Phishing Schemes
At the start of the semester, there are always some critical topics to cover to remind of important things. First and critically – today, students received a final notice from Wake Forest regarding the University’s vaccination policy requirements. Students who received this message will have their Spring 2022 class schedule dropped and their University housing assignment removed (if applicable) unless they come into compliance by 11:59 pm on Thursday, January 13, 2022.
Even if they think they uploaded their documentation, if they received a message, it means that the University believes they are not in compliance with the vaccine policy.
As such, please be certain to ask your student to check their email (and junk, spam, quarantine, promotions) to make sure they did not receive this email. (Note that we have made multiple attempts to reach non-compliant students since mid-December, which have included text, email, and phone calls).
Now to another important topic. We’ve had an emerging issue we want to draw families’ attention to: internet fraud and phishing schemes. I was the target of a potential scam earlier this fall, and I wanted to dedicate today’s Daily Deac to this topic, as we are aware that students may also be receiving scam or phishing emails or texts.
The one I received looked like a text message coming from my bank. It had the last 4 digits of one of my cards, with a notice of a very large Zelle transaction (that I had not made). I admit when I received it, I sort of panicked, because that was a lot of money to me.
I spent about 20 minutes trying to Google the number that had texted me, then I Googled my bank to see if the number matched any of their numbers. Turns out, the number that texted me was one digit away from my bank – and I realized it was a scam. But in the moment, when I first got the text, I was nervous and almost clicked their link, which would have led me straight to a scammer.
We have a terrific IS department here that stays abreast of potential phishing scams. They have a website dedicated to phishing, and we want to be sure your Deacs are aware of the kinds of things circulating:
There is a bank fraud text phishing scheme that resembles the text I got.
There are FedEx delivery scams too. Students might be particularly vulnerable to these if they think a family member, grandparent, etc. has tried to ship them a gift and didn’t have Wake’s address right.
There are take this survey and get paid for your time scams, which might also be attractive to college students looking to make a quick buck.
There are IRS scams that target individuals unfamiliar with filing taxes through phishing emails or through phone calls or texts. They often demand payment of fictional taxes or fines through direct wire transfer or gift cards and threaten victims with jail time.
There are also job scams, which purport to offer students a job, but require cash or a credit card to get started. The Office of Personal and Career Development (OPCD) has a great website showing students the telltale signs of job scams.
More insidiously, to my mind anyway, are scams that target international students. Some of them claim that a student’s immigration status or visa are in danger of being canceled. Others suggest that the student might have committed a crime in a country during travel to/from the US, or that their family in their home country is in danger; each of these scenarios asks students for payment. And often, if you make the payment, the scammer will come back with increasing demands.
Our IS security team recommends the following for all students:
When you get a suspicious text or email, STOP and take a deep breath before reacting.
Look at the message or text. Inspect the email address by clicking on it and/or look at the URL of the link. If it involves a company like a bank, Google the bank number online and call the bank’s officially listed number on the web – do not call the number you see in your text or email (those will connect you to the scammer!)
If you see misspelled words or other grammatical errors, that is a clue that it might be a scammer. Do not respond.
Never provide your personal information in response to urgent emails, text messages or phone calls that instruct you to click a link to confirm your payment or enter more information.
Be aware that most government agencies, including the IRS, send notifications through the mail and will not initiate contact with you via a phone call or text message.
View your Wake Forest email in the Gmail web interface or Gmail app on your mobile device to leverage warning banners across suspicious messages.
If you still are not sure if this is a legitimate message or not, talk to someone you trust before you take any action. Share the message with a support office on campus (IS via (help@wfu.edu and infosec@wfu.edu), the OPCD, the Center for Immigration Services and Support (formerly the International Students and Scholars office), or University Police) to get some help determining the message’s legitimacy.
Sadly, we have had reports of some Wake Foresters being duped in scams. There can be a great deal of shame in admitting that you were a victim, but you should not be ashamed! Some of these scams are very realistic and believable (like I said, I was almost duped myself!)
If your student ends up falling prey to one of these scams, it is very important that they share their experience with University Police. We need to be aware of messages targeted to our students (and faculty and staff) so we can provide support.
Families, if you don’t want to forward this Daily Deac to your students, I encourage you to at least share these links with them. It may save them a lot of heartache – and money – by looking at these resources.
https://is.wfu.edu/infosec/phishing/
https://opcd.wfu.edu/land-it/find-a-job/avoiding-job-scams/