Beware an Email Fraud Promising Free High-End Items
This week, a new fraud attempt hit the email inboxes of many in the Stanford community.
The scam: The sender pretends to offer free goods from someone posing as an insurance specialist at Stanford. The email instructs recipients to contact a phone number to have items shipped.
The catch: When the email recipient calls or texts the number provided, the person who responds attempts to extract personal information and instructs them to send money via Zelle or Cashapp for “shipping of the free item.”
What makes this scam unusual? The email does in fact come from an @stanford.edu email address. Usually, a non-Stanford email address is easier to flag when you’re watching out for phishing email scams. Once this phishing scam was reported, Stanford University’s Information Security Office (ISO) took steps to address the compromised account.
Here is what the scam looks like, so you can be sure to avoid it:
How can I detect this is a scam?
A few telltale signs are:
- Incorrect grammar and awkward wording
- An offer that seems too good to be true
- Inaccurate contact details in the signature
- Sense of urgency, or limited supply
- Attempts to gain personal information and payment
Be sure to brush up on the anatomy of a phishing email to learn other signs and stay safe from future phishing scams.
What should I do if I’ve been targeted, or have fallen victim to this scam?
- Report any suspected phishing email. The university’s ISO analyzes submitted messages and takes actions to protect Stanford and other recipients.
- Familiarize yourself with the screenshot examples of this phishing campaign and others that have jeopardized numerous Stanford accounts.
- If you’re a victim, immediately report the fraud to your financial institution and to the online payment service you used for the financial transaction.
How can I protect myself?
- Understand that every aspect of an email, including the sender and all contents, can be easily forged.
- If an offer sounds attractive, or elicits an emotional response, be very wary.
- Do not communicate with the person offering you an opportunity until you can independently verify their identity. Look up their name in StanfordWho (https://stanfordwho.stanford.edu) and then communicate via a published email or phone number.
- Stay vigilant with the resources and toolkit in the Stay Safe From Phishing Scams Guide.