Students of an Ivy League University Are Bombarded with Fake Job Offers via Phishing Emails

Are you a Dartmouth student? Are you ready to start a career linked to your degree? If you are, you need to look out for phishing emails that might offer high-paying jobs. It is possible that the schemers behind these misleading emails will attack the students of other Ivy League universities or any other higher education institution in the US. For example, earlier this year, the University of Buffalo warned students about fake job offer scams. In fact, the FBI has been warning students about devious employment scams targeting college students since 2017. According to the Federal Bureau of Investigation, schemers were found to post fake job ads online, send counterfeit checks to their victims, trick them into depositing these checks into their personal checking accounts, and then convince them to withdraw funds from their accounts. Of course, victims would end up losing THEIR money.

Without a doubt, this kind of scam cannot attract that many victims. A phishing email scam, on the other hand, can fool even the more vigilant and experienced students. Needless to say, the job market is very competitive, and the number of positions available to students is limited. Therefore, students who receive a job offer without putting in the work could be too excited to notice the red flags. That being said, we hope that most students will be able to recognize the scam right away. After all, job offers rarely fall from the sky, and any time you are introduced to a too-good-to-be-true offer, you need to go through a simple checklist. A – Did you apply for the job? B – Are you familiar with the sender/company? C – Does the message/offer make sense? D – Does the offer fit your qualifications? If you answer NO to any of these questions, there is a good chance that you have faced a phishing email. Of course, even if you have applied for jobs, if you are familiar with the company, if the offer looks authentic, and if it fits your qualifications, that does not mean that you have received a legitimate job offer.

Schemers who use phishing emails to trick gullible students know what they are doing. If the schemers are experienced, the phishing email offering a job could be created in a highly convincing manner. According to the report by The Dartmouth, the phishing emails that students have been receiving since September offered high pay and flexible hours. That alone could help schemers attract potential victims. The unfortunate thing is that the email addresses of Dartmouth students are public information, and so anyone could send phishing emails to anyone studying at the university. If the student receives a phishing email offering a job, they can be tricked into disclosing physical addresses of residence, full name, phone numbers, and other private information. Depending on what kind of information is retrieved, schemers can try to perform identity theft and impersonate the student online.

If schemers switch to communicating with students via text messages, they could be sent links, and since mobile phones are not always protected, schemers might have better chances of extracting even more sensitive information in this way. Furthermore, phishing emails could contain file attachments. The messages representing them could indicate that more information about the position offered is included in the file, and so the target might see no harm in opening the attachment. Well, that is how ransomware spreads. Ransomware is the kind of malware that, in most cases, encrypts personal files, and cybercriminals can use that to demand a ransom in return for a decryptor. If the attackers managed to encrypt lecture notes, essays, assignments, and other school-related documents, students are likely to panic, and this could lead them to paying the ransom. The situation could be catastrophic.

Luckily, the mandatory two-factor authentication that Dartmouth has implemented makes it impossible for third parties to hijack students’ accounts, but that does not mean that severe damage could not be done. If you have interacted with the schemers behind this misleading job offer scam, you need to trace your steps back. Did you open attached files or links? Did you disclose personal information? How could this information be used against you? Hopefully, you can save yourself against schemers even if they have tricked you into believing the fake phishing email offering a job.

How to recognize phishing emails in the future?

How a phishing email looks depends on who created it. If it was an amateur, who does not know much about virtual scheming, poor grammar, an unfamiliar email address, a strange subject line, or a nonsensical offer (e.g., when a philosophy student receives a job offer at a biotechnology lab) should help figure out the scam. On the other hand, if the schemer is experienced, they can use hijacked email accounts, clever subject lines, attractive offers, and convincing messages. Even in a situation like this, you could find red flags, and they are outlined in this article. At the end of the day, if there is at least one suspicious detail, you need to consider the possibility of facing a scam.

Potential employers might reach out to you out of the blue, and it is more likely to happen to the students of Ivy League schools. Nonetheless, most students need to reach out to companies and offer their own applications. Hopefully, you do not need to face employment scams in the future, or you are quick to recognize them. Being careful about phishing emails is not all that you need to take care of. You also want to backup your personal files to protect them. It is also a good idea to implement two-factor authentication whenever you have the option because that minimizes the chances of having your accounts hijacked. Finally, and most importantly, you have to take care of your passwords. If they are not strong enough, cybercriminals could guess, brute-force, and breach them before you can put two and two together. If you need help creating, protecting, and managing your passwords, try out a free password management tool called Cyclonis Password Manager.

December 6, 2019

Leave a Reply