Internet Scams and Hoaxes

If you read email, then you may have been the target of an Internet scam or hoax. Hopefully, you recognized it and avoided being victimized. But Internet scammers are getting much better at enticing readers by disguising their schemes as coming from legitimate sources.

Below are some of the more common email scams as reported to abuse@calpoly.edu by Cal Poly users. Visit our What is Phishing? page for more information on how to identify, avoid, and report scams, especially phishing emails. View sample phishing messages received by Cal Poly users

Common Internet Scams as reported to abuse@calpoly.edu

DHS Ransomware Emails (3/22/13)

The U.S. Department of Homeland Security (DHS) has issued a warning about ransomware emails that falsely claim to be from DHS and the National Cyber Security Division. The emails claim that use of the recipient's computer has been suspended and that the user must pay a fine to unblock it.  If you receive such an email, please notify abuse@calpoly.edu.

Tax Related Emails

It's tax season and Cal Poly users can expect to receive Internal Revenue Service (IRS) or other tax-related scam emails. The IRS does not initiate contact with taxpayers by email to request personal or financial information. Visit the IRS report phishing website for more information.

Bogus Cal Poly Password or Account Notices

These messages purport to come from Cal Poly Security, Email, Technical or Web Support, System Administrator, or an actual calpoly.edu address. They typically claim that there is a problem with your account, such as exceeding storage limits, and threaten the loss of email or other access unless you reply immediately. Most include a link to a non-calpoly.edu Web form asking you to enter your username, password and/or other information. DO NOT CLICK ON THE LINK!  Always check with the ITS Service Desk (805.756.7000) or abuse@calpoly.edu to confirm if the message is valid before responding,

Financial Account Phishing Scams

These emails appear to come from a legitimate financial institution, such as a bank, MasterCard, Visa, eBay and PayPal. They claim to have found an error with your account in order to entice you to update and verify your account information via a link included in the message. Doing so can reveal credit card, account and other personal information to identity thieves. Contact the financial institution directly (by phone or their actual website) to verify and/or report the phishing scam.

Disaster Related Email Scams

Following a major disaster, it is common for scammers to set up fake charity websites and steal money donated to the victims of disasters by well intentioned users. Always be suspicious of email solicitations and never click on a link or volunteer your bank account or credit card information. If you wish to donate, only contact recognized charities directly by phone or via their websites. For more tips, visit the U.S. Department of Justice website on disaster relief scams.

FBI Related Email Scams

These emails usually purport to come from Robert S. Mueller, director of the Federal Bureau of Investigation (FBI) and claim the recipient is entitled to collect funds and asks them to provide personal information in order to receive it. The recipients may also receive a follow up email threatening them if they don't respond. These appear to be typical Nigerian Scam/Advance Fee Fraud emails but they may use FBI logos and letterhead to appear legitimate. The FBI maintains a website of common Internet scams, including information on how to report them.

Nigerian Scam/Advance Fee Fraud (419)

These notices come in many forms, but typically appear to be from an alleged “official” representing a foreign agency or government (not necessarily Nigeria) with an offer to transfer a commission into your bank account in exchange for assisting them with transferring a large sum of money. Other variations include letters from lawyers or relative acting on behalf of a deceased individual; notification of lottery winnings; fraud recovery notices; etc. If it seems too good to be true, it is! For a detailed explanation, including common variants, please read the Wikipedia entry on advance fee fraud. See also: Federal Bureau of Investigation (FBI) notice for more information.

Online Extortion - E-Mail Scam Includes Hit-Man Threat

A variation of the Advance Fee Fraud, but instead of preying on the recipient's greed or good intentions, it preys on their fears. The scam e-mail, which first appeared in December 2006, threatens to kill the recipient if they do not pay thousands of dollars to the sender who purports to be a hired assassin. The FBI advises against replying and recommends just deleting the email.

"Scam Victims/Compensation" Message

A recent variation of the Advance Fee Fraud that purports to come from a valid government entity (e.g., United Nations, United States Congress, etc.) and claims the recipient is a victim of a scam and is due compensation.