation of your tax refund payment,” according to the IRS.
The scam emails prompt recipients to click a link and submit a form to claim their tax refund, then taxpayers are asked to provide personal information such as their names, date of birth, social security number, and other personal details.
Those who receive this scam email should not click on the link in the email and instead report it to the IRS. For those who may have fallen victim to the scam, the IRS recommends obtaining an Identity Protection PIN, which helps prevent identity thieves from filing fraudulent tax returns in the victim’s name.
The IRS added that taxpayers who believe they have a pending refund should check the status only on the agency’s website, IRS.gov.
September 15, 2020
HCCC users may receive a malicious email with a random M# as the subject with a random sentence in the email. Please do not interact with the sender and delete the email immediately. You can send emails such as these to spamFREEHUDSONCOUNTYCOMMUNITYCOLLEGE. If you have interacted with this email, please contact the ITS Help Desk for assistance.
August 12, 2020
HCCC emails may receive a message that appears to be from an HCCC contact "Jane Smith" with the subject of your name "John Doe." The email has an external tag, and it is not from an HCCC email address. Delete this message and ignore, as it is not valid. If you have opened an attachment from the email or responded to it, please contact the Help Desk immediately.
March 5, 2020
The Greenlight Bookstore was recently hacked of their main email account as of March 4th, 2020. They explain what happened and include ways on how to protect yourself. See below:
Dear Friends and Fans of Greenlight,
Earlier today, Greenlight's main email account was hacked (via a phishing email from
one of our vendors who had also been hacked). The hackers accessed our Constant Contact
account.
At 1:42 pm, an email went out with the subject line "Order Compeleted" [typo included]
and a link to "Get Attached Files" along with a password. Clicking on the link would
download malicious files onto the user's computer.
Within an hour, our friends at Constant Contact had disabled the link, so the email
is no longer a threat.
We do apologize to those of you who were taken in by this scam (we were too!) -- though
we also appreciate those of you who were suspicious of an email from the bookstore
with a misspelling in the subject line! Thanks to those who contacted us to alert
us or inquire, and we hope we were able to answer your questions as we worked out
what had happened.
We believe our experience is related to the new phishing scam described in this article from the IT news site ZDNet. From the article: "Targets of this hacking campaign receive an email that encourages them to open a
phoney password-protected document that claims to have been locked in order to secure
personal information supposedly contained within. Many of the emails are themed around
refunds, online transactions and other invoices." The article contains more information on how the campaign works, and suggestions
for managing your system's safety whether or not you have clicked on the link. (Thanks
to Greenlight Community Lender and tech journalist David Ewalt for the tip!)
Again, we're so sorry that Greenlight became a conduit for this malicious campaign,
and we appreciate your understanding. Please feel free to reach out to us via info@greenlightbookstore.com if you have other specific questions or concerns.
Thanks for supporting your local independent bookstore!
Best,
Greenlight Bookstore
May 21, 2019
If you receive an email with a subject "Incident" with an ID code, delete it without opening it for this is a phishing attempt. Do not reply to it nor open any attachments or links. If you have interacted with the email, please contact the Help Desk.
May 16, 2019
If you receive an email about a lottery donation, immediately delete it without opening it. This is a phishing attempt. If you clicked on this link, please change your password immediately. When ITS sees that your account has been affected by this compromise, ITS will disable your account to protect you and the community. ITS may need to add more security features to your account once it has been compromised. Contact the Help Desk with any questions.