Important Phishing Info

by Betsy Chapman

In this Issue: information about phishing that we hope you will share with your students

Phishing schemes and internet scams seem to be on the rise. I was asked to dedicate today’s Daily Deac to this topic, as we are aware that students may also be receiving scam or phishing emails or texts.

Red Flags for Phishing

We have a terrific IS department here that stays abreast of potential phishing scams. Here are a few red flags they want students to be aware of:

  • Urgent or Threatening Messages: Scammers often create a sense of urgency, claiming that your account is at risk or that you need to act immediately.
  • Suspicious Links or Attachments: Always hover over links to see the actual URL before clicking. If it looks unfamiliar or strange, don’t click.
  • Requests for Personal Information: Legitimate organizations rarely ask for passwords or MFA codes via email or text. Be cautious if you receive such requests.
  • Unknown Senders: Be wary of messages from unknown sources or unexpected emails, even if they look official.
  • Attempts to alarm or induce panic by referencing fake Handshake or other job applications (luring recipients to click on malicious links to investigate).

Ways to Protect Yourself

  • Verify the Source: Before clicking any link or sharing information, double-check the sender’s email address. Contact the organization directly using a known, trusted phone number or website.
  • Be Skeptical: Question unsolicited requests for personal or financial information, and be cautious of offers that seem too good to be true.
  • Don’t Click or Download: Avoid interacting with suspicious messages.

Phishing Scheme examples

IS has a website dedicated to phishing. We want to share some common phishing schemes that have taken place so your Deacs are aware of the kinds of things circulating:

Recently, some users fell victim to a phishing scam. They unknowingly provided their passwords and even the Google MFA (Multi-Factor Authentication) codes sent to their phones to unauthorized individuals. 

There are job scams, in a variety of approaches:

  • Some purport to offer students a job, but require cash or a credit card to get started. In one case, a student was sent a check that they were supposed to deposit, keep their “pay” and then return the rest to the employer; when the check hit it bounced, but the student had already sent the rest of the money to the employer. 
  • Other job scams will say that they found a student applied for a job on Handshake, but the student had not actually applied. 
  • Another common tactic is to claim to be a WFU professor but the email comes from a gmail address, not an @wfu.edu address.  
  • The Office of Personal and Career Development (OPCD) has a great website showing students the telltale signs of job scams.
  • Here’s a screenshot of a recent job scam email (click to enlarge):

A job scam email that some Wake Foresters received in summer 2024

There is a bank fraud text phishing scheme

There are FedEx delivery scams too. Students might be particularly vulnerable to these if they think a family member, grandparent, etc. has tried to ship them a gift and didn’t have Wake’s address right.

There are take this survey and get paid for your time scams, which might also be attractive to college students looking to make a quick buck.

There are IRS scams that target individuals unfamiliar with filing taxes through phishing emails or through phone calls or texts. They often demand payment of  fictional taxes or fines through direct wire transfer or gift cards and threaten victims with jail time. 

There are also schemes targeting international students. Some of them claim that a student’s immigration status or visa are in danger of being canceled. Others suggest that the student might have committed a crime in a country during travel to/from the US, or that their family in their home country is in danger; each of these scenarios asks students for payment. And often, if you make the payment, the scammer will come back with increasing demands.

Recommendations from our IS security team 

  • When you get an unexpected text or email, STOP and take a deep breath before reacting.
    • Look at the message or text. Inspect the email address by clicking on it and.or look at the URL. If it involves a company like a bank, Google the bank number online and call the bank’s officially listed number on the web – do not call the number you see in your text or email (those will connect you to the scammer!) 
    • If you see misspelled words or other grammatical errors, that is a clue that it might be a scammer. Do not respond.
  • Never provide your personal information in response to urgent emails, text messages or phone calls that instruct you to click a link to confirm your payment or enter more information.
  • Be aware that most government agencies including the IRS send notifications through the mail and will not initiate contact with you via a phone call or text message.
  • View your Wake Forest email in the Gmail web interface or Gmail app on your mobile device to leverage warning banners across suspicious messages. 
  • If you still are not sure if this is a legitimate message or not, talk to someone you trust before you take any action. Share the message with a support office on campus (IS via (help@wfu.edu and infosec@wfu.edu), the OPCD (handshake@wfu.edu), the Center for Immigration Services and Support (formerly the International Students and Scholars office), or University Police) to get some help determining the message’s legitimacy.  

If a student has been the victim of a scam

Sadly, we have had reports of some Wake Foresters being duped in scams. There can be a great deal of shame in admitting that you were a victim, but students should not be ashamed! Some of these scams are very realistic and believable. I was almost duped myself (see below).

If your student ends up falling prey to one of these scams, it is very important that they share their experience with University Police. We need to be aware of messages targeted to our students (and faculty and staff) so we can provide support. 

Families, if you don’t want to forward this Daily Deac to your students, I encourage you to at least share the current phishing scam link with them. It may save them a lot of heartache – and money – by looking at these resources.

A note on OPCD job scam resources

In terms of job scams, the OPCD (Office of Personal and Career Development) wanted to share the security screening methods are already in place within Handshake and by the Employer Relations team:

  • Handshake uses Sift, Persona, and Google’s webrisk API to provide an effective employer validation process. Sift is an industry leader in Digital Trust and Safety, their methods are effective in detecting and removing fraud as soon as it appears. Sift removes risky users before they contact any students. Google’s webrisk API is integrated into Sift to automatically remove employer accounts posting any malicious website content on Handshake. When Handshake implemented these security methods over a year ago, we saw fraud through Handshake be reduced to just a handful of cases over the past year.
  • Any new employer within Handshake is reviewed by the Employer Relations teams before any jobs or events are posted.  In order for employers to be in Handshake, they have to post a job or event. They are not able to join Handshake without doing so. This has also decreased fraud within Handshake.
  • Students are able to flag a job, organization, or contact as being suspicious. When they do so, 2 things occur: 1) Handshake’s Trust and Safety Team immediately reviews and 2) the Employer Relations team gets notified and can go ahead and cut the employer off if needed.

Hope these tips are helpful in keeping your students safe from phishing schemes!

Recent Posts

Archives