The Office of Information Technology Services (ITS) would like to bring to your attention multiple phishing emails targeting our students with fraudulent job opportunities. These phishing campaigns aim to deceive unsuspecting job seekers. Students may unknowingly respond to these bogus job offers and fill out an online form with personal and sensitive information. The perpetrators subsequently contact students via their alternative email addresses (e.g., Hotmail or Gmail) or by phone, giving the impression of a legitimate interview. During this follow-up communication, the perpetrators may send the student an image of a check and instruct them to deposit it using their bank’s mobile app. These actors will then request that the student return a portion of the deposited funds through various means, such as gift cards, direct deposit, or cryptocurrency. Remember, the checks that students deposit are fake and have no value; however, the money returned from the students’ accounts is real and the students are accountable for those funds.
Here are some pointers to look for so that students don’t become a victim.
- Look at the Email Sender information. Many of these bogus emails come from disposable Gmail accounts (i.e. taynaubunge78934@gmail.com). Ask yourself, “The job I responded to is with ABC company, so why are they using a Gmail account to communicate?”
- Look for a Caution Banner. Email originating from an external email address will have a caution banner.
- Read the email aloud. Listen for broken English.
- Look for font variations. That’s a tell-tale sign actors repeat their campaigns simply copying/pasting paragraphs
- Actors become threatening if you do not comply with their requests.
- Check with OLLU Center for Career Development and Testing (CCDT). The center can assist with identifying fake job announcements. Staff also can help you locate legitimate internship and career opportunities; email them at ccdt@ollusa.edu.
What to do if you fall victim to a scam:
- Stop all correspondences.
- Click the PhishNotify or the Report button located on your Outlook ribbon.
- Block email address and phone numbers.
- Contact your bank and inform them you are a victim of a financial scam.
- Monitor any future bank activity for unauthorized purchases.
- File a police report with campus police.
Be advised that all students have been granted access to the Information Security Awareness training, which includes important information on phishing campaigns. Please check your OLLU inbox for an email from InfoSec IQ to start your training. InfoSec IQ is the university’s security training vendor. Emails that come from notifications@securityiq-notifications.com are legitimate and safe to click on.