Please be aware of recent scams that have targeted numerous York community members. The Information Security office is alerting the community while actively working to flag such messages as suspicious.
Gift Card Scam
The Gift Card Scam lures employees into buying gift cards through spoofed emails and text messages. It normally begins with a short message such as "Are you there?" that appears to come from a York colleague, but is actually sent from a scammer's email account – often this is a gmail account created with an address that contains the name of the colleague being impersonated. If the recipient responds, the scammer will reply, and the conversation quickly turns into an urgent request to purchase gift cards.
Any time an unsolicited email conversation turns into a request to purchase gift cards, it is very likely to be this scam. If this happens, discontinue the conversation and report the message to Information Security using the "Report Phishing" button, or by forwarding it to firstname.lastname@example.org.
The sextortion scam begins with an email sent to the victim with threats of revealing evidence of embarrassing online activity such as visiting pornographic websites. The sender may claim to have hacked the victim's devices and have screenshots or webcam video plus contact information of colleagues, friends, and family. This is often accompanied by a password used by the victim that has been obtained through external data breaches, leading the victim to believe that their York account has been compromised. The scammer will then demand payment, usually by bitcoin, in exchange for not revealing the embarrassing activity.
Despite the scammers claims, instances of this scam have proven to be empty threats, and the sender has not breached a York account or the victim's devices.
If you receive such a message, do not respond or click on any links in the message. Instead, report it to Information Security using the "report phishing" button or by forwarding to email@example.com.
Be Cyber Security Alert! For up-to-date alerts on all security news and threats, follow us on our social media profiles.