November 20, 2019
Purdue police remind all to be vigilant against sophisticated scams
WEST LAFAYETTE, Ind. – Purdue University police and Information Technology at Purdue officials are reminding people to be extremely cautious of email and text messages that seem too good to be true. Phishing and vishing scams continue to grow and are becoming more sophisticated.
A recent scam involves the victim receiving notification of a job opening on campus. The victim is asked to do a Google Hangout interview and after the interview is offered a position. A text message follows confirming the job opportunity and requesting personal information.
“The names are legitimate in order to fool people into taking the next requested steps,” said Purdue police Chief John Cox. “It all looks real.”
Cox said the scammer appears to be trying to get as much personal information as possible from the victim.
Anyone who believes they have been targeted for a scam or find they have been victimized should contact their local police department. If you are targeted or become a victim while on Purdue’s campus, call the Purdue University police at 765-494-8221 to report the incident.
Greg Hedrick, Purdue’s chief information security officer, offers the following email tips:
* Don't get personal. Purdue will not seek personal data via email, and any message requesting information such as passwords or Social Security numbers should be considered suspicious.
* Don’t be fooled, assess. Don't open attachments or click on any links until you assess if the message is legitimate — even if it appears to come from a friend, colleague or real name of someone on campus. If you have doubts, ask your area IT representative or contact ITaP at 765-494-4000.
* Don't rush. Hackers want you to respond without thinking. Watch out for language that indicates a quick deadline or directs you to download and open an attachment, update an account, visit a website or provide personal information.
* Is the email making promises that seem too good to be true? Then they probably are. Any message offering to put money in your bank account with a single click is a scam.
* Are there misspellings or typos? An email from a legitimate organization should be well-written. Grammar and spelling mistakes are red flags.
* Report phishing attempts. Any suspicious emails should be reported by forwarding the message to firstname.lastname@example.org.
* Change your password. If you ever are concerned that you might have shared your password, change it as soon as possible. ITaP also will send an email alert automatically to faculty and staff whenever there is a change to their career account or direct deposit banking information.
Purdue also uses BoilerKey, a two-factor login system, to help protect employee personal information and university data and also has a scanning system in place to capture many emails with malicious intent.
Information Technology at Purdue (ITaP) provides a security checklist to help protect computers, data and personal information. ITaP also provides information on phishing and vishing (phone call) scams.
Media Contact: Jim Bush, 765-494-2077, email@example.com