CoSN Community

Expand all | Collapse all

iTunes Gift Card Email Scam

  • 1.  iTunes Gift Card Email Scam

    Posted 10-26-2018 11:11

    Good Morning,

    Are other divisions seeing an increase in fraudulent emails where people are creating Gmail accounts and impersonating principals, then request staff buy $500 in iTunes gift cards, scratch the back, then email the codes back?  If you have, please let us know and if you have strategies for how to mitigate.  We have a best-in-breed email filtering system, but with the accounts being newly generated, blocking them is ineffective, and filtering by search term is challenging due to false positives.  I know end user awareness is critical, but will never be 100% effective. So, I'm interested in knowing what strategies and/or technical controls you might use to combat this issue.  And, if you have the same challenge but no solution, I would at least find comfort knowing I'm not alone.  I'm also interested in knowing if any divisions prohibit the purchase of gift cards outright, as this would likely be an effective administrative control.

    I produced a brief video (below) of how this scam works for National Cyber Security Awareness Month, and recently shared this with staff, but unfortunately, it's still problematic for us.

    Any help is greatly appreciated.

    iTunes Gift Card Scam Awareness Video

    Best Regards,

    Andy



    ------------------------------
    Andrew Wolfenbarger
    Supervisor of Information Security Services
    Prince William County Public Schools
    Manasss VA
    (703) 791-8112
    ------------------------------


  • 2.  RE: iTunes Gift Card Email Scam

    Posted 10-26-2018 15:27

    We had this issue about 2 weeks ago.

    Our domain is esmschools.org and all the emails came from


    we blacklisted all variants of esmschoolsorg@gmail.com


    Kieran

    Kieran O'Connor, CETL
    Executive Director of Planning, Development and Technology
    East Syracuse Minoa Central Schools

    315-434-3008 or internal x2661





  • 3.  RE: iTunes Gift Card Email Scam

    Posted 10-27-2018 08:07
    That is a good tip. We've also blocked *pwcs.gmail.com since pwcs.edu is our domain. Unfortunately, other prefixes are being used too. However, this is a great recommendation.


    ------------------------------
    Andrew Wolfenbarger
    Supervisor of Information Security Services
    Prince William County Public Schools
    Manasss VA
    (703) 791-8112
    ------------------------------



  • 4.  RE: iTunes Gift Card Email Scam

    Posted 10-29-2018 08:51
    We have been seeing this for the last six months. We invested in some end user training last November which has helped promote the importance of awareness. As you said these are new accounts built for one purpose and the verbage has been varied enough that it's almost impossible to block.

    As an aside I responded to one of these attacks and was able to string the attacker along for about 3 days with googled pictures of gift cards and other bogus info. If nothing else it wasted some of his/her time and amused me for a few days :).

    ------------------------------
    Kyle Hancock
    Director of Technology
    Hudson School District
    Hudson NH
    (603) 883-7765
    ------------------------------



  • 5.  RE: iTunes Gift Card Email Scam

    Posted 10-29-2018 10:15
    There are some additional security settings that you can change in the Gsuite console... take a look at the following support article under "Apply advanced security settings".

    Enhance phishing and malware protection - G Suite Administrator Help
    Google remove preview
    Enhance phishing and malware protection - G Suite Administrator Help
    As a G Suite administrator, you can protect users' incoming mail against phishing and malware and choose what action to take based on the type of threat. For example, you can choose to move
    View this on Google >



    ------------------------------
    Bob Boyd
    Director of Technology
    Kettle Moraine School District
    Wales WI
    (262) 968-6300 (5351)
    ------------------------------



  • 6.  RE: iTunes Gift Card Email Scam

    Posted 10-29-2018 12:39
    I've seen that scam twice.  They used completely different email addresses both times.  I suspect you'd be better off setting your email system to alert you if it sees "gift card[s]" instead of banning specific email addresses.

    I also recommend user training.  In the end, your people are your final line of defense.  If you haven't considered it yet, do phishing and spearphishing tests on your users.  For spearphishing, just use a "From:" line that has the HR director's or principal's name, but an @gmail.com address.  Chances are good that around 5% of your faculty and staff will be victims to regular phishing attacks and around 15-20% in the case of rudimentary spearphishing.  You can do a baseline test, deliver training, and re-test every 1 - 3 months to shape future training events.  Tools like knowbe4.com are great for this.

    Hope that helps.




    Jaime Kikpole

    Director of Technology & Innovations
    Cairo-Durham Central School District
    (518) 622-8543, x59500
    cairodurham.org

    Technical Support:
    help@cairodurham.org
    go.cairodurham.org/techtips

    Google Certified Educator, Level 1 Google Certified Educator, Level 2


    This electronic message and any attachment(s) may contain confidential or legally privileged information protected by law from further disclosure and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agency responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachment(s). Please notify the sender immediately by return email or telephone and permanently delete this message and attachment(s) from your system.





  • 7.  RE: iTunes Gift Card Email Scam

    Posted 11-01-2018 08:32

    We do now have a filter that records any emails with iTunes and Gift Cards as key words, but allow those to be delivered due to the high volume of false positives, but at least we have insight and can take action more quickly.

    Thank you so much for the recommendation on the phishing awareness content.  I've been looking at Wombat, but will look closer at the one you suggested too.

    Thank you!

    Andy



    ------------------------------
    Andrew Wolfenbarger
    Supervisor of Technology
    Stafford County Public Schools
    Stafford VA
    (540) 658-6744
    ------------------------------



  • 8.  RE: iTunes Gift Card Email Scam

    Posted 10-29-2018 15:38
    Good Morning All,

    We have put in place a number of items to cut down on these types of events to include this preamble:

    CAUTION: This email originated from outside of Volusia County Schools. DO NOT click links or open attachments unless you recognize the sender and are expecting the information or have verified with the third party and/or Customer Support at ext. 20000, option 2 that the content is safe.

    Additionally, on our network and Office 365 environment we are blocking traffic from most countries hostile to the US include China and Russia.

    It has made it much more quiet here.

    Alex

    ------------------------------
    Alex Kennedy
    Assistant Director
    Volusia County School Board
    Deland FL
    ------------------------------



  • 9.  RE: iTunes Gift Card Email Scam

    Posted 11-01-2018 08:35

    Alex,

    I had not considered a preamble, but that's an interesting suggestion that I'll look into.

    We have also considered blocking emails and/or logins from some countries, but worry about unintended consequences with exchange students, teachers traveling, etc.  We will be looking closer at this though.

    Thanks for the tips!

    Andy



    ------------------------------
    Andrew Wolfenbarger
    Supervisor of Technology
    Stafford County Public Schools
    Stafford VA
    (540) 658-6744
    ------------------------------



  • 10.  RE: iTunes Gift Card Email Scam

    Posted 11-02-2018 15:34
      |   view attached
    We, too, receive occasional spoofed e-mails on a regular basis.  Especially individuals posing as a staff member or department.  We now use our filter to prepend the subject line with [EXT] for all external e-mail unless granted safe status.  When then trained staff to use caution when reading such e-mails and to verify the sender if it appeared to be from an internal user.  We used the pre-ample for awhile, but users felt it to be intrusive as it went in the the body of the e-mail and made it difficult to scan e-mails. In addition, we force the display of the sender's actual e-mail. Our filter also disables all external links and re-routes though a safe-link process.

    ------------------------------
    David Jarboe
    Executive Director, Tech & Innov
    HSD2
    Colorado Springs CO
    (719) 538-1371
    Coordinator, Secondary Assessment
    ------------------------------



  • 11.  RE: iTunes Gift Card Email Scam

    Posted 11-02-2018 16:16

    David,

    I do like this approach better than a pre-amble.  I know we could enable this very quickly and easily, so we'll give it some serious consideration.  We also recently found an option we can configure in 0365 for an anti-impersonation setting we'll look at as well

    Thank you for the simple, but great idea!

    Andy



    ------------------------------
    Andrew Wolfenbarger
    Supervisor of Information Security Services
    Prince William County Public Schools
    Manassas VA
    (703) 791-8112
    ------------------------------