Be aware of tax-related scams, phishing attacks or social engineering

Refund scams: With tax season approaching, it is now normal to expect criminal activity targeting tax refunds. Criminals can obtain personal information on you from a variety of sources, including your unwitting tax preparer. The Information Security Office encourages you to file your taxes as early as possible to reduce the chance of criminal elements filing for refunds before you do.

Phishing: It is also normal to expect an increase in phishing emails and attempts to lure you into inadvertently installing computer viruses. Use caution when clicking Web or email links or opening attachments related to tax returns. The IRS does not initiate any contact with taxpayers by email, text, or social media.

Many of the messages will have an urgent tone in the subject line and contents. Here are a few examples of subject lines based on those received in previous years:

  • Final reminder: Tax Refund Notification
  • Your 2017 – IRS Tax Refund Payment
  • Your IRS tax bank transfer is not approved.
  • Income Tax Refund REJECTED

If you receive an email that appears suspicious, send it to phish@uta.edu. Do not click on the links or open attachments.

Phone Scams: Always be cautious about providing your personal information over the phone, especially to individuals who initiate the call. In such cases, always offer to hang up, verify the nature of call, and to call them back at a number they provide. Do not rely on the caller ID information. Instead, seek out the organization’s official number and contact them directly. If you suspect attempted fraud or fall victim to a scam, contact your local law enforcement.

The IRS has recognized tax related fraud as a problem and has published several articles on their Security Awareness Tax Tips site at https://www.irs.gov/uac/IRS-Security-Awareness-Tax-Tips. Share the tips with your family, friends and even your tax preparer! If you fall victim to tax fraud, contact the IRS right away.

FBI Warns of Technical Support Scams

The FBI’s Internet Crime Complaint Center has issued an advisory on increased complaints for Technical Support Scams.  The scammer claims to be an employee of a major computer software or security company offering technical support to the victim.  Some of these scammers claim to be from cable and internet companies to assist with cable boxes, modems and routers.  The scammer claims that they are seeing viruses or security issues from the victim’s internet connection or computer.  Some scammers are even claiming to work on behalf of government agencies to resolve threats from possible foreign countries or terrorist organizations.

The initial contact by the scammer is usually by phone, but has also been seen in pop-up messages or locked screens (Blue Screen of Death) with a message to call a number or go to a URL for assistance.  After the subject makes verbal contact, they try to get the victim to provide remote access to their device.  Once they get access to your device, they will ask for a fee to remove the virus from the computer, attempt to access personal files that may have passwords, financial data, or personal data, or they may install malware on the device.

To guard against this scam:

  • Ask for a help desk ticket (or ITSM) number and a call back UTA telephone number.
  • Hang up and call the number if it is a true UTA extension (either 5 digit extension for on campus calls or 817-272-xxxx prefix).
  • Recognize the attempt and cease all communication with the subject.
  • Ignore the pressure from the scammer to act quickly.
  • Do not give an unknown/unverified person remote access to your computer or accounts.

Additionally:

  • Remember that a legitimate software company will not contact an individual unless it is initiated by the customer.
  • Be sure to install anti-virus, security and malware protection applications and make sure it is updated on a regular basis.

If you find that a scammer has gained access to your device or accounts:

  • Contact your financial intuitions to alert them and monitor your accounts for suspicious activity.
  • If the device is owned by UT Arlington, contact the Information Security Office – security@uta.edu.
  • Complaints may also be filed with the FBI’s Internet Crime Complaint Center at ic3.gov. (You may be required to be specific with details; name of company, phone numbers and email addresses used by the subject, websites used, account names and numbers, financial institutions that received any funds, and a description of the interaction with the subject).

Keep any original documentation, emails, faxes and logs of all communications with the subjects.

To view this and other FBI Public Service Announcements or Scam Alerts go to www.ic3.gov/media/default.aspx.

Advisory: Malware Delivered by Email

Please beware that several individuals at UT Arlington have reported receiving email messages containing an attached “.zip” files that contains hidden malware (malicious software).

The malware appears to be a ransomware (cryptolocker variant) – it will encrypt files on the infected computer as well as network drives. The email subject line is not consistent and may have one of the following subject lines:

  • Commission
  • Please find attached invoice no: <<random number>>

Your Actions:

  • If you receive a suspicious or unexpected email similar to the description above, do not open the attachment.  Instead, we ask you to send the email as an attachment to spam@uta.edu for analysis.
  • If you are expecting legitimate email with attached zip file, you will need to manually release it from quarantine. The email system should notify you of emails being placed in quarantine, or you can login to https://quarantine.uta.edu/ to check quarantined mail.  Please do not restore and open any suspicious or unexpected attachments you may find within the quarantine.
  • If you received the message and opened the attachment, please contact OIT help desk for assistance.

To learn about Ransomware:
http://www.uta.edu/security/ransomware/

To learn about Phishing:
http://www.uta.edu/security/phishing/

Example 1 of the message:

From: document@uta.edu [mailto:document@uta.edu]
Sent: Monday, August 29, 2016 5:58 AM
To: <<recepient>>
Subject: Please find attached invoice no: 6862055379

Attached is a Print Manager form.

Format = Portable Document Format File (PDF) ________________________________

Disclaimer

This email/fax transmission is confidential and intended solely for the person or organisation to whom it is addressed. If you are not the intended recipient, you must not copy, distribute or disseminate the information, or take any action in reliance of it. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of any organisation or employer. If you have received this message in error, do not open any attachment but please notify the sender (above) deleting this message from your system. For email transmissions please rely on your own virus check no responsibility is taken by the sender for any damage rising out of any bug or virus infection.

End of Example 1

Example 2 of the message:

From: <<random name and email address>>>
Sent: Monday, August 29, 2016 4:12 AM
To: <<recepient>>
Subject: Commission

Good morning <<name of recepient>>

Here is the excel file of the commission you earned last month. Please analyze the attachment to confirm the amount.

Regards,

<<Random Name>>

End of Example 2

 

Crypto-Malware Attacks

Beware of suspicious email attachments

Ransomware attacks have been reported from faculty and staff over the past few days.  This particular ransomware is spread through emails that have an infected attachment, but navigating to infected websites may also be a source of infection.  Once a user has clicked on an infected attachment, the ransomware will encrypt all files on your computer and rename the file extensions to “.lockey”.  The ransomware may also encrypt any network drives you may have mapped (J and K Drives, etc.).  If you notice you have been infected by the ransomware, disconnect the computer from the network, leave it turned on and contact the UTA Help Desk at 817-272-2208.

All faculty, staff, and students are urged to

  • Avoid clicking on any suspicious attachments in emails
  • Never click on links in emails that you’re not expecting. Signs that an email or website is not legitimate:
    • Sender’s address or website address does not match the organization listed in the content of the message.
    • Grammar in the message or website is poor.
    • Format of the email or website is poor or inconsistent with what you’ve seen from the organization.
    • Hovering your mouse over the links reveals web addresses inconsistent with the content of the message.
  • Ensure your computer has anti-malware software configured and set to automatically run updates
  • Keep your computer operating system and applications (Web Browsers,  MS Office applications, Adobe Acrobat, etc.) patched and up-to-date
  • Ensure you have properly backed up your files.
    • UTA Faculty and Staff can use CrashPlan to automatically backup files on their computers.  Contact your department’s desktop support associate or Help Desk at 817-272-2208 for installation assistance.
    • Other methods include copying files to Network drives, use encrypted external drives (encrypted to prevent unauthorized access), faculty and staff may use approved cloud storage like UTA box (https://uta.app.box.com). Contact the help desk for assistance in setting your box account up or go to http://www.uta.edu/oit/cs/software/box/up for more information.
  • Send suspicious emails with attachments to phish@uta.edu as an attachment.  This allows the Office of Information Technology and the Office of Information Security to evaluate the threat.

See the Information Security website for additional information and tips http://www.uta.edu/security/