Scams target university students and employees
January 20, 2015
Chief information technology officer
University of Alaska
College students across the United States have been targeted to participate in work-from-home scams. Students have been receiving emails to their school accounts recruiting them for payroll and human resource positions with fictitious companies. The “position” simply requires the student to provide his or her bank account number to receive a deposit and then transfer a portion of the funds to another bank account. Unbeknownst to the student, the other account is involved in the scam that the student has now helped perpetrate.
University employees are receiving fraudulent emails indicating a change in their human resource status. The email contains a link directing the employee to log in to their human resources website to identify this change. The website provided appears very similar to the legitimate site in an effort to steal the employee’s credentials.
Once the employee enters his or her login information, the scammer takes that information and signs into the employee’s official human resources account to change the employee’s direct deposit information. This redirects the employee’s paycheck to the bank account of another individual involved in the scam.
Identity theft takes many forms
Attempts to steal your identity, passwords and property through scam emails are all forms of phishing. Some are targeted, such as those above, while others are more general. An email may simply pretend to share a “Very Important Document” or claim a “Problem from your email account” or “Admin Support” or even “Web Help Desk Support.” Don’t take the bait. If you are ever unsure about the source of an email, simply delete it. Do not click on links.
Your university will never ask you via email to provide personally identifiable information such as login credentials, passwords or any type of banking or account information.
How to protect yourself from this and other scams:
- If an email claims that it is responding to your inquiry and you did not make one, it is probably a scam.
- If a job offer or offer of money sounds too good to be true, it probably is.
- Never accept a job or offer that requires the depositing of funds into your account and wiring them to different accounts.
- Look for poor use of the English language in emails, such as incorrect grammar, capitalization and tenses. Many of the scammers who send these messages are not native English speakers.
- Never provide credentials of any kind, such as bank account information, login names, passwords or any other identifying information, in response to a recruitment email or one claiming to need to validate your account.
- Forward these emails to your university’s IT help desk personnel and tell your friends to be on the lookout for the scam or report to your mail service provider as a phishing attempt. In Google, this can be done from the drop-down in the upper right, next to the reply button.
- Roll your cursor over the links received via email and look for inconsistencies in the link displayed in the pop-up or in the navigation bar at the bottom of your browser. If it is not the website the email claims to be directing you to, then the link is to a fraudulent site.
- Never provide credentials of any sort via email. This includes after clicking on links sent via email. Always go to an official website rather than from a link sent to you via email.
- Lastly, if you do click on a link and realize it was a bad one, don’t be afraid to call your help desk and report it. We are here to help and will want to help you limit any damages the perpetrators might try to do.