Monday, January 6, 2014

Spam email report 1/6/2014

A new year and new spam emails! Today's write up comes courtesy of our technician, Carolyn.

Recently, the Help Desk received a report of a new spam email circulating via campus Gmail accounts. These appear to be coming directly from compromised PLU epass accounts, so it is important to be able to identify which of your contacts’ emails are legitimate and which are not. At the bottom of this post is a copy of the email, as well as a summary of the red flags that helped us to determine that this email was fraudulent.

If you have already responded to the email, please discontinue all communication immediately. If you have provided personal information, such as your bank account information, please contact your Bank immediately and discuss the issue, they will advise you on the proper procedure for protecting your accounts.

If you have given out any password or log in information, or if your account has been sending similar emails without your knowledge, please follow our standard procedures for possibly compromised accounts:
  • Update your epass password at
  • Update your password on any sites where you used that password (i.e., if your epass was the same as your bank password, update your bank password as well)
  • Log into your Gmail and sign out of all other sessions; to do this, scroll down to the bottom of the page and look for the section which says "Last Account Activity"; click on the "Details" link; a window will appear which will let you force sign out all other sessions.
Any questions, please contact the Help Desk at 253-535-7525 or You can also stop in at the Help Desk located on the first floor of the Library.

Original email; click to enlarge
In light blue, we have highlighted the fact that these emails are coming directly from PLU accounts instead of an outside source address. This may be the most confusing factor when determining if an email is fraudulent, so it is important to use your own personal judgment to determine a message’s legitimacy when it is coming from a person you know. If you are receiving emails from colleagues, students, or staff that don’t match previous interactions that are typical of their email communication (misspelled words, grammar errors, change in professional tone/language, etc.), then you should regard it as suspicious.

Highlighted in red are a few logical tipoffs: First and foremost, whoever is emailing you did not inform you of their “urgent trip to Iuganisk (Ukraine)”, yet they claim to know you well enough to ask for a money loan. This is a classic tactic of many varieties of spam emails; again, please err on the side of caution and utilize your own personal judgment when receiving emails from someone you know. Also highlighted in this email are the more subtle hints that helped us to identify this email as spam: the user states that they contacted their bank and cancelled their cards, which demonstrates that they are reasonably capable of communicating with their source of finances. This logically conflicts with their claim that they need a money loan from you in order to pay for their hotel and flight fees. If an email raises any sort of suspicion about its logic or legitimacy, do NOT respond to it or give out any personal or financial information.