October 17, 2022
Many of you have already experienced Imposter Scams — a type of spear-phishing attempt that is sent under the guise of an authoritative figure. Although there are several forms of imposter scams, we at LBCCD typically experience targeted financial scams that spoof Department-heads, Directors, Deans, Executives, Board members, and even the Superintendent-President.
What Does an Imposter Scam Look Like?
The most common imposter scam begins with a short message like Are you available at the moment? or I need your urgent assistance, and contains the following characteristics:
- The Reply-to address is an external address; i.e., not an @lbcc.edu address
- The message contains a sense of urgency
- The imposter is unavailable to talk to you in person
Unfortunately, there is little that can be done to stop bad actors from employing this tactic because free email accounts are readily available, and websites provide information about departments and the people that work in them. As a result, we all need to keep a few basic protocols in mind and be conscious of our actions.
First and foremost, personnel should never use an external account to conduct financial-based transactions on behalf of LBCCD – especially if they involve non-standard payment types like gift cards, wire transfers, or cryptocurrency. Specific policies for properly conducting financial transactions can be found on the Contracts & Purchasing microsite and in the Purchasing Manual (PDF download).
In an effort to help users verify their origin, external email accounts that are not specifically delegated to send on behalf of the District receive the following banner at the top of the incoming message:
The Office of Information Security encourages you to take this opportunity to review common methods to protect yourself against phishing attempts.
How to Report a Phishing Email
If you suspect that you received a phishing email but did not click on any links, open any attachments, or respond to it:
- Forward a copy of the original email as an attachment to firstname.lastname@example.org, and
- Delete the email
Otherwise, if you suspect that you have fallen victim to a phishing attempt or inadvertently provided your password to an unauthorized source:
- Reset your password immediately
- Call the ITS HelpDesk at x4357 and give specific details of the event, and
- Forward a copy of the original email as an attachment to email@example.com.
For future reference, each ITS member’s email signature line should contain a reference to firstname.lastname@example.org.
Fallen Victim to Internet Fraud?
If you have fallen victim to internet fraud in California, you should contact one of the following agencies:
- Your local law enforcement agency
- Your local High Crimes Task Force, or
- The Attorney General’s eCrime Unit.
Furthermore, the FBI encourages all victims of internet fraud to contact The Internet Crime Complaint Center (IC3).