A University of Central Florida undergraduate student recently received an email she found suspicious. The subject line wasn’t anything to be concerned about. However, the first line read, “I am a staff in the college, a professor of medicine shared me a link for UCF students who might be interested in a PAID UNICEF PART TIME POSITION job that pays $400 weekly.” It caught her eye as an opportunity for a job, but the email definitely felt like it could be a phishing attempt. UCF’s IT guidelines on spam recommend checking for correct spelling, grammar and contact information. The email already had strikes against it, but people do make mistakes. It could have been real.
Most phishing attempts try to encourage an intended victim to download and execute a file. In this case the email was recommending that the UCF student “Kindly send an email here for more information: [email address removed]@outlook.com” If this were a real job offer, then wouldn’t they use a company email address?
One clue in the email was “Remember to send the email from your personal email and not your school email.” That’s still an attempt to get personal information. It would also open up an attack vector. A quick search online located a similar attempted swindle reported by Visalia College of the Sequoias back in February. The article explains how if the UCF student had replied looking for the UNICEF job opportunity, she would have been met with emails asking for banking information or to buy gift cards for UNICEF charity. This is one of the best ways to stay safe – do a quick search online for suspicious text.
UNICEF has a history of dealing with scams and email spam falsely sent in their name. Going back as far as 2007 their site warns against opening fraudulent offers and phishing attempts. In 2015 they warned about fraudulent job offers as well. For more information about the mission of UNICEF you can read about the company and their efforts.
These fraud attempts are reminiscent of several recent efforts from hackers. People are always on the lookout for better jobs. Back in October hackers targeted veterans. Recent phishing attempts focus on fears about COVID-19. Hackers will try to exploit any angle to infect people which is why you need quality protection when working from home or attending college.
If a company you work for is interested in learning more about phishing attempts, we would recommend this VIPRE webinar.