Phish of the Month

Recently, an email was delivered to UA users, supposedly offering employment. Here is a sample of this email:

From: notfrankwitmer[@]alaska[.]edu

There is a pressing need for student research assistants at èßäÊÓƵ University  . The team will be accepting interns remotely (working from home) with a weekly pay of $350 as compensation for services. This position is available to students from any department of the institution, and tasks can be carried out remotely. Slots are few, and consideration will be given on a first-come, first-served basis.

To proceed with the application, kindly text Professor Frank Witmer, Ed.D. at (XXX) XXX-XXX  stating your full alias, email, department, and year of study about the job description and further application requirements.

Best Wishes,

Frank Witmer
Title
Professor
èßäÊÓƵ University 

 

While the job in this email (and others like it) seem like a wonderful opportunity, this is not an authentic email from Dr. Witmer or the University of èßäÊÓƵ.

How this scam works
  1. The scammer poses as a reputable individual, usually a respected professor,  that is offering a tempting employment opportunity.
  2. The scammer asks the victim to respond with a personal (non-èßäÊÓƵ) email.
  3. There is usually some reason they can't meet you in person for an interview, but despite this, the victim is still awarded the "job."
  4. There is an exchange of funds; often the scammer will send a check to the victim that is significantly larger than the amount agreed upon; the scammer asks for part of it to be wired or transfered via Zelle, CashApp, or other money transfer app. This can also manifest as the scammer sending a check to cover new "equipment;" the web store front is fake, but the money is sent to the attacker.
  5. By the time the money is wired and gone, the initial check has bounced, leaving the victim on the hook for the money they sent the scammer.

How can you tell?

In the past, phishing emails were less sophisticated, were riddled with misspelling and obvious grammatical errors. In the above example, the threat actor has done some research but has still included awkward phrasing and mistakes (we have formatted these items in bold). 

Phishing emails use a few tactics to encourage you to act, such as:

  • offers that are too good to be true
  • things you might miss out on if you don't act fast (we underlined these items)
  • negative consequences if you don't do what they tell you
  • attempts to impersonate people who are known to you

Don't take the bait! Take a few seconds to scrutinize these emails and look for these tactics before acting.

What should you do?

If you use Google Mail in the web client, please report these emails as phishing (instructions here:  Alerting Google in this manner helps keep emails like these out of inboxes, as well as sending a notice to the OIT Security Operations team for further investigation.

Outlook user? Submit a report to mark these emails as dangerous.

As always, contact your local Service Desk if you need assistance!

UAA 


or call 907-786-4646

UAF & SW (OIT) 


or call 907-450-8300

UAS 


or call 907-796-6400