BU Today

Science & Tech

Internet Scams as Plentiful as Carols

Tips for avoiding them this holiday season


’Tis the season to be—taken.

With people in a holiday spending mood, it’s a grand time for phishing (fraudulently getting a person’s financial or confidential information with a phony email masquerading as a legitimate organization).

Quinn Shamblin, the University’s executive director of information security, says he’s seen dozens of compromised accounts at BU, some of which have been used to fraudulently obtain services or purchase goods. Shamblin, who last week sent an email alert about phishers to the BU community, says phishers took a cool $687 million from victims around the world during the first eight months of this year.

“Imagine the money they are getting during this shopping season,” he says, “when everyone is buying things and receipts and special offers are flying around people’s email.” In particular, BU cyber-investigators are seeing victims of the Zues financial malware “almost every day.” Zues helps phishers plunder bank accounts by recording a victim’s computer key strokes and screenshots when logging onto their financial institution’s site and sending them to a phisher.

Here, from Shamblin’s email, are ways to make Christmas merry for yourself and loved ones rather than for a con artist:

If the email asks for your password, it is a scam. Delete it.

If the email is about a gift order you know nothing about, it is almost certainly a scam. The message may contain thanks for buying something that you didn’t buy, along with an attachment purporting to be a receipt and a “Dispute” link. Click on either and you will probably infect your computer system with a virus. If you want to see if a purchase was made without your authorization, don’t click the link. Rather, call your credit card customer questions number or go to a vendor’s actual website by typing in its web address yourself.

Shamblin offers an example. The following link purports to be from Google, but isn’t: http://www.google.com/. (Actually, it will take you to a government site warning against computer scams.) This camouflaged link is SOP among scammers trying to detour the unwary to “malicious websites,” Shamblin wrote. There’s a simple way to determine where the link will actually take you: hover your computer’s pointer over the link without clicking. A box will appear that shows the actual destination.

Forward phish emails to abuse@bu.edu and then delete them. Any questions? Call Information Technology’s help desk at 617-353-4357 for the Charles River Campus and 617-638-5914 for the Medical Campus.

+ Comments
Rich Barlow

Rich Barlow can be reached at barlowr@bu.edu.

Post Your Comment

(never shown)