Scams and Viruses

February 2017

UITS would like to inform you about a phone scam/phishing attempt recently targeting IU South Bend claiming to be from the U.S Treasury Department. These calls have been coming in from various phone numbers. Below is a transcribed copy of the voice mail.

Number is IRM 9165.

The nature in the purpose of this call is regarding in enforcement action which has been executed by the U.S. treasury department regarding tact fraud against your name ignoring this would be an intentional attempt avoid initial appearance before the magistrate she had your exams jury for a Federal criminal offense so before this matter goes to Federal claim courthouse or before you get arrested — kindly call us back on our number as soon as possible the number to reach its is (415) 493-0733 -- hope to hear from you soon before the charges are pressed against you.

DO NOT CALL THEM BACK. This is an attempt to illegally gain information or to deceive those receiving the call.

University Information Technology Services
IU South Bend

By: kweidner on 08 Feb 2017 17:20

December 2016

Many of you receive emails that appear to come from a legitimate Indiana University email address or other businesses such as FedEx, Chase, or Nyhart. These emails may contain attachments or may try to lure you into providing passphrases, personal, and/or financial information. These are phishing scams. [1]

The latest phishing attack attempt happened here yesterday. An email that stated it was a PO/Invoice with an attached Excel spreadsheet was sent out. The attachment was opened and infected the PC with ransomware.[2] Files on the desktop PC were then infected. The infected computers had to be rebuilt immediately and any data that was not stored in the cloud or on Box was lost.

Things to remember about phishing scam attempts:

· Be cautious about opening any attachment or downloading any files from emails you receive. If you recognize a phishing message, delete the email message from your Inbox, and empty it from the deleted items folder.

· Never email passphrases, personal, or financial information. If you ever mistakenly share your passphrase, click on a link inside of a phishing email, or feel that your account has been compromised change your passphrase immediately: [3]

· No one at IU (including UITS) will ever ask for your passphrase or confidential information for any reason via phone, chat, or email. If you get an email or pop-up message that asks for personal or financial information, don’t reply, don’t click on the link, or call the number provided.

· If you doubt the authenticity of an email or web site, or worry about your IT accounts, contact the Support Center at x5555 (574-520-5555) or as soon as possible.

Learn how not to get hooked by phishing scams and what to do if you accidentally provide info to scammers at Protect IU.

For more information, visit: .. index.html .. shing.html .. cams.shtml


University Information Technology Services
IU South Bend

By: kweidner on 07 Dec 2016 17:00

August 2016

Earlier this afternoon, many IU employees received an email that appeared to come from Indiana University.  The email suggested employees should change their Nyhart account password because it would be expiring soon.  The email also provided a link to change the password.  If clicked, the link directed users to a 1:1 mock-up of the IU Nyhart portal.

If you received this message, it is indeed a phishing email and not legitimate.  Please do not click it on the link, and do not enter any of your credentials.  Nyhart, IU’s TSB and HSA vendor, will never reach out to employees to reset expired passwords. 

If you clicked on this link, please go directly to the Nyhart website and reset your credentials immediately.  In the meantime, UITS has blocked the link on the IU network.  We are also working directly with Nyhart to monitor the situation, as well as communicate to employees who have questions about how to reset their account credentials.

Always be sure to hover over links to make sure they lead to a reputable site. Also, please remember to report all phishing messages to phishing {at} iu {dot} edu with full header information.  For instructions on obtaining full headers in email please visit the IU Knowledge Base and search on the term ‘full headers display.’  To help further protect our community, if you received this Nyhart message (or another variant), please hover over the “click here” link and look at the URL.  If it is NOT “”, please be sure to report it as a new phishing message.


March 2015

Department of Justice Scam Alert

January 21, 2015
TIGTA - 2015-01
Contact: Office of Investigations
Call toll free: 1-800-366-4484

J. Russell George Urges Taxpayers to Be on "High Alert" to Phone Fraud Scam

TIGTA Reminds Taxpayers to Beware of Calls from IRS Impersonators this Filing Season

WASHINGTON — As the 2015 tax filing season begins, the Treasury Inspector General for Taxpayer Administration (TIGTA) is reminding taxpayers to beware of phone calls from individuals claiming to represent the Internal Revenue Service (IRS) in an effort to defraud them.

“It is critical that all taxpayers continue to be wary of unsolicited telephone calls from individuals claiming to be IRS employees,” said J. Russell George, Treasury Inspector General for Tax Administration. “This scam, which is international in nature, has proven to be the largest scam of its kind that we have ever seen. The callers are aggressive, they are relentless and they are ruthless,” he said. “Once they have your attention, they will say anything to con you out of your hard-earned cash,” George added.

TIGTA has received reports of roughly 290,000 contacts since October 2013 and has become aware of nearly 3,000 victims who have collectively paid over $14 million as a result of the scam, in which individuals make unsolicited calls to taxpayers fraudulently claiming to be IRS officials and demanding that they send them cash via prepaid debit cards.

“The increasing number of people not only receiving but accepting these unsolicited calls from individuals who fraudulently claim to represent the IRS is alarming,” George said. “At all times, and particularly during the tax filing season, we want to make sure that innocent taxpayers are alert to this scam so they are not harmed by these criminals,” he said, adding, “Do not become a victim.”

“This is a crime of opportunity, so the best thing you can do to protect yourself is to take away the opportunity,” the Inspector General added. “Do not engage with these callers. If they call you, hang up the telephone.”

Inspector General George noted that the scam has hit taxpayers in every State in the country. Callers claiming to be from the IRS tell intended victims they owe taxes and must pay using a pre-paid debit card or wire transfer. The scammers threaten those who refuse to pay with immediate arrest, deportation or loss of a business or driver’s license.

The IRS usually first contacts people by mail – not by phone – about unpaid taxes. And the IRS won’t ask for payment using a pre-paid debit card or wire transfer. The IRS also won’t ask for a credit card number over the phone.

“If someone unexpectedly calls claiming to be from the IRS and uses threatening language if you don’t pay immediately, that is a sign that it really isn’t the IRS calling,” George said.

The callers who commit this fraud often:

  • Utilize an automated robocall machine.
  • Use common names and fake IRS badge numbers.
  • May know the last four digits of the victim’s Social Security Number.
  • Make caller ID information appear as if the IRS is calling.
  • Send bogus IRS e-mails to support their scam.
  • Call a second or third time claiming to be the police or department of motor vehicles, and the caller ID again supports their claim.

If you get a call from someone claiming to be with the IRS asking for a payment, here’s what to do:

  • If you owe Federal taxes, or think you might owe taxes, hang up and call the IRS at 800-829-1040. IRS workers can help you with your payment questions.
  • If you don’t owe taxes, fill out the “IRS Impersonation scam” form on TIGTA’s website, or call TIGTA at 800-366-4484.
  • You can also file a complaint with the Federal Trade Commission at Add “IRS Telephone Scam" to the comments in your complaint.

TIGTA and the IRS encourage taxpayers to be alert for phone and e-mail scams that use the IRS name. The IRS will never request personal or financial information by e-mail, texting or any social media. You should forward scam e-mails to Don’t open any attachments or click on any links in those e-mails.

Taxpayers should be aware that there are other unrelated scams (such as a lottery sweepstakes winner) and solicitations (such as debt relief) that fraudulently claim to be from the IRS.

Read more about tax scams on the genuine IRS website at


Scams Targeting University Students

University Employee Payroll Scam


Cracking Cards - Debit Card Scam

04-2014 -

Green Dot MoneyPak card scam

The newest money scam is one that involves the use of the Green Dot MoneyPak card. The Green Dot card is a legitimate reloadable debit card that is being used by scammers. This is an advance payment scam in which scammers use a variety of methods to get victims to transfer money using the card. One of the latest methods is to offer grant money in return for advance payment. Do not be fooled by these scams.  For more information about these scams check out the following websites.


9-2013 - Emails similar to the one listed below have been received by many people at IU South Bend. Please beware of such emails and remember that IT will never ask users to respond to e-mail with their username and password.

The email is a phishing scheme which attempts to lure the email recipient in to visiting a web site which will attempt to compromise their computer.

As always, when receiving phishing emails it is best not to click on the link contained in the email. Instead, simply delete the email.

University Information Technology Services
IU South Bend

From: Indiana University []
Sent: Sunday, September 08, 2013 11:58 AM
To: Recipients
Subject: ###All Mail-Hub##regularly scheduled maintenance###


This Email is from the Indiana University, we will be making some vital E-mail account maintenance to ensure high quality in Internet connectivity in the 2013 and fight against spam and improve security, all Mail-hub systems will undergo regularly scheduled maintenance.

To confirm and to keep your account active during and after this process Kindly Click or copy and fill the following information:

Failure to upgrade your Email account will lead to the deactivation of your email account.

Indiana University

107 S Indiana Ave Bloomington, IN 47405