Scams and Viruses

October 2017

The campus has experienced another phishing attempt to get information from IU South Bend employees. This attempt came disguised as an email from Chancellor Allison. It was promptly reported and no information was compromised but it serves as a reminder to be diligent.

Please consider the following points when you receive an email message:

  • Are you expecting an email of this nature? (e.g. password reset, account expiration, wire transfer, travel confirmation, etc)
  • Do you do business with the company or person purportedly emailing you?
  • Does the message ask for any personal information (password, credit cards, SSN, etc)?
  • Does the message ask for sensitive information about others?
  • Does the message ask you to immediately open an attachment?
  • Hover your mouse over the links in the email. Does the hover-text link match what's in the text? Do the actual -links look like a site with which you would normally do business?
  • Does the "From" email address look like either someone you know, a business you work with, or a proper IU email account?
  • Click 'Reply' - Does the address in the 'To' field match the sender of the message?

If you're not sure about the legitimacy of an email message, please report it to

Thanks for your assistance in keeping IU secure

May 2017

Dear IU South Bend Campus Community,

** URGENT **

As you likely saw in the national and international news on Friday and throughout this past weekend, a ransomware attack has reportedly hit over 150 countries including, in particular, the National Health Service in England. It is ongoing. There are many insights in the news, and UITS encourages you to read some of the coverage.

Note that this attack is the simple realization of three well-known facts of our time:

Unpatched devices pose a great security risk.

Email phishing is a primary means of attack.

Weapons grade hacking kits are leaking from nation-state actors to crooks.

We want you to understand that we are doing everything possible to minimize the potential for a ransom attack on campus. We have put in place various blocks for devices that are known to be at risk. Remember, do not store data on your local drive, instead use Box or other available IU cloud services. Never open emails containing attachments that are not digitally signed or not from a known trusted source. Should your account become disabled or compromised, immediately contact the Support Center for assistance with remediation.

For your personally owned devices, make sure you have applied the most recent security patches and you maintain a backup for all of your data.

Support Center

New phishing attack targets Google Docs/Gmail users

Early yesterday afternoon a new type of phishing attack popped up that targets Google Docs/Gmail users.
Here’s what to look out for:

An email that appears to come from someone you know who wants to share a document with you.

If you open the email, you’re asked to click a link—don’t do it! If you click, a page that looks like an official Google page pops up asking if you would allow the Google Docs app permission to read your email and access your contacts. Again, don’t do it! If you agree, an app is installed on your computer that gives the attacker the ability to send the same email to all of your contacts.

And, once that permission is given, changing the password will no longer work. You must remove the app permission yourself.

Here’s what you should do

If you receive an email indicating that someone wants to share a document with you, check your Google Docs Shared Documents folder to see if it is listed there by clicking on Shared with me located below My Drive in the left toolbar.

If you’re unsure if an email is legitimate, you can always forward it to your campus Support Center for verification.

Again, if you have any questions, please contact the UITS Support Center at (574) 520-5555 or

University Information Technology Services
IU South Bend

February 2017

UITS would like to inform you about a phone scam/phishing attempt recently targeting IU South Bend claiming to be from the U.S Treasury Department. These calls have been coming in from various phone numbers. Below is a transcribed copy of the voice mail.

Number is IRM 9165.

The nature in the purpose of this call is regarding in enforcement action which has been executed by the U.S. treasury department regarding tact fraud against your name ignoring this would be an intentional attempt avoid initial appearance before the magistrate she had your exams jury for a Federal criminal offense so before this matter goes to Federal claim courthouse or before you get arrested — kindly call us back on our number as soon as possible the number to reach its is (415) 493-0733 -- hope to hear from you soon before the charges are pressed against you.

DO NOT CALL THEM BACK. This is an attempt to illegally gain information or to deceive those receiving the call.

University Information Technology Services
IU South Bend

By: kweidner on 08 Feb 2017 17:20

December 2016

Many of you receive emails that appear to come from a legitimate Indiana University email address or other businesses such as FedEx, Chase, or Nyhart. These emails may contain attachments or may try to lure you into providing passphrases, personal, and/or financial information. These are phishing scams. [1]

The latest phishing attack attempt happened here yesterday. An email that stated it was a PO/Invoice with an attached Excel spreadsheet was sent out. The attachment was opened and infected the PC with ransomware.[2] Files on the desktop PC were then infected. The infected computers had to be rebuilt immediately and any data that was not stored in the cloud or on Box was lost.

Things to remember about phishing scam attempts:

· Be cautious about opening any attachment or downloading any files from emails you receive. If you recognize a phishing message, delete the email message from your Inbox, and empty it from the deleted items folder.

· Never email passphrases, personal, or financial information. If you ever mistakenly share your passphrase, click on a link inside of a phishing email, or feel that your account has been compromised change your passphrase immediately: [3]

· No one at IU (including UITS) will ever ask for your passphrase or confidential information for any reason via phone, chat, or email. If you get an email or pop-up message that asks for personal or financial information, don’t reply, don’t click on the link, or call the number provided.

· If you doubt the authenticity of an email or web site, or worry about your IT accounts, contact the Support Center at x5555 (574-520-5555) or as soon as possible.

Learn how not to get hooked by phishing scams and what to do if you accidentally provide info to scammers at Protect IU.

For more information, visit: .. index.html .. shing.html .. cams.shtml


University Information Technology Services
IU South Bend

By: kweidner on 07 Dec 2016 17:00

August 2016

Earlier this afternoon, many IU employees received an email that appeared to come from Indiana University.  The email suggested employees should change their Nyhart account password because it would be expiring soon.  The email also provided a link to change the password.  If clicked, the link directed users to a 1:1 mock-up of the IU Nyhart portal.

If you received this message, it is indeed a phishing email and not legitimate.  Please do not click it on the link, and do not enter any of your credentials.  Nyhart, IU’s TSB and HSA vendor, will never reach out to employees to reset expired passwords. 

If you clicked on this link, please go directly to the Nyhart website and reset your credentials immediately.  In the meantime, UITS has blocked the link on the IU network.  We are also working directly with Nyhart to monitor the situation, as well as communicate to employees who have questions about how to reset their account credentials.

Always be sure to hover over links to make sure they lead to a reputable site. Also, please remember to report all phishing messages to phishing {at} iu {dot} edu with full header information.  For instructions on obtaining full headers in email please visit the IU Knowledge Base and search on the term ‘full headers display.’  To help further protect our community, if you received this Nyhart message (or another variant), please hover over the “click here” link and look at the URL.  If it is NOT “”, please be sure to report it as a new phishing message.


March 2015

Department of Justice Scam Alert

January 21, 2015
TIGTA - 2015-01
Contact: Office of Investigations
Call toll free: 1-800-366-4484

J. Russell George Urges Taxpayers to Be on "High Alert" to Phone Fraud Scam

TIGTA Reminds Taxpayers to Beware of Calls from IRS Impersonators this Filing Season

WASHINGTON — As the 2015 tax filing season begins, the Treasury Inspector General for Taxpayer Administration (TIGTA) is reminding taxpayers to beware of phone calls from individuals claiming to represent the Internal Revenue Service (IRS) in an effort to defraud them.

“It is critical that all taxpayers continue to be wary of unsolicited telephone calls from individuals claiming to be IRS employees,” said J. Russell George, Treasury Inspector General for Tax Administration. “This scam, which is international in nature, has proven to be the largest scam of its kind that we have ever seen. The callers are aggressive, they are relentless and they are ruthless,” he said. “Once they have your attention, they will say anything to con you out of your hard-earned cash,” George added.

TIGTA has received reports of roughly 290,000 contacts since October 2013 and has become aware of nearly 3,000 victims who have collectively paid over $14 million as a result of the scam, in which individuals make unsolicited calls to taxpayers fraudulently claiming to be IRS officials and demanding that they send them cash via prepaid debit cards.

“The increasing number of people not only receiving but accepting these unsolicited calls from individuals who fraudulently claim to represent the IRS is alarming,” George said. “At all times, and particularly during the tax filing season, we want to make sure that innocent taxpayers are alert to this scam so they are not harmed by these criminals,” he said, adding, “Do not become a victim.”

“This is a crime of opportunity, so the best thing you can do to protect yourself is to take away the opportunity,” the Inspector General added. “Do not engage with these callers. If they call you, hang up the telephone.”

Inspector General George noted that the scam has hit taxpayers in every State in the country. Callers claiming to be from the IRS tell intended victims they owe taxes and must pay using a pre-paid debit card or wire transfer. The scammers threaten those who refuse to pay with immediate arrest, deportation or loss of a business or driver’s license.

The IRS usually first contacts people by mail – not by phone – about unpaid taxes. And the IRS won’t ask for payment using a pre-paid debit card or wire transfer. The IRS also won’t ask for a credit card number over the phone.

“If someone unexpectedly calls claiming to be from the IRS and uses threatening language if you don’t pay immediately, that is a sign that it really isn’t the IRS calling,” George said.

The callers who commit this fraud often:

  • Utilize an automated robocall machine.
  • Use common names and fake IRS badge numbers.
  • May know the last four digits of the victim’s Social Security Number.
  • Make caller ID information appear as if the IRS is calling.
  • Send bogus IRS e-mails to support their scam.
  • Call a second or third time claiming to be the police or department of motor vehicles, and the caller ID again supports their claim.

If you get a call from someone claiming to be with the IRS asking for a payment, here’s what to do:

  • If you owe Federal taxes, or think you might owe taxes, hang up and call the IRS at 800-829-1040. IRS workers can help you with your payment questions.
  • If you don’t owe taxes, fill out the “IRS Impersonation scam” form on TIGTA’s website, or call TIGTA at 800-366-4484.
  • You can also file a complaint with the Federal Trade Commission at Add “IRS Telephone Scam" to the comments in your complaint.

TIGTA and the IRS encourage taxpayers to be alert for phone and e-mail scams that use the IRS name. The IRS will never request personal or financial information by e-mail, texting or any social media. You should forward scam e-mails to Don’t open any attachments or click on any links in those e-mails.

Taxpayers should be aware that there are other unrelated scams (such as a lottery sweepstakes winner) and solicitations (such as debt relief) that fraudulently claim to be from the IRS.

Read more about tax scams on the genuine IRS website at


Scams Targeting University Students

University Employee Payroll Scam


Cracking Cards - Debit Card Scam

04-2014 -

Green Dot MoneyPak card scam

The newest money scam is one that involves the use of the Green Dot MoneyPak card. The Green Dot card is a legitimate reloadable debit card that is being used by scammers. This is an advance payment scam in which scammers use a variety of methods to get victims to transfer money using the card. One of the latest methods is to offer grant money in return for advance payment. Do not be fooled by these scams.  For more information about these scams check out the following websites.


9-2013 - Emails similar to the one listed below have been received by many people at IU South Bend. Please beware of such emails and remember that IT will never ask users to respond to e-mail with their username and password.

The email is a phishing scheme which attempts to lure the email recipient in to visiting a web site which will attempt to compromise their computer.

As always, when receiving phishing emails it is best not to click on the link contained in the email. Instead, simply delete the email.

University Information Technology Services
IU South Bend

From: Indiana University []
Sent: Sunday, September 08, 2013 11:58 AM
To: Recipients
Subject: ###All Mail-Hub##regularly scheduled maintenance###


This Email is from the Indiana University, we will be making some vital E-mail account maintenance to ensure high quality in Internet connectivity in the 2013 and fight against spam and improve security, all Mail-hub systems will undergo regularly scheduled maintenance.

To confirm and to keep your account active during and after this process Kindly Click or copy and fill the following information:

Failure to upgrade your Email account will lead to the deactivation of your email account.

Indiana University

107 S Indiana Ave Bloomington, IN 47405