Recently, students of Moorpark, Oxnard, and Ventura Colleges have been targeted at their my.vcccd.edu email addresses from malicious actors attempting to steal their identities and money. The VCCCD security team is working to stop these cyber-attacks however some are getting through, leading to employees and students falling for these scams.
Tips to avoid becoming a victim of online attacks while at VCCCD:
- Pay attention to the sender’s e-mail address. A VCCCD employee should never send an email from a seemingly unrelated or personal Gmail/Yahoo etc. account. Remember when conducting any VCCCD related business only use your @vcccd.edu e-mail account.
- Avoid providing your alternate e-mail address. Malicious actors will request your personal e-mail address so that they can continue communicating with you after their e-mail address has been blocked by our information security team.
- Never provide your bank account and routing number by email. Legitimate institutions will never ask you to do this.
- Watch for unrealistic offers, urgent requests, or scary language. Phishing emails leverage human psychology to get you to act. These are tell-tale signs of phishing attacks and scams.
Common phishing attacks and scams to watch for:
Paid Internship/Research Assistant
This scam is currently ongoing and very frequently targeting VCCCD students. The intent is to get students to provide your bank account and routing information, as well as cash a fake check and get you to send a portion of these nonexistent funds back to the attacker.
Unrecognized Invoice
You’ll receive an invoice for a familiar service, but you won’t recognize it. The attackers will hope you call the number provided in the email and suggest that your computer has been hacked. They’ll then leverage remote assistance software to drain your bank account.
Advance Fee
Scammers may promise you some kind of benefit: a loan, a prize like a foreign lottery, a government grant, an inheritance, an opportunity to work from home, or more. The catch is, they want payment up front before you can receive your benefit. Sometimes they will ask for payment by wire transfer, online payment, or even gift cards. Stop and think – why are you having to pay to receive this benefit? Are you being asked by a source you know and trust? Do your research to avoid these scam artists!
Credential Theft
Various expired passwords or IT support scams will direct you to fake login portals. Pay attention to the URL, hover links, and think about where that link is taking you. VCCCD will never ask you for your password. If your password expires, you’ll be notified during the login process – not by email.
Gift Card
Your professor, boss, or dean is never going to email or text you and ask you to provide them with gift cards.
Embarrassment threats/Exploitation
Attackers might claim to have malware on your computer and may suggest they’ve been watching you. They might even spoof your e-mail to make it look like they’re e-mailing you from your own account. Rest assured that none of this is true, and you can safely report these e-mails for what they are – baseless scams.
Emergency Scams
Calls from someone claiming to be in dire need, a sick or imprisoned relative. They’ll beg you not to tell anyone due to embarrassment, that way you can’t confirm the validity of the story. Always spend a few minutes to figure out what’s really going on.
“Pig Butchering”
This is a long-term scam in which an attacker will usually initiate contact with a wrong number, text, or e-mail. This will often initiate daily contact, ultimately leading to some type of investment advice or request for assistance. They may even leverage a legitimate looking investment application in the Apple or Google Play store to convince you that you’re making money – but it’s gone the moment you deposit money into these applications.
When in doubt report it at emailabuse@vcccd.edu