Uncategorized Fraud and Scams

Security Notices

For news on other different types of fraudulent emails and scams.

Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses

December 4, 2024
Resource: The Hacker News

Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses.

Read full article here!

ITS Warning: Welder / Fabricator scam email from "Lisa Dougherty"

September 10, 2024

ITS Warning: Welder / Fabricator scam email from "Lisa Dougherty"

This email is a phishing attempt. Please report it using the PhishAlert button, forward it to spamFREEHUDSONCOUNTYCOMMUNITYCOLLEGE, or delete it. If you’ve interacted with the email, contact the Help Desk immediately.

 

ITS Warning: “Information on a piano donation” SCAM Alert

August 2, 2024

ITS Warning: “Information on a piano donation” SCAM Alert

“Information on a piano donation (Yamaha Grand)-HCCC” is a scam. Please report it using the PhishAlert button, forward it to spamFREEHUDSONCOUNTYCOMMUNITYCOLLEGE, or delete it. If you’ve interacted with the email, contact the Help Desk immediately.

 

ITS Warning: Scam - Disposal of a Grand Piano

May 2, 2024

ITS Warning: Scam - Disposal of a Grand Piano

The "Disposal of a Grand Piano" email is a scam. Do not communicate with the sender or the email address in the body of the message. This is a scam designed to trick you out of your hard-earned money.

There are a few red flags in the message:

  • The sender is external, a Gmail address, and the email address and display name are unrelated.
  • HCCC staff are not permitted to make solicitations like this. When you receive one, report it with the Phish Alert button or forward to spamFREEHUDSONCOUNTYCOMMUNITYCOLLEGE.
  • The email requests that you use a personal email address, not HCCC. They do this to avoid detection of their schemes.

If you’ve interacted with the call, contact the Help Desk immediately.

 

ITS Warning: Suspicious caller from 424 area code with a "survey"

April 26, 2024

Several HCCC staff have received phone calls from "1-424-389-4274". This is likely a spoofed phone number. The caller stated that they were conducting a survey. They asked for the individual's Date of Birth. You should not provide your Date of Birth or other private information to callers over the phone unless you've verified who they are and their need for the information. If you’ve interacted with the call, contact the Help Desk immediately.

 

ITS Warning: FBI Warns About Fake Cryptocurrency Apps

July 19, 2022

The FBI advised investors that cyber criminals are creating fraudulent cryptocurrency investment applications (apps) to defraud cryptocurrency investors. They recommend investors always to be wary of prompts to install investment apps from unknown individuals, to verify that the company behind such apps is legitimate, and to treat apps with broken or limited functionality with skepticism.

Cryptocurrency owners are also recommended to enable multi-factor authentication (MFA) on all their accounts, deny requests to use remote access apps, and always reach out to exchanges and payment companies using official phone numbers and email addresses.

When it sounds too good to be true, it probably is.

Please see more information here:
https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-cryptocurrency-apps-used-to-defraud-investors/

 

ITS Warning: Amazon Call Scam - Remote Access Your Computer

July 5, 2022

Scammers continue contacting people to gain access to your information or device(s). They may contact you on your personal email or phone. The setup is similar to this:

It’s a robocall that claims to be from Amazon’s fraud unit. There’s a fraudulent charge for $999 that was placed in Baltimore. Before Harry has a chance to respond to the prompt, he’s connected to a scam call center, most likely, overseas.

The call sounds convincing until the caller asks potential victims to download an app. They claim the download will help them remove the charge, but what the scammer really wants is to gain remote control of your computer and everything on it.

In this call, the scammer asks Harry to type in www.AnyDesk.com, which is a legitimate software company based in Germany.

Please see more information here:
https://www.cbs46.com/2021/12/14/scammers-posing-amazon-try-get-remote-access-better-call-harrys-computer/

 

New Phishing Toolkit, Be Aware, Check the URL

March 22, 2022

HCCC ITS Twitter - Check the URL

New phishing toolkit allows anyone to create fake Chrome browser windows - beware the SSO from unknown sites.

View Tweet.

Read article.

 

Apple Releases Security Updates for Multiple Products

January 27, 2022

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

Read more here.

Email Scam Impersonating IRS Is Targeting College Students and Staff, Agency Warns

By Owen Daugherty, NASFAA Staff Reporter
Publication Date: 3/31/2021

The Internal Revenue Service (IRS) issued a warning this week notifying those affiliated with higher education institutions of an ongoing email scam that appears to be primarily targeting those who have “.edu” email addresses.

The agency, in a release posted Tuesday, said it has received numerous complaints about the scam in recent weeks, noting that the emails to those with addresses ending in “.edu” have been targeting staff and students from both public and private, for-profit and nonprofit institutions.

The phishing emails, as they are commonly referred to, display the IRS logo and use various subject lines attempting to trick unsuspecting recipients, such as “Tax Refund Payment” or “Recalculation of your tax refund payment,” according to the IRS.

The scam emails prompt recipients to click a link and submit a form to claim their tax refund, then taxpayers are asked to provide personal information such as their names, date of birth, social security number, and other personal details.

Those who receive this scam email should not click on the link in the email and instead report it to the IRS. For those who may have fallen victim to the scam, the IRS recommends obtaining an Identity Protection PIN, which helps prevent identity thieves from filing fraudulent tax returns in the victim’s name.

The IRS added that taxpayers who believe they have a pending refund should check the status only on the agency’s website, IRS.gov.

Random Subject M

September 15, 2020

Random Subject M

HCCC users may receive a malicious email with a random M# as the subject with a random sentence in the email. Please do not interact with the sender and delete the email immediately. You can send emails such as these to spamFREEHUDSONCOUNTYCOMMUNITYCOLLEGE. If you have interacted with this email, please contact the ITS Help Desk for assistance.

 

Named Malicious Email

August 12, 2020

Named Malicious Email

HCCC emails may receive a message that appears to be from an HCCC contact "Jane Smith" with the subject of your name "John Doe." The email has an external tag, and it is not from an HCCC email address. Delete this message and ignore, as it is not valid. If you have opened an attachment from the email or responded to it, please contact the Help Desk immediately.

 

Greenlight Bookstore Fraud

March 5, 2020

​The Greenlight Bookstore was recently hacked of their main email account as of March 4th, 2020. They explain what happened and include ways on how to protect yourself. See below:

Greenlight Bookstore

Dear Friends and Fans of Greenlight,

Earlier today, Greenlight's main email account was hacked (via a phishing email from one of our vendors who had also been hacked). The hackers accessed our Constant Contact account.

At 1:42 pm, an email went out with the subject line "Order Compeleted" [typo included] and a link to "Get Attached Files" along with a password.  Clicking on the link would download malicious files onto the user's computer.

Within an hour, our friends at Constant Contact had disabled the link, so the email is no longer a threat.

We do apologize to those of you who were taken in by this scam (we were too!) -- though we also appreciate those of you who were suspicious of an email from the bookstore with a misspelling in the subject line!  Thanks to those who contacted us to alert us or inquire, and we hope we were able to answer your questions as we worked out what had happened.

We believe our experience is related to the new phishing scam described in this article from the IT news site ZDNet.  From the article: "Targets of this hacking campaign receive an email that encourages them to open a phoney password-protected document that claims to have been locked in order to secure personal information supposedly contained within. Many of the emails are themed around refunds, online transactions and other invoices." The article contains more information on how the campaign works, and suggestions for managing your system's safety whether or not you have clicked on the link.  (Thanks to Greenlight Community Lender and tech journalist David Ewalt for the tip!)

Again, we're so sorry that Greenlight became a conduit for this malicious campaign, and we appreciate your understanding.  Please feel free to reach out to us via info@greenlightbookstore.com if you have other specific questions or concerns.

Thanks for supporting your local independent bookstore!

Best,
Greenlight Bookstore

Account Owner Scam

May 21, 2019

Account Owner Scam

​If you receive an email with a subject "Incident" with an ID code, delete it without opening it for this is a phishing attempt. Do not reply to it nor open any attachments or links. If you have interacted with the email, please contact the Help Desk.

 

Lottery Donation Scam

May 16, 2019

Lottery Donation Scam

If you receive an email about a lottery donation, immediately delete it without opening it. This is a phishing attempt.​ If you clicked on this link, please change your password immediately. When ITS sees that your account has been affected by this compromise, ITS will disable your account to protect you and the community. ITS may need to add more security features to your account once it has been compromised. Contact the Help Desk with any questions.

Contact Information

Information Technology Services
Journal Square Campus
Patricia Clay

Associate Vice President for Technology and Chief Information Officer
70 Sip Avenue - 3rd Floor
Jersey City, NJ 07306
(201) 360-4310
itshelpFREEHUDSONCOUNTYCOMMUNITYCOLLEGE
computerlabsFREEHUDSONCOUNTYCOMMUNITYCOLLEGE

North Hudson Campus
4800 John F. Kennedy Blvd - 3rd Floor
Union City, NJ 07087
(201) 360-4309
itshelpFREEHUDSONCOUNTYCOMMUNITYCOLLEGE