Scam and Hoaxes

Some fraudulent attempts to get money from people have been operating for years using standard postal services. They have now become even more commonly sent as emails. Most frequently seen is the Nigerian Scam and its offshoots, a growing problem is the "Bank detail confirmation" scam. These are well known to the authorities who are not interested in every individual mail message received so please don't report these. But do be careful!

Hoaxes are warnings of non-existent viruses, but they can still be disruptive as they persuade people to forward the messages to many others, or sometimes to delete files from their computers. They may also increase the distress and distrust in users.

There is a useful list of real and hoax viruses on the Snopes website. Alternatively, try one of the sites of those who provide antiviral software, and full databases of known viruses and hoaxes. USP uses McAfee. But users should be aware that there is always a delay between new viruses appearing and information appearing on these pages, so any unusual email should be treated with suspicion.

USP Phishing Scams

USP has been receiving a large number of scam emails, claiming to come from USP IT departments, requesting that users confirm their email addresses by replying to the emails with their email usernames and passwords. These emails are known as 'phishing' scams, and originate from spammers outside of the University. These emails are fake, and should be ignored. Replying to any of these emails may result in your account being hijacked by spammers, to send more spam emails out. USP will never ask you to send your password in an unsolicited email.

An example of one of the phishing scams is:

Subject: UPGRADE YOUR usp.ac.fj EMAIL ACCONT NOW!

From: University of the South Pacific Email Service <helpdesk@usp.edu.au>

Reply-To: Email.Upgrade@Grad.com

Text of message:

    Dear Valued Customer,

This message is from usp.ac.fj messaging center to all usp.ac.fj email 
account owners. We are currently upgrading our data base and e-mail account 
center. We are deleting all usp.ac.fj email account to create more space 
for new accounts. 

    To prevent your account from closing you will have to update it below 
so that we will know that it's an existing and presently used account.     

    CONFIRM YOUR EMAIL IDENTITY BELOW:

    Your Name : 

    Contact Address:

    Email Username : 

    Email Password : 

    Phone Number:

    Warning!!! Any Account owner that refuses to update his/her email 
account within Seven days of receiving this warning will lose his/her 
account permanently.

    Once again sorry for the inconveniencies but is for your own protection.

    Thank you for using usp.ac.fj!

    Warning Code:VX2G99AAJ

    Thanks,

    WEB TEAM LEADER

Note the faked 'From' address to make it look legitimate, and the non-USP 'reply-to' address to which any replies are actually sent. This is a common theme across all the phishing scams, although the actual addresses and message body are different across the different phishing scams.

If you do receive one of these scam emails and are unsure of its authenticity, please contact the IT Helpdesk. Please do not reply to the phishing emails, even to ask if they are authentic, as this confirms your email address to the spammers as being an active address, possibly resulting in an increase in spam sent to your account. If you have replied to one of these messages, please change your account password as soon as possible, to prevent your account becoming compromised.

Nigerian Scams

There has been a rapid growth in "people asking you to send them money, in order that they can get more money out of their country" emails (originally the country involved was Nigeria). This is basically a scam to get you to send them money, you won't receive anything back. These messages are so common that it is best to just delete and ignore. 

Bank Account Scams

Recently there have been a wave of "bank account" details scams. An official looking email arrives telling you to click on a link to update or confirm your bank account details (often the given reason is for security reasons). Never trust an email that comes to you unannounced from your bank requesting you to log onto a website. It is very easy to disguise where a link in an email takes you.

www.westpac.com.fj  looks like it should take you to the Westpac Bank Fiji site, but may actually take you to badguys.steal.money.somewhere

If you think a message may be legitimate, always type the address of the company in manually yourself. Don't rely on copying and pasting the link from the email, as this may retain the underlying link.

Sending Spam

Messages warning you that you are sending out spam should be treated with caution, as there are a number of fake emails in circulation. Signs that the email is not legitimate are:

• Poor grammar or spelling (not a definitive sign as Support staff are fallible).
• If it asks you to follow instruction contained in an attachment. ITS support will never send instructions attached to an email unless explicitly requested by a user. Where ever possible we will include instructions in the plain text of the message, or point you to a web page or downloadable file online.

If you are unsure of the legitimacy of an email, forward the email and your question to the ITS Help Desk.

Fake Virus Emails

The panic caused by computer viruses has also led to "hoax" virus messages. These typically claim that a file on your computer has a virus, and you should search for this file and delete it. These can be important system files and deleting can result in anything from no noticeable change, to completely breaking your computer. Always check with your section's IT staff if you think you may have a virus.