Last week, students received an email from the Office of Information Technology (OIT), with the subject line “ND Students Lost $1000s to this Scam.” The email described how, “students have lost thousands of dollars to scammers impersonating faculty members with enticing job offers.”
According to Lenette Votava, head of internal marketing and communications for OIT, the scams were primarily fraudulent student job openings.
“The majority of scams reported to the Information Security team are student job scams offering fraudulent research assistant positions,” she said over email. “These scams are ultimately designed to steal students’ personal information.”
Phishing scams come in a variety of different forms, such as fraudulent job offers and fake invoices. They can also come through a variety of different media like email, text messages, phone calls and social media.
What they all share in common is that they “try to deceive the recipient into taking an action, such as revealing personal information,” Votava said.
These messages typically include a phone number or email address that recipients are directed to for the full job description, rather than directing them to an official application through the University.
Some other indicators of phishing messages are that they may ask for personal information or passwords, are sent from an unusual address instead of an @nd.edu address and create a sense of urgency.
Votava said that if students respond to a phishing message, they will likely be asked to purchase supplies for the job or perform money transfers.
“The sender will either promise to reimburse or more commonly, request personal bank account information in order to deposit a mobile check into the victim’s account,” Votava said. “These checks are fraudulent and will eventually be revoked by the bank, leaving a deficit in the victim’s account if that money was used to purchase items or transfer money for the job.”
Sophomore Sophia Fowler said her Canvas account was hacked in November. Her personal phone number was part of a larger data leak and she received messages requesting money. She said the scammers threatened to lock her out of her account and report her for cheating if she did not send the money.
Fowler said she filed a report with NDPD and reported the incident to OIT. OIT froze her account associated with her school email for 24 hours. After freezing her account, they recommended she change her passwords and set up Okta authentication for Canvas through push notifications rather than text messages.
“Push notifications directly from a service’s proprietary app are generally more secure than text messages, especially for verification purposes,” Jeremy Moynihan, the Director of Campus Technology and Innovation in Student Government, said. “You can be even more confident that the message came directly from Okta.”
Votava explained that students can protect themselves from scams by understanding the warning signs of unsafe messages. Students should also familiarize themselves with approved channels for student employment on campus by referring to the JOBboard.
She said that faculty members and staff have been instructed not to communicate about student employment through email.
Votava said the Information Security team is working to filter out spam and phishing emails to prevent them from reaching students’ inboxes, but that it is important for students to be on the lookout for these messages.
“Job scams will continue to pose a threat to the higher education community,” Votava said. “Cyber criminals evolve their strategies, making these phishing scams increasingly difficult to detect.”
