The latest spam scam to hit campus arrived in a slightly more polished package than the usual "you've won the lottery" email.
This one, titled "IMPORTANT NOTICE," had an Iowa State nameplate and appeared to be from Jim Davis, vice provost for information technology and chief information officer (CIO).
There were clues it was bogus -- misspellings, a stilted phrase or two and, most importantly, the call to "click here."
"But this one felt different," said the real Jim Davis. "It looked somewhat legitimate and, for many who called our office, appeared to be coming from someone they know."
Additionally, Davis said, the Sept. 20 email started arriving in Iowa State mailboxes at 5:15 p.m., a good ploy for spammers who might want recipients to open it on home networks that are generally less well-protected than the university's. Indeed, shortly after the email made its entry on the ISU network, ITS security specialists found a way to deactivate the link.
The scam, while slightly more sophisticated, had the usual end game: Get you to click and capture your personal info, including logins and passwords.
"The scams will keep coming," Davis said. "It's quite likely that the current scam will be repeated and this time, it will appear to come from someone you know."
Here's how to protect your information:
- Remember that ITS will never ask you to click a link or provide your user name, password or other personal information in an email.
- Don't be taken in by a legitimate name or email address appearing in the return address.
- If it looks fishy, it probably is. Don't click. Just delete.
- If you have questions or concerns, contact the ITS Security team at firstname.lastname@example.org.