Notice: This article is more than one year old and is part of the Henry Ford College news archive. Information in the article may be outdated. For the most current news and information about Henry Ford College, please visit hfcc.edu/news, or contact communications@hfcc.edu.

Recent phishing scams at HFC

Release Date

Tuesday, July 5, 2022

Help us help you! Watch the video or read the text... don't get caught in the phishing net! If you do inadvertently click on a phishing link, shut down your browser window and immediately change your HFC password.

Video tips to avoid phishing

The following video will give you some tips to help avoid vulnerability to phishing scams. Read the section below this video for tips from Joe Zitnik.

Also consider the STOP method:

Is the email Suspicious? Filled with errors, lacking specificity, or otherwise just "not right"?
Is the email Telling you to select a link or button? Check the link VERY carefully before clicking (hover to see where it goes). Better yet, independently go to the suggested website to find out if the link is real.
Is the email Offering something that is too good to be true? An unexpected windfall, a huge discount, etc.?
Is the email Pushing you to do something immediately?

The S.T.O.P. method can help you pause and verify.

Additional tips from Joe Zitnik to avoid phishing

Joe sent this message to the HFC community in July 2022.

The original intent of this message was to warn people about one of the current phishing e-mails coming into the college, but it has a much wider scope than these messages. Over the last several months, HFC employees have been receiving fake e-mails claiming to be from the IT help desk. The content of the e-mails is always similar, your mailbox is almost full (usually 98%), and if you don’t fix it, you’ll lose access or functionality, and you need to log in to fix it. They are classic phishing e-mails. I want people to be aware of this type of scam and to know that the IT Help Desk will never send you an e-mail telling you your mailbox is almost full. If your mailbox is nearing capacity, the e-mail system, not any specific individual, will give you a warning that your mailbox is nearly full.

The bigger issue is that people need to be aware of the e-mail address, not the name, that any e-mail is coming from. That is true not just for these e-mails, but any e-mail claiming to be from a Henry Ford College employee.

The e-mails claiming to be from the HFC IT Help Desk were from support@korneri_dot_net (the period was replaced with_dot_ in this and any spam e-mail address examples that follows) and pmassa@gob_dot_gba_dot_gov_dot_ar and support@activ-motor_dot_com and jean-paul.barthout@ac-limoges_dot_fr. Any e-mail from the HFC IT Help Desk would be from helpdesk@hfcc.edu.

Similarly, e-mails in June came in claiming to be from other HFC employees like Vice President Michael Nealon with an e-mail address of mnealon.hfcc.edu@gmail_dot_com and Dean Dr. Patricia Chatman that were from bepdinfo.hfcc.edu@gmail_dot_com. Note that these are not from legitimate Henry Ford College accounts but were sent from Gmail accounts made to make people think they were from HFC employees.

The people who perpetrate these phishing attempts follow behavioral science lessons. They send e-mails appearing to be from people in power asking for favors or telling you something is an “emergency”. All of this is done with the intent of getting you to believe the e-mail is legitimate and either get you to do something or enter your credentials. Then, they use the legitimate e-mail usernames and passwords they get from these phishing attempts to send out spam from the accounts they gain access to.

You should never respond to an e-mail claiming to be from an HFC employee or department that does not come from an @hfcc.edu e-mail address. Be mindful of what comes after the “@” sign in an e-mail address. When it comes to Henry Ford College communications, if you have entered your credentials in any one of these latest scams, change your password immediately.

Thank you, everyone.

Joe Zitnik
Director, Network and IT Infrastructure
e-mail: jzitnik@hfcc.edu
Phone: 313-317-6500

UPDATE from Joe Zitnik, July 7:

Hello everyone. On Tuesday, I sent out a warning to all HFC employees asking them to be mindful of the real senders of an e-mail. Just to be clear, for e-mail that originate from outside of the “@hfcc.edu” e-mail domain, the sender will have an e-mail address listed after their name, whereas e-mail that are from one HFC person to another HFC person will normally just show a name. Look in your inbox. Open an e-mail from another HFC e-mail address and look at how the sender’s name appears in the e-mail. Open an e-mail from someone outside of the College and look at how their name appears. For outside e-mail, it is going to be a name followed by e-mail address: John Doe jdoe@maildomain.com An e-mail yesterday came into the system claiming to be from Kathy Dimitriou, but the e-mail address for that e-mail was mchao.csusb.edu@gmail_dot_com. There were people on campus who, thinking the e-mail was from Kathy Dimitriou, reached back out to the person offering to assist. Again, I understand the desire of people to help others that they like and know, but this was a perfect example of the warning I had given the day before. In the end, the person was trying to get people to go out and buy gift cards, and hopefully, no one fell for it.

These e-mails are difficult to block, because an e-mail from someone coming into the College asking “can you help me with something?” could absolutely be legitimate. In an effort to make people aware of when they are dealing with e-mails from outside senders, the following banner will begin appearing in nearly all (hawkmail email addresses will not get this banner) e-mail coming into the Henry Ford College e-mail system:

CAUTION: This email originated from outside of the Henry Ford College network. Be Aware. Do not respond to emails claiming to be from Henry Ford College employees coming from non "@hfcc.edu" email addresses. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you have any questions about the legitimacy of this email, please call the HFC Help Desk at 313-845-6345.

E-mail has been and continues to be the largest attack vector for people trying to breach networks. More than 90% of cyberattacks infiltrate an organization via email. According to the FBI, there has been a 400% increase year-over-year in phishing attacks. Bad actors do them because they work. The average breach costs more than $4,000,000 to recover from in financial costs alone. The loss of reputation is difficult to estimate. Do you bank with institutions that have been in the news as having been compromised? This year alone, Kellogg and Kalamazoo Valley Community College had to close for several days while they recovered from malware. Lincoln College in Illinois closed after 157 years because it could not recover from a combination of Covid and a Ransomware attack that shut its doors for an extended period of time. Please do all you can to keep the network, our data, our finances, and our reputation safe.

Thank you.

Joe Zitnik
Director, Network and IT Infrastructure
Henry Ford College
e-mail: jzitnik@hfcc.edu Phone: 313-317-6500

The HFC Web Team welcomes any and all feedback on our website.