Academics Future Students Current Students Faculty/Staff Alumni/Friends Parents

  Home > Offices > University Information Services
     Current Known Threats

Below are examples of Phishing attempts directed at SSU users

From: Internal Revenue Service [mailto:refund@irs.biz]
Sent: Fri 10/23/2009 9:22 AM
To: undisclosed-recipients
Subject: United States Department of the Treasury

Internal Revenue Service (IRS)
United States Department of the Treasury

Dear Taxpayer,

After the last annual calculations of your fiscal activity we have
determined that you are eligible to receive a tax refund of $2403.80.

Please submit the tax refund request and allow us 6-9 days in order
to process it.

A refund can be delayed for a variety of reasons.
For example submitting invalid records or applying after the deadline.

To access your tax refund, use the form attached to this email.


Regards,
Internal Revenue Service

 

IRS Email Scams – Beware! It is not just tax season
 

As tax season approaches, we take this time to inform you about various IRS email scams and hoaxes that pop up during this time of year. IRS email scams can be found at all times of the year, they just seem to be more frequent during tax season.
 

The first thing to keep in mind is that the IRS will never initiate contact with an email. If you come across any of these IRS email scams forward the email to phishing@irs.gov.
 

Often the emails play on consumers’ emotions, typically fear. One form of the email scams uses the IRS logo and threatens to “e-audit” you. The email scams state to send them personal information (social security number, birth date, etc) or otherwise an “IRS” e-audit will need to be performed.
 

Another type of IRS email scam uses the promise of an unclaimed refund as the bait. The email states that after reviewing IRS records, that you are eligible for an $X amount of money. In order to claim the money you will need to fill out a tax refund request. The scam email includes a link to a fake tax refund request that collects your personal information. You can see a sample here.
 

Another fake IRS email states that your account has been blocked because of multiple fraudulent attempts to access your account. To ensure security of your IRS account, they have shut it down and in order to reopen your account you will need to fill out a form. The form is of course fake and is on an email scammers own Web site. The form asks for personal information, which the con artist then uses to steal your identity.
 

These are just examples of email scams that use the IRS name to trick you. There are multiple versions of these scams. Remember the IRS will NEVER initiate contact with you via email. If you come across any of these IRS email scams forward the email to phishing@irs.gov. For more information on IRS email scams see: http://www.irs.gov/individuals/article/0,,id=155344,00.html

 

General Security Information
 

Shawnee State University will NEVER ask you for your password, Social Security Number, or other Personal Information by email.  
 

If you received any of the  e-mails below or other similar e-mails and supplied your password, please take the following measures immediately:

 Reset your SSU account password IMMEDIATELY with a strong password.

To reset your password visit this page and in the center of the page, under the heading "Changing your password" , select the link https://user-help.shawnee.edu/accmgr/change.htr and then follow the instructions to change your password.
 

Recommendation for a Strong Password

a.  

Set your passwords with at least eight characters composed of random letters, digits and symbols

 

 

b.  

Never use dictionary words and personal related information such as name, date, telephone number, CARS ID, etc.

 
2. Preventive Measures

These phishing e-mails and websites are designed to look like the real ones. Fraudulent bank websites for example, are hosted to lure you to give your account information. The most common way is through e-mail and pop up instant messages, where "banks" or "distant relatives" ask for the user's personal information and password.

 

Here are some guidelines to avoid falling victim to phishing scams:
 

Always
 

Remember that legitimate companies will never ask their clients to send over sensitive information online. If you are unsure, you can phone the company to verify if they have sent such an e-mail.
 

  • Type the actual URL address (if they are safe to visit) yourself instead of clicking onto the link inside the e-mail. Sometimes, the scammers may send you a URL that looks proper but secretly links you to a fake website.
  • Lock your computers and mobile phones in case they fall into bad hands
  • Change your passwords regularly
     

Never
 

  • Open any e-mails or follow any URL links from non-verified sources or e-mails.
  • Open attachments from unknown e-mails, as they may contain computer Trojans (a type of malware) that records your keystrokes when you enter your passwords and spies on your computer data without your knowing.
  • Have sensitive information such as ID-card number, credit card details, drivers licenses, or passwords saved in your computer. This makes you particularly vulnerable to Phishing