TO: Campus Community
FR: Nader Oweis, Chief of Police, and Jestina Casas, IT Services Manager
The Sonoma State University Police Department and Information Technology Department would like to inform the campus community about recent reports of scams targeting our students, faculty, and staff. Most recently, there are several reports of an employment scam that originated from a compromised email account belonging to an emeritus faculty member, where the scammer attempted to steal money.
Scammers are constantly coming up with new schemes designed to compromise computers, steal passwords, trick you into revealing valuable information (personal, financial, etc.), or trick you out of money.
There are many examples of “Social Engineering” or “phishing” scams, so please be diligent and consider the following tips, especially to avoid an employment scam:
- Check the email address that the message came from. Often the signature will match the display name, but the email address will not match that of the supposed senders. Don't open files, click links, or call numbers in unsolicited emails.
- Do your research. Before you say yes to any job, research the company that wants to hire you. Does the company have a professional website and legitimate contact information? Search for what others are saying about their experience with this company.
- Confirm your employment. Call the company back using a phone number listed online and verify you are speaking to the actual employee responsible for hiring.
- Beware of red flags. Scammers often send emails with many typos and grammatical errors. They offer to hire you without an interview and even pay you before you’ve done any work. None of these are behaviors of a reputable business.
- Never send money to strangers. Never send funds in the form of cash, checks, gift cards, or wire transfers to someone you don’t know or haven’t met. No legitimate company will ask you to pay them to get a job.
- Do not provide your banking information. Until you confirm you are working with an actual business that is actually hiring you, and not someone malicious.
In addition, you should consider doing the following:
- If the scam was directed to your Sonoma State email account, report the incident to ITS Information Security through the ITS Support Center at extension 4-4357 or email@example.com.
- Delete spam and suspicious emails; don't open, forward, or reply to them. They are in your spam folder for a reason.
- If you believe you have been a victim of fraud or identity theft or if you receive any threats, report it immediately to the Sonoma State University Police Department at 707-664-4444.
- Report suspected scams to Google. Train your spam filter:
- Open the message in Gmail (in your web browser)
- Click the three vertical dots ' ⋮ ' next to reply
- Choose 'Report phishing'
- Reset any passwords that you may have exposed. If you use the same password across multiple sites, you need to reset them all. Remember to use a different password for each site into which you enter private, sensitive data, so a compromise of one system does not turn into a compromise of many.
- If the information you provided can be used to access any other institution, contact the customer service center of each affected institution.
- If you have exposed any financial account information, such as your credit card or bank account number, report the incident to the financial institutions involved.
- If any piece of information was exposed that could be used to open financial accounts (e.g., your Social Security Number, date of birth, place of birth, mother's maiden name, bank account numbers, credit card numbers), contact any of the three major credit bureaus and ask them to lock your credit record and sign up for their credit monitoring service, a fee-based service that will automatically notify you whenever your credit record is accessed. When you lock your credit record, no other organization can check your credit without your permission. Here are the websites for the three major credit bureaus: