The Michigan Cyber Command Center (MC3) recently warned of a phishing campaign targeting college students worldwide. The campaign aims to capture students’ .edu email account username and password. Once this information is obtained, fraudsters access the victim’s email account, create forwarding rules, and send out mass, nefarious emails.
Typically the mass, fake emails seek students for a work-from-home position. The job offers appear to be from an individual with a doctoral degree who works at a college and is seeking a personal assistant to complete tasks for them. Once someone agrees to this position, the fraudster asks the victim to purchase blank check paper, print out a check, and cash it at their personal bank. Once this is done, they commonly ask the victim to purchase iTunes gift cards, scratch off the back, and send them pictures of the redemption code.
Criminals hope that using a .edu email account for the employment opportunity makes it appear as if the job opportunity is legitimate. This, coupled with hundreds of businesses being shut down and students out of work, might lead to more students falling victim to this scheme, unknowingly committing check fraud, and potentially being held accountable for hundreds of dollars in lost funds.
Be sure to analyze your emails for phishing red flags to determine email authenticity. Red flags are:
- Inconsistent information – Match the display name (in the “From:” field) with the sender’s email address and signature block.
- Malicious links or attachments – Once opened, a link/attachment can lead to immediate malware infection (with no user input needed) or to a credential request. Scan links/attachments at www.virustotal.com.
- Inappropriate language, grammar, logos and formatting – The email appears to be “off” and not professional.
- Sender doesn’t seem to know the recipient – The email is addressed with “Dear Student.”
- Email content is bizarre, unbelievable or too good to be true.
- Urgent language – Criminals want you to act quickly without thinking.
- Unsolicited – Were you expecting the email? If not, be suspicious and treat the email as malicious.
If you have any questions, please contact LCC’s Director of Information Security, Paul Schwartz, at firstname.lastname@example.org.