Phish of the Month: May

June 7, 2024

A "free piano" scam is a pervasive phishing lure and continues to make the rounds at University of Alaska; here is a notable example from last August: 

image of an email offering a free piano

At first glance, it seems like the perfect opportunity! A benevolent gesture in honor of a beloved father, advertised by our own President Pitney, and it's free to a loving home. Unfortunately, it's a scam, and it usually sticks to the same script.

The Scam

The scammer claims to be giving away a piano (or other instrument) that belonged to their deceased father, husband, or wife. When the victim responds, the scammer directs them to a pre-selected moving company for delivery. Arrangements are made with the moving company to create a quote for the moving fee. When the victim agrees, payment is then requested via cell phone or electronic cash app for the shipping fee, which varies based on the option selected. However, the piano never arrives, and the website of the moving company is fake.

Variations on the Scam

Not everyone is musically inclined, but who couldn't use a TIG Welder? President Pitney is being leveraged here again to spread the word:

image of an email offering a free TIG welder

The names of real people and their titles and phone numbers are included to add a layer of believability to the scam, but that's exactly what this is. This email even asks you to respond with your personal email in order to avoid being tracked and stopped by OIT.

How can you tell?

This particular phish uses the following tactics to lure you in:

  • an offer that is too good to be true
  • fear of missing out
  • attempts to impersonate people who are known to you

Don't take the bait! Take a few seconds to scrutinize these emails and look for these tactics before acting.

What should you do?

If you use Google Mail in the web client, please report these emails as phishing (instructions here: https://support.google.com/mail/answer/8253?hl=en). Alerting Google in this manner helps keep emails like these out of inboxes, as well as sending a notice to the OIT Security Operations team for further investigation.

Outlook user? Submit a Junk > Phishing report to mark these emails as dangerous.

 

As always, contact your local Service Desk if you need assistance!

UAA 

Report Security Issue
or call 907-786-4646

 


 

UAF & SW (OIT) 

Report Security Issue
or call 907-450-8300

 


 

UAS 

Report Security Issue
or call 907-796-6400