BEWARE OF FAKE STUDENT JOB POSTINGS

Jobs that sound too good to be true should raise a red flag for any college student. This semester, we have received an increase in fake job postings from malicious actors sending emails sent to your student account. In some cases, these emails originate from compromised UML student accounts.

Fake jobs can be attempts to steal personal information about you or steal money or bank account information from you. You could also get entangled in criminal activity, so be cautious.

Here are some tips to help you identify fake jobs. You should always carefully research the legitimacy of employers before applying. 

Common Job Scams Targeting College Students:

  • Personal Assistant opportunities
  • Mystery shoppers
  • Envelope stuffing from home
  • Repackaging or shipping from home
  • Issuing checks/check processing from home
  • Model/talent agencies
  • Pyramid sales schemes
  • A variety of scams where a student is asked to pay for certification, training materials, or equipment with promise of reimbursement
  • Pet Sitting/Babysitting

Over-payment Scams

Watch out for over-payment scams. These are often posted as a bookkeeper, personal assistant, administrative assistant, etc., to assist in processing checks or mystery/secret shoppers. The “company” sends a check to the “assistant” (student), who is then responsible for taking their “salary” out of the check and wiring the remainder of the money back to the “company.” These checks are fraudulent and can leave you out thousands of dollars and facing criminal charges.

Beware if the Email or Job Posting:

  • Does not indicate the company name
  • Email signatures including names not found in the UML staff directory
  • References “UML Placement & Services”, including differing variations
  • Comes from an email address that doesn’t match the company name
  • Does not give the employer contact information—title of person sending the email, company address, phone number, etc.
  • Offers to pay a large amount for almost no work
  • Offers you a job without ever interacting with you
  • Asks you to pay an application fee
  • Wants you to transfer money from one account to another
  • Offers to send you a check before you do any work
  • Asks you to give your credit card or bank account numbers
  • Asks for copies of personal documents
  • Says you must send payment by wire service or courier
  • Offers you a large payment for allowing the use of your bank account—often for depositing checks or transferring money
  • Sends you an unexpectedly large check

No legitimate employer will send payment in advance and ask the employee to send a portion of it back. DO NOT provide any personal information, especially Social Security numbers or financial information!  

Examples of Suspicious Ads

The following job posting was rejected by the Student Employment Program Job Board:

Agile and Responsible individual is needed to fill the vacant position of a Personal Assistant (Part time) Someone who can offer these services: *Mail services (Receive mails and drop them off at UPS) *Shop for Gifts *Sit for delivery (at your home) or pick items up at nearby post office at your convenience. (You will be notified when delivery would be made).

A student notified the Student Employment Program that she received the following email:

If you are resourceful, organized, good with paperwork and honest, you can make three hundred dollars ($500) a week, as a business assistant. This flexible but formal position would only take at most two hours of your time daily, or even less, depending on your work-speed. You would be needed Mondays through Fridays, but the job’s flexibility lies in the fact that your duties are clear-cut and would take little of your time to be executed daily. Kindly get back to me ASAP if you are interested and wish to know more about this opportunity.

Another student received an email offering them a “New, interesting, and respectable job” as a typist.

Report Suspicious Ads

If you have concerns about the legitimacy of a job or internship posting, please contact the Student Employment Office at 978-934-4228. If you feel that you’ve been the victim of a scam, please contact campus police at 978-934-2398, or police@uml.edu.

Researching Ads and Employers

Why is it Important to Research Every Opportunity?

  • To find out if the job and the company are legitimate
  • To gather information to help you determine whether the company or job is a good fit for you
  • To find data to help you write targeted resumes and cover letters
  • To find facts to help you answer interview questions

Visit the Organization’s Website

If the organization in question doesn’t have a website or the website doesn’t seem to match the advertised job, there may be cause for concern. Note the professionalism of the website. Is there specific contact information? Are jobs and career information actually posted on the site? Lack of pertinent information is a red flag. 

Use Personal Contacts, LinkedIn, or Other Networking Sites

Do you have any connections to help you find inside information? If you belong to a professional association, they may be able to put you in touch with people who can advise you. Search LinkedIn by “People” and the advanced search fields for “Company Name.” Click the “Current Companies Only” checkbox to receive information on people currently listed as employed by this company. 

Use Google

Search by the name of the organization to gather information and recent news. You can also search by “scam” to look for signs the company has been reported in any type of fraudulent activity.

Check with Consumer Services

Two organizations to utilize are the Better Business Bureau or the Federal Trade Commission to see if any complaints have been lodged against the company. 

Investigate the Company’s References

If you aren’t sure a company is legitimate, request a list of employees or contractors. Then contact the references to see how satisfied they are. If a company isn’t willing to share references (names, email addresses, and phone numbers), this is a red flag. You may want to research the references a bit as well, to be sure they are legitimate.

Be Suspicious of Poor Communication Skills

Be careful when an employer cannot communicate accurately or effectively on the website, by email, over the telephone, etc. If communications are sloppy, how professional is the organization? 

Exercise Caution When Asked to Pay Any Fees

Most legitimate employers will not charge to hire you! Don’t send money for work-at-home directories, advice on getting hired, company information or for anything else related to the job. There are some well-known internship programs that do require payment to place you in internships, but check with your department’s internship coordinator to determine if the program is legitimate. 

Review Payment Information

When information about salary isn’t listed on a job posting, try to find out if you will receive a salary or be paid on commission. Find out how much you’re paid, how often you are paid and how you are paid. If the company doesn’t pay an hourly rate or a salary, be cautious and investigate further. 

Beware: Scam Ads Can be Found in Legitimate Publications

Read all information carefully. If the opportunity sounds too good to be true, it probably is! Just because a job lead appears in a legitimate publication, it doesn’t mean that the job or company is, necessarily, legitimate. Forget about getting rich quick.

Additional Information about Job Scams

Fake COVID-19 Website

The Department of Health and Human Services has issued an alert of a fake malicious COVID-19 website pretending to be a live map for the COVID-19 Global Cases by Johns Hopkins University. Visiting the website infects the computer with an information stealing program which can ex-filtrate a variety of sensitive data.

More information, including a screenshot of the fake map, can be found HERE.

UMass Lowell Information Security would like to remind our community to remain vigilant for scams related to coronavirus 2019 (COVID-19). Cyber criminals may send phishing emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment or hyperlink, and be wary of social media pleas, texts or calls related to COVID-19.

We encourage individuals to remain vigilant and take the following precautions:
• Avoid clicking on links in unsolicited emails and be wary of email attachments
• Use trusted sources — such as legitimate, government websites—for up-to-date, fact-based information about COVID-19
• Do not reveal personal or financial information in email, and do not respond to email solicitations for this information
• Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information

If you feel you have received a phishing email please report it to infosec@uml.edu.

IRS Warns of Variation to Form W-8BEN Scam

Washington – The Internal Revenue Service today warned of a new twist tied to an old scam aimed at international taxpayers and non-resident aliens. In this scam, criminals use a fake IRS Form W-8BEN to solicit detailed personal identification and bank account information from victims.

Here’s how the scam works. Criminals mail or fax a letter indicating that although individuals are exempt from withholding and reporting income tax, they need to authenticate their information by filling out a phony version of Form W-8BEN, Certificate of Foreign Status of Beneficial Owner for United States Tax Withholding and Reporting. Recipients are requested to fax the information back

Click here for the complete story.

 

Phishing Scam – 2/13/18 – Email Membership Update

URL is blocked at the border. Web host has been notified.

Email Membership Update

Due to recent IP routine check; we have reasons to believe that your account has been signed in to from a new Windows device and access by a third party.  Click on SUPPORT and verify your STUDENT.UML.EDU Mailbox to avoid deactivation.

Warm Regards,

2018 University of Massachusetts Lowell -Help-Desk-Administrator.

Email Scammers Targeting UML Students

UMass Lowell Information Security is aware of the sudden increase of Phishing-type emails and scams from various sources that have been delivered to Student Inboxes.   Although Microsoft O365 platform routinely block several thousand phishing attempts per day, there is a chance that slight variations of the same theme will be delivered until a reputation can be established.  As of today, we have disabled over one-hundred student accounts, which have been sending thousands of spam messages to the internet.  This essentially means these students have given up their UML email account credentials to the scammers.

As always, continue to be vigilant with scrutinizing emails you receive not only from financial institutions, but also from what appears to be reputable retailers, government organizations, UMass Lowell IT, and even people you may know.  Email scammers are constantly changing their social engineering techniques to gain access to your personal information or to send spam from your account.  The latest phishing attempt used a picture of Tsongas Arena in the background, and threatened to disable your email account at UML.

If you are ever in doubt about the authenticity of an email you receive, we strongly encourage you to not reveal your university email credentials, personal, financial, and/or account information.  Resist the urge to click on any of the links or download attachments.

We anticipate a continued surge in targeted phishing attacks on our university.  If you have any questions regarding suspicious emails you receive, please contact the IT Service Desk (help@uml.edu) or Information Security (infosec@uml.edu)

You’ve Received a Data Breach Letter — Now What?

It seems every week we hear about a data breach on the news at a major company or government institution.  Recent breaches at Equifax, Yahoo, IRS, Target, and OPM are a few good examples.  So what should you do when a data breach notification letter arrives in your mailbox, or you simply hear about it in the news cycle?   My short answer is — don’t panic and pay close attention.

Faced with a breach notice, most people either ignore it, panic, or start closing accounts.   All of these are not helpful so we recommend these steps:

  1. Read the notice carefully to learn what information may have been exposed.  Keep this notice handy in case you need to prove your data was compromised through no fault of your own.
  2. If you are offered free credit monitoring, take it
  3. Pay close attention to your bank accounts and credit card transactions — at least weekly.  Look for any unusual activity.
  4. Visit a reputable website that summarizes additional steps to take.  My recommendation is www.ftc.gov/idtheft
  5. Know how to place a credit freeze on your credit file
    1.  www.consumer.ftc.gov/articles/0497-credit-freeze-faqs
    2. www.freeze.equifax.com
    3. www.experian.com/ncaconline/freeze
    4. freeze.transunion.com/sf/securityFreeze/landingPage.jsp
  6. Enroll in a paid service for identity theft protection.  Each offer similar protection, but depending upon your financial situation, you may choose one over the other  My two recommendations are:
    1. Lifelock – more expensive
    2. Zander Insurance Group – less expensive; has a family plan
  7. If you are in the habit of storing credit card information on website (i.e Amazon), enroll in Mult-Factor Authentication if the website has it available

So What should I do moving forward?  Keep up good data-management habits by shredding sensitive documents before throwing them in the trash; use a locking mailbox; and take advantage of the Do Not Call registry.

Let’s face it, if you haven’t received a breach notification letter yet, you probably will in the future.  Not all breaches are created equal and some are worse than others.

If it involves your credit card or debit card, chances are your bank will issue you a new one if they think the risk is high (you can always request a new card if you’re concerned).  If your SSN, birth date, and address are compromised, they have a long shelf life and can be used by cyber-criminals next month, next year, or two years from now — you get the point.  For this reason, take the necessary precaution that’s proportional to your risk level.

 

 

Top 5 Multi-Factor Authentication Recommendations

  1. Use the Duo Mobile App to Accept “Push” Notifications
    For our employees that have a smartphone, download and install the Duo Mobile app from your device’s application store (iTunes App Store, Google Play Store, Windows App Store) and search for “Duo Mobile App”. This is the most secure option and the most cost efficient for you and the University.  If you need assistance, you can stop by any of the IT Service Desks at University Crossing, O’Leary Library or Lydon Library.  Refer to www.uml.edu/mfa to manage your settings.
  2. Make Sure Your Mobile Device Number is Your Primary MFA Device
    You can change the order of your MFA devices by visiting www.uml.edu/mfa
  3. Take Advantage of the “Remember me for 30 days” Feature
    When this box is checked, this means you are not challenged for a secondary authentication again when you log in to that application from that device for 30 days. Refer to www.uml.edu/mfa to manage this setting.
  4. Register Multiple Devices
    We strongly recommend registering at least two devices for MFA, such as your smart phone/cell phone and your office/home phone.    Why?  You may forget your primary device at home and you may need to get access to a protected application.  Refer to uml.edu/mfa to manage your settings
  5. Be Cautious
    Try not to blindly accept a “push” or request for a second authentication (sms code, phone call). If you receive a request, and it wasn’t you who generated it, that means someone has your primary password to your account.  Change your password immediately or contact the IT Service Desk (978-934-4357) for assistance.As always, you can check Out the Frequently Asked Questions Document for more useful information by visiting www.uml.edu/mfa .

Apply Apple Critical Update (iOS 9.5.3) Now

Apple recently released a critical security update (iOS 9.3.5) addressing three security vulnerabilities, for which there are known exploits. It is strongly recommended that iPhone and iPad users perform this update asap. You may not have yet received a prompt to perform the update, but the update is available on your device(s) via Settings -> General -> Software Update. More information about the vulnerabilities is available below.

Background:
Recently, a foreign government affiliated “cyber-war” company exploited a set of three zero-day vulnerabilities (dubbed ‘Trident’) in Apple’s iOS version < 9.3.5 to spy on a prominent human rights activist. The vulnerabilities, when exploited, can allow the malicious actor(s) to decrypt and steal emails, text messages, call logs, as well as remotely activate the phone’s microphone among other invasions of privacy and device compromises. Apple released an update several hours later that patches the vulnerabilities.

Targets:
While this security bulletin affects the internet community as a whole, the Trident spyware has been seen to specifically target high profile individuals such as political activists and be used against anyone to compromise access and device privacy. In this case, evidence exists where a political dissident and internationally renowned human rights defender Ahmed Mansoor was sent a suspicious text message claiming to have “New secrets about torture of Emiratis in state prisons” with a link. The link in the text message would have compromised the phone. However Ahmed Mansoor, cautious as he was, instead alerted a technology laboratory that works with human rights activists. This lab is called CitizenLab and together with Lookout Mobile Security, they traced the source of the compromise attempt as well as noted the effects of the mobile malware.

Source:
The source was traced to NSO Group Technologies Ltd. “NSO Group, based in Herzelia, Israel […], develops and sells mobile phone surveillance software to governments around the world. The company describes itself as a ‘leader’ in ‘mobile and cellular Cyber Warfare,’ and has been operating for more than six years since its founding in 2010.” – CitizenLab

Extent of Effects:
According to CitizenLab, the Trident spyware would effectively allow the malicious actor to gain complete control over the target phone by jailbreaking it remotely. After jailbreaking the device, the attacker essentially has full and unrestricted access to almost everything the device contains or processes including but not limited to:

– Calls made by phone, WhatsApp and Viber, SMS messages, as well as messages and other data from popular apps like Gmail, WhatsApp, Skype, Facebook, KakaoTalk, Telegram, and others
– A wide range of personal data, such as calendar data and contact lists, as well as passwords, including Wi-Fi passwords. (above list taken from CitizenLab)

The malware also has the ability to persist throughout patches of individual applications since the compromise affects the operating system layer underneath.

Recommendations:
Update any and all Apple iOS devices to the latest version 9.3.5 or greater.

References:
Ahmed Mansoor – https://www.hrw.org/tag/ahmed-mansoor
CitizenLab’s full analysis – https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
https://wp.nyu.edu/itsecurity/category/alerts/
Lookout Security’s analysis – https://blog.lookout.com/blog/2016/08/25/trident-pegasus/
Apple’s patch notes (iOS v.9.3.5) – https://support.apple.com/en-us/HT207107
Ars Technica news article – http://arstechnica.com/apple/2016/08/apple-releases-ios-9-3-5-with-an-important-security-update/