A cybercrime campaign has been targeting students seeking jobs since March, a cybersecurity company reported Wednesday.
Scammers, posing as bioscience and health companies, are enticing students to attend a video call about a job with the intention of getting them to pay bogus fees as a condition of employment, according to Proofpoint researchers Timothy Kromphardt and Selena Larson.
“Proofpoint has previously observed threat actors targeting colleges and university users with fraudulent jobs, but this one was interesting because the companies the attacker was spoofing all appear to be related, with the same type of lures and job descriptions used, and all were in bioscience, scientific research or health care,” Larson told TechNewsWorld.
The researchers explained in a company blog that targets received email messages inviting them to a video or chat interview for remote data entry jobs.
Bogus Upfront Fee
“While Proofpoint was not able to confirm the requests made in a video interview, researchers assess with high confidence based on previous related activity that the actor likely told the recipient they would need to pay an advance fee for equipment before receiving it, which the threat actor would collect,” the researchers wrote.
In their findings, Kromphardt and Larson noted that each message sent to a target included a PDF attachment containing hardware and software requirements for the offered position, which totaled up to $7,000.
While the researchers couldn’t confirm what transpired during the interviews with the targets, they wrote that the scammers likely asked the students to pay for the equipment to meet the job requirements upfront, with the understanding that the student would be reimbursed with their first paycheck.
Alternatively, the students may have been given a check to deposit into their bank accounts to be used to purchase equipment from a bogus supplier, who would drain the money from the student accounts, leaving the students to pick up the tab when the check bounced.
“These are typical behaviors for threat actors perpetrating employment fraud,” the researchers wrote. “In some cases, the actor may also ask for cryptocurrency payments to cover the ‘shipping expenses’ of items they are supposed to purchase.”
According to an article that appeared Tuesday in Inside Higher Ed, student scams have again gained momentum after a brief hiatus at the end of the Covid-19 pandemic. At California State University, Long Beach, the article noted, every email sent between students contains a banner warning recipients to be wary of messages for job offers and password reset requests.
The article by Johanna Alonso noted that scammers commonly offer students jobs, often with better pay and more flexibility than they could find on campus. After assigning a student some menial tasks, it continued, the scammers generally send their victims fraudulent paychecks before claiming to have overpaid them and demanding the money be returned.
Students can be ripe targets for threat actors, according to cybersecurity experts.
“Many students do not have experience with scams, phishing, and spear phishing, making them an excellent target for criminals,” observed Dror Liwer, co-founder of Coro, a cloud-based cybersecurity company based in Tel Aviv, Israel.
“It is easier to communicate authority with an inexperienced student and convince them to take action such as providing information or sending a payment,” he told TechNewsWorld.
“Students often face financial challenges, such as tuition fees, student loans, and living expenses that can make them vulnerable to claims that offer the opportunity to alleviate some of their financial burdens,” added George Jones, chief information security officer at Critical Start, a national cybersecurity services company. “The trusting nature of students can make them more willing to believe promises made by bad actors, especially when they appear to come from reputable sources or offer enticing benefits,” he told TechNewsWorld.
“Students might be more willing to click on links that promise freebies and steep discounts,” said Paul Bischoff, a privacy advocate at Comparitech, a reviews, advice, and information website for consumer security products.
“They’re also tied into their university network,” he told TechNewsWorld. “If hackers can use a student’s account to break into a university network, that could be the foothold needed to escalate privileges and launch more devastating attacks on the entire network, such as ransomware.”
Those networks contain information highly prized by hackers, explained Darren Guccione, CEO of Keeper Security, a password management and online storage company in Chicago.
“Schools store sensitive data about employees and students ranging from personally identifiable information to psychological records that can earn cybercriminals a pretty penny on the dark web,” he told TechNewsWorld.
Sean McNee, vice president of research and data at DomainTools, an internet intelligence company in Seattle, maintained that universities have seen increased attacks from bad actors due to their porous nature and bias for information sharing, along with continued budget concerns and tight resources.
“It is saddening, but not surprising, to see bad actors now pivoting from colleges and universities themselves to now targeting students attending those institutions,” he told TechNewsWorld.
How Students Can Avoid Scams
To avoid the kinds of scams identified by Proofpoint and Inside Higher Ed, Jones advises students to verify the legitimacy of job postings and employment opportunities before applying or sharing any information.
He also recommends researching a potential employer. “Check for contact information,” he said, “and look for reviews and reports of fraudulent activities, as well as checking known review sites such as LinkedIn or Glassdoor for company information.”
Seek guidance, he added, by consulting trusted advisors, such as career counselors, professors, or mentors, when evaluating job offers or financial opportunities. “They can provide valuable advice, and a second set of eyes can help identify potential scams,” he said.
Proofpoint reminded student job seekers that legitimate employers will never send paychecks before an employee’s first day of work, nor will they ask employees to send money to purchase items prior to work beginning.
Some key components of fraudulent job offers identified by Proofpoint included:
- An unexpected job offer received from a freemail account such as Gmail or Hotmail spoofing a legitimate organization;
- A job offer from an email address that uses a domain different from the official company website;
- Nonexistent or overly simplistic interview questions with little to no information about the job duties;
- PDFs or other documentation that includes grammar and spelling mistakes and includes generic content about organizations and roles; and
- Receiving a “paycheck” almost immediately after beginning a discussion with a sender.
By staying informed and adopting these cautious, common-sense approaches, students can help protect themselves from fraudulent job offers and other online scams.