ITS Fraud Notice
ITS Fraud Notification and e-mail messages
This ITS Fraud Notice web page and the associated ITS Fraud Notice e-mail messages have been established as a means for BGSU account holders to receive information regarding items they may have seen that has been determined to be fraudulent in nature.
As suspected information is reported, reviewed, and determined to be fraudulent, messages will be sent from the ITS Fraud Notice e-mail address to BGSU account holders and listed on the
All BGSU account holders are asked to keep in mind that at no time will the Office of the CIO, Information Technology Services (ITS) or the Technology Support Center (TSC) ask for your username/password with an email message. The CIO Alert dated January 31, 2013 provides important details regarding this type of phishing request.
In addition to the specific information outlined in the links above and below, BGSU email account holders are asked to please be aware of the fraud methods outlined on the ITS Security web pages at www.bgsu.edu/infosec.
A Sampling of Fraud Types
"Phishing" (pronounced fishing) is a technique using e-mail or similar means to deceive you into providing account numbers, passwords, credit card numbers, or similar information that could be used to perpetrate fraud.
Often the e-mail will use actual logos, privacy statements, contact information, or other visual cues from a trusted company such as a bank to make it look authentic. The goal is to entice you to click on a link in the e-mail without thinking, which will take you to an authentic-looking but hostile web site to harvest your personal information.
Advance Fee Fraud
Advance fee fraud is a trick in which the victim is persuaded to advance sums of money in the hope of realizing a larger gain. The most visible and common is the Nigerian Scam or 4-1-9 fraud named after the section of the Nigerian criminal code that it violates. This scam has been around for years and it continues to draw in victims.
An advance fee fraud will appear as an e-mail letter claiming to come from a person needing to transfer large sums of money out of the country. Variations of the letter have been known to allege unclaimed winnings in foreign lotteries or an inheritance. In a more recent variation of the scheme, victims receive a counterfeit cashier's check to purchase an expensive item such as a car or boat from an online classified ad. The counterfeit cashier's check is for an amount greater than the value of the item and the victim is asked to return the difference.
A web site displaying variations of this type of message is available for your reference.
Vishing (voice phishing) uses Voice over Internet Protocol (VoIP) phones instead of a misdirected Web link to steal user information. VoIP technology enables inexpensive and anonymous Internet calling and also provides the ability to easily trick the ID display into showing inaccurate information. Phishing works by sending an e-mail to people pretending to be a legitimate business and asking the recipient to click on a link to verify their account information. In a vishing message, the recipient is directed to place a phone call to verify account information. When the victim places the phone call, they are connected to a VoIP phone with a message directing the victim to enter their account number and other relevant information.
Not all vishing attacks begin with an e-mail however. In some cases, the victim receives a call in which the caller already knows the recipient's credit card number and asks for the valuable three-digit security code on the back of the card. Vishing is particularly deceiving because it employs methods legitimately used when interacting with financial institutions. Any suspicious calls or e-mail messages received may be handled by the account holder initiating contact with the company using the information available on a bank statement or on the back of a credit card.