Let’s Go Phishing

College student’s email accounts are being targeted with scam job offers searching for the vulnerable and desperate student.

Jeff Helsel

Old Main, California University of Pennsylvania, May 2021.

Alexandra Paes, Staff Writer

It’s every penniless college student’s dream, a company finally recognizing your potential and emailing you personally to congratulate you on a limited time job offer, making more money than most other companies had been offering with an additional bonus if you respond within the deadline.

Maybe the email is a short list of part-time jobs, perfect for the busy college student trying to make some quick cash. The advertising is pristine, the offers are local to your area, and the hours are flexible perhaps maybe even working from home.

So without hesitation you respond to this job opportunity and agree to the opening, and just like that you are in! No interview, no pesky paperwork, not even the competition of other applicants this job is all yours.

But there’s a catch. You get emailed instructions to deposit a large check into your bank account. Or maybe you are told to fill out a legitimate looking tax form or W2 and email it back to your “new boss” directly.

This job offer, most likely unsolicited, has not only been emailed to you but also emailed to a dozen other students, many of whom go to the same university you attend. 

With the age of technology changing the world, scam artists have perfected the phishing schemes to prey on the college student searching for a little extra cash. 

These email scams, also known as phishing emails, are pushed out to a mass of college emails made to look as though they are coming from a university office trying to place students with job opportunities. 

This is only one possible scenario that is masked as a legitimate offer emailed to thousands of students on campus. The attackers vary the requests and use different methods frequently in order to avoid detection. 

California University of Pennsylvania’s Director of Enterprise Infrastructure and Security, Dennis Carson, has been working in the information technology field for the past 15 years at CalU.

With over 10 years in prior technology security services, Carson has seen first hand the damage caused by the scam artists behind these false emails. 

“These scam attacks have gotten more sophisticated over the last 10 years that I have been working in this field. It used to just be people knocking on doors selling fake items, now it’s so much more than just taking your money,” Carson said. 

Scam artists often create emails which contain virus links that can attach themselves to private information found within the email servers or computer software. 

In many cases, the viruses can access banking information, personal logins, or other personal data that can be harmful when left unprotected. 

The scams have become so prevalent over the last five years that the Federal Bureau of Investigation (FBI) released a public service announcement in 2017 addressing the issue. 

According to the document, 

“How the scam works:

  • Scammers email job advertisements soliciting college students for administrative positions
  • The student employee receives counterfeit checks in the mail or via e-mail and is instructed to deposit the checks into their personal checking account
  • The scammer then directs the student to withdraw the funds from their checking account and send a portion, via wire transfer, to another individual. Often, the transfer of funds is to a “vendor”, purportedly for equipment, materials, or software necessary for the job.
  • The checks are confirmed to be fraudulent by the bank and leaves the student responsible. 

Consequences of participating in this scam:

  • The student’s bank account may be closed due to fraudulent activity and a report could be filed by the bank with a credit bureau or law enforcement agency.
  • The student is responsible for reimbursing the bank the amount of the counterfeit checks.
  • The scamming incident could adversely affect the student’s credit record.
  • The scammers often obtain personal information from the student while posing as their employer, leaving them vulnerable to identity theft.
  • Scammers seeking to acquire funds through fraudulent methods could potentially utilize the money to fund illicit criminal or terrorist activity.”

CalU’s University Technology Services offers security awareness training at no cost to students through the Desire2Learn platform. 

“The most important part of beating these scams is to ignore them and be aware of the training that the university offers in order to avoid becoming the next victim because if it’s too good to be true then it’s likely a scam,” Carson said. 

The training covers several areas of cyber protection such as being able to identify the phishing scams, being aware of all false links in emails, and maintaining all virus protection updates on all used devices.

October is cybersecurity awareness month, and CalU is offering a multitude of options to inform students of the security measures they can take and how to educate themselves in order to prevent fraudulent scams from reaching them.

“Education is the biggest part of stopping these types of scams,” Carson said. “These scams will never go away and now with the internet growing, scammers have access to thousands of more potential victims than before. Education is the only way to prevent people from falling into a dangerous trap.”

 

If you receive a phishing/scam email, forward it immediately to [email protected]