September 23, 2020
Job Offer Scams Target Undergraduate Students
As the new school year begins, the Information Security Office (ISO) would like to bring attention to a string of fake job offer scams that have been targeting undergraduate students at Carnegie Mellon University.
Job offer scams are typically sent in an email that appears to be from a professor at the university. The message contains a subject line that references part time work opportunities or student assistant needed. The contents of the message states that the professor is seeking a student who can work from home and that experience is not necessary. The message goes on to request that any interested student reply with their cell phone number and personal email address. Once an interested individual responds, the scammer sends a fake job description and requests additional personal information from the intended target in order to apply for the position.
After the victim has sent the scammer their personal information, the victim receives a congratulations message informing them that they have been selected for the position. The email also contains the first tasks of the job which require that the victim purchase “equipment” for the job, as well as Visa gift cards in order to validate the employment. The scammer indicates that all purchases will be reimbursed on the first paycheck and that paychecks should be deposited through mobile deposit only. If a victim makes the required purchases and submits the Visa gift card activation codes, the scammer will send a fake paycheck through email. Once the victim uses mobile deposit, the check will immediately show up in the victim’s bank account as pending. After the bank realizes the check is fraudulent, the victim will be charged for a bounced check fee as well as the money for the equipment purchases.
To avoid falling victim to a job offer scam follow the tips below:
- Confirm the sender of the message by analyzing the following values in the email headers:
- Identify that the 'From' email address matches the display name as it can be forged.
- Make sure the 'Reply-To' header matches the source.
- Find where the 'Return-Path' goes.
- Learn how to display the email headers in your email client by visiting the Email Headers page.
- Only apply to jobs through Handshake, Carnegie Mellon University’s official online recruiting platform for students and employers.
- Be wary when individuals request gift card purchases and activation codes over email or phone.
- Contact the supposed sender through a trusted channel found on the University Web Directory to verify the contents of the message.
- Report gift card scams as soon as possible! If you believe you were a victim of a gift card scam, immediately report the scam to the company that issued the gift card and tell them the gift card was used in a scam. If you act quickly enough, they may be able to recover your funds. Additionally you should report the incident to your bank and the University Police.
- Forward all scam emails and email headers to the Information Security Office at firstname.lastname@example.org