» Trending Email Scams

guy on laptop at hackatonChapman University’s Information Systems and Technology department monitors the trending scams in the Information Security World. We use intelligence feeds shared with peer institutions in Higher Ed as well as emails sent to abuse@chapman.edu.

This page is updated regularly. If you have any suggestions or questions, please email infosec@chapman.edu.

Covid-19 Scam Emails

Toggle Section

How do Covid-19 Email Scams Work?

Scammers make use of the current COVID-19 crisis to trick people into getting their computers infected with malware and giving away their bank or personal information.

Covid-19 themed scams might allude to national headlines to lend a veneer of credibility and make them more appealing.

These scam emails will have an enticing subject and message such as (but not limited to):

  • Covid-19 Vaccine
  • Testing for free
  • Stimulus checks
  • Infection map
  • Covid-19 Antivirus
  • Someone you know is infected with the Novel Coronavirus (Covid-19)

The malicious emails work in the same way as regular phish emails do:

  • Masquerade as a legitimate email
  • Pressure the recipient of the email to click on a link or download an attachment
  • Steal information entered into a fake login page or infect a computer and exfiltrate information

Examples of Covid-19 Email Scam

ExampleA fake covid 19 email urging people to click on a phishing link




What To Do If You Receive a Covid-19 Email Scam?

DO NOT click on any of the links or enter any information.

Go to the source! If the email pretends to be from the Center for Disease Control, go directly to CDC.gov

Do not reply to the email message.  

Forward the message to abuse@chapman.edu

The Check Deposit Scams

Toggle Section

How Does a Check Deposit Scam Work?

The Check Deposit Scam - I transfer to your account $3000, you transfer $2000 to an offshore account.

In the check deposit scam, the scammer tries to trick you into depositing a check that is not covered in your bank account. To make it look like a legitimate business, they will offer you a job or purchase something from you. If it it's a job they will ask for personal information from you. Some scams include a survey at the end so it feels more like a job offering. 

The scammer issues you a check for $3000 although they "owe you" $1000. They then ask you to transfer the remaining $2000 from your account to a third-party account that is usually offshore. 





Why Does It Work?

To you, this is one transaction and it seems as if you're dealing with one person. However, to the bank, this is two different transactions. The bank is dealing with two different people - there is you who deposits the check and the receiver of your transfer. 

The issuer of the check is in a different time zone so the check takes a while to clear. By the time you receive the notification that the scammer's check to you was not covered, your transfer for the $2000 was still initiated from your account. The bank sees you as liable even if you do not have sufficient funds. 

Example of a Check Deposit Scam

Example of a check deposit email scam

What To Do If You Received a Check Deposit Scam Email

Do not reply to the email message.

Do not provide any personal information, this information could be used for other scams such as the tax email scam. 

Forward the message to abuse@chapman.edu

To learn more about what to do if you received a phishing email, please visit www.chapman.edu/phishing

Sextortion Email Scam

Toggle Section

How Do Sextortion Emails Work?

A sextortion scammer sends out messages with spoofed email addresses using passwords obtained from "Credential Dumps". A credential dump is a list of email addresses, passwords and other personal information published online without permission. Scammers exploit credential dumps by including your password in their message to grab your attention. 

A sextortion scammer claims to have compromised the target's computer to gain their passwords and personal information, but most importantly has recordings of the recipient performing intimate acts using the computer's webcam. 

The scammer then asks for a "fair price" in bitcoin so they do not release the screenshot or recording to the target's social media accounts and contact lists. 

Example Sextortion Email

Subject: XXXXXX@chapman.edu was hacked 


My nickname in darknet is barnett26.
I'll begin by saying that I hacked this mailbox (please look on 'from' in your header) more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer
and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $500 is quite a fair price to destroy the dirt I created.

Send the above amount on my bitcoin wallet: 1MN7A7QqQaAVoxV4zdjdrnEHXmjhzcQ4Bq
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 48 hours!
After your reading this message, I'll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere!
Good luck!

What To Do If You Received A Sextortion Email Scam

Change your password immediately by going to password.chapman.edu

Forward the email received to abuse@chapman.edu. 

The Gift Card Scam - Are You There?

Toggle Section

How Do Gift Card Scams Work?

Gift card scammers send out messages using spoofed email addresses impersonating your boss or the president of your university. The email usually has an urgent tone, asking you to buy multiple gift cards and sending them the codes on the back. Email scammers ask for gift cards because they are immediate and untraceable. 

The gift card scam is also known as the 'Are You There' scam because the scammer initially sends an 'are you there' or 'are you available' message and awaits for a response before they ask you to buy gift cards. 

Example Are You There? Email

From: President Incharge <inchargepresident[@]gmail.com>
Date: March 5, 2019 at 8:13:39 AM PST
To: xxxxx@chapman.edu
Subject: Urgent

Are you still available i need your help, I want you to help me out on something important ? 

 I am in a meeting right now and call is not allow here, are you free to help me

Daniele C. Struppa

What To Do If You Received A Gift Card Scam Email

Check with the email sender through a different mode of communication if they sent the message (In-person, Chapman Email, Desk Phone Number). 

Do not reply to the email and forward the message to abuse@chapman.edu.

Phishing for Credentials

Toggle Section

How Do Phishing Emails Work?

Phishing is the most common type of email scam with nearly 1.5 million phishing websites created each month according to Webroot Threat Report.

Phishing is when cybercriminals pretend to be a trustworthy entity and send emails to further entice their victims to

  • Provide usernames or passwords
  • Open viruses infected files
  • Open attachments that input malware on the device allowing passwords to be stolen

More information on phishing can be viewed at www.chapman.edu/phishing

Example of a Phishing Email

 phishing email example with malicious link

What To Do If You Received A Phishing Email

  • Check www.chapman.edu/security for recent phishing emails to see if the email you received is posted
  • Even if you do not see it on the website still report it! It might be a new attack
  • Always double check the sender/url before entering any usernames and passwords. If in any doubt DO NOT enter your username or password, instead ask abuse@chapman.edu to confirm legitimacy of email

For more information on what to do if you received a phishing email view www.chapman.edu/phishing 

Seasonal Scams

Toggle Section

How Do Seasonal Scams Work?

Seasonal scams, also known as holiday scams, are malicious emails that resurface every year during annual holidays and events. 

Similar to phishing emails, seasonal scams are after your username and password, personal information and money. Seasonal scammers will send out emails during tax season and holidays to give their scams more credibility. 

Tax Return Scam

  • The scammer impersonates an IRS official and accuses the target of owing the IRS money which must be paid immediately through a wire transfer or prepaid debit card. 
  • The recipient is often threatened with jail time in order to scare people into giving the scammer personal information, credit or debit card numbers or money. 

Holiday Scams

  • Scammer takes advantage of people distracted in a holiday "daze" who will more likely give out their personal information.
  • Includes 'too good to be true' deals on airfare, hotels, or expensive items.
  • The scammer might also pose a friend or relative in need of immediate financial assistance in an emergency situation.
  • Includes shipping notifications or purchase alerts on items you never purchased from major credit payment processors.

Examples of Seasonal Scams

Example of an IRS phishing email - Verification Notificationexample of fake IRS email scam
Example of a holiday scam - Refund Notificationexample of fake amazon phishing email

How An IRS Scam Call Works - Video

Courtesy of The Majority Report w/Sam Sedar  

Watch Sam Sedar speak with scammers impersonating IRS officials who claim he will be arrested if he doesn't pay the IRS back $5000.

What To Do If You Received A Seasonal Scam Email

DO NOT click on any of the links or enter any information.

Forward the email message to abuse@chapman.edu.