A cybercrime campaign has been targeting student job seekers since March, a cybersecurity company reported Wednesday.
Scammers posing as life sciences and healthcare companies lure students into a video call about a job with the intention of getting them to pay bogus fees as a condition of employment, according to Proofpoint researchers Timothy Kromphardt and Selena Larson.
“Proofpoint has previously observed threat actors targeting users at colleges and universities with fraudulent jobs, but this one was interesting because the companies the attacker was spoofing appear to be related, with the same type of lures and job descriptions. used, and they were all in bioscience. , scientific research or medical care,” Larson told TechNewsWorld.
The researchers explained in a company blog that the targets received emails inviting them to interview via video or chat for remote data entry jobs.
false initial fee
“While Proofpoint was unable to confirm the requests made in a video interview, investigators are very confident based on prior related activity that the actor likely told the recipient that they would have to pay an upfront fee for the equipment before receive it, which threatens the actor would collect,” the researchers wrote.
In their findings, Kromphardt and Larson noted that each message sent to a target included a PDF attachment containing the hardware and software requirements for the offered position, totaling up to $7,000.
While the researchers were unable to confirm what happened during the interviews with the targets, they wrote that the scammers likely asked the students to pay for equipment to fulfill the requirements of the job in advance, with the understanding that the student would be reimbursed with your first paycheck. .
Alternatively, students may have received a check to deposit into their bank accounts to use to purchase equipment from a fake vendor, who would take the money out of student accounts, leaving the students to pay the bill when the check bounces.
“These are typical behaviors of threat actors perpetrating workplace fraud,” the researchers wrote. “In some cases, the actor may also request cryptocurrency payments to cover the ‘shipping costs’ of the items he is supposed to purchase.”
According to an article that appeared Tuesday in Inside Higher Ed, student scams have gained momentum again after a brief hiatus at the end of the Covid-19 pandemic. At California State University, Long Beach, the article noted, every email sent between students contains a banner warning recipients to beware of messages with job offers and password reset requests.
Johanna Alonso’s article noted that scammers often offer students jobs, often with better pay and more flexibility than they could find on campus. After assigning a student some chores, he continued, scammers typically send their victims fraudulent paychecks before claiming they’ve been overpaid and demanding their money back.
Students may be ripe targets for threat actors, according to cybersecurity experts.
“Many students have no experience with scams, phishing and targeted phishing, which makes them an excellent target for criminals,” observed Dror Liwer, co-founder of Coro, a cloud-based cybersecurity company based in Tel Aviv, Israel. .
“It’s easier to communicate authority with an inexperienced student and convince them to take action like provide information or send a payment,” he told TechNewsWorld.
“Students often face financial challenges such as tuition fees, student loans and living expenses that can make them vulnerable to claims that offer the opportunity to alleviate some of their financial burdens,” added George Jones, chief information security officer at Critical Start. a national cybersecurity services company. “Students’ trusting nature can make them more willing to believe promises made by bad actors, especially when they appear to come from reputable sources or offer attractive benefits,” he told TechNewsWorld.
“Students might be more willing to click on links that promise freebies and deep discounts,” said Paul Bischoff, a privacy advocate at Comparitech, a website for reviews, advice and information on consumer security products.
“They are also linked to their university network,” he told TechNewsWorld. “If hackers can use a student account to break into a university network, that could be the foothold needed to escalate privileges and launch more devastating network-wide attacks, such as ransomware.”
Those networks contain information highly prized by hackers, explained Darren Guccione, chief executive of Keeper Security, an online storage and password management company in Chicago.
“Schools store sensitive data about employees and students ranging from personally identifiable information to psychological records that can make cybercriminals quite a bit of money on the dark web,” he told TechNewsWorld.
Sean McNee, vice president of research and data at DomainTools, an Internet intelligence firm in Seattle, said that universities have seen an increase in attacks from bad actors due to their porous nature and information-sharing bias, along with budget concerns. continuous and limited resources.
“It’s sad, but not surprising, to see the bad actors now move from colleges and universities to the students who attend those institutions,” he told TechNewsWorld.
How students can avoid scams
To avoid the types of scams identified by Proofpoint and Inside Higher Ed, Jones advises students to verify the legitimacy of job postings and employment opportunities before applying or sharing any information.
He also recommends researching a potential employer. “Check contact information,” he said, “and look for reviews and reports of fraudulent activity, as well as check well-known review sites like LinkedIn or Glassdoor for company information.”
Seek guidance, he added, by consulting trusted advisors, such as career counselors, teachers or mentors, when evaluating job offers or financial opportunities. “They can provide valuable advice, and a second set of eyes can help identify potential scams,” she said.
Proofpoint reminded student job seekers that legitimate employers will never send out paychecks before an employee’s first day of work, or ask employees to send money to buy items before they start work.
Some key components of fraudulent job offers identified by Proofpoint include:
- An unexpected job offer received from a free email account such as Gmail or Hotmail spoofing a legitimate organization;
- A job offer from an email address that uses a different domain than the company’s official website;
- Non-existent or overly simplistic interview questions with little or no information about the job functions;
- PDF or other documentation that includes grammatical and spelling errors and includes generic content about organizations and roles; and
- Receiving a “paycheck” almost immediately after starting a conversation with a sender.
By staying informed and adopting these cautious, common-sense approaches, students can help protect themselves from fraudulent job offers and other online scams.