We have recently seen a surge in fake job scam emails as attackers know that the semester is starting for universities across the world. The recent scam emails are centered around offering part-time work, often using keywords such as UNCICEF, remote, administrative assistant, and work study.
The attackers will often try to move the conversation outside the UNC email system and on to text or to a user’s personal email account, which helps them avoid a number of protections put in place to protect our users. In addition, once they are able to compromise a UNC email account, they began sending spam messages from that account, making it easier for additional victims to engage.
If you receive an email about a job a job offer, consider the following even if the sender has a UNC email address:
- Was this expected based on an in person conversation and do you know of the person sending the offer?
- Are they asking you to respond by text or an email to an address outside of the UNC email system, such as a gmail.com account?
- Is there a link that takes you to a website that isn’t hosted by UNC?
If the message is unexpected and you do not know the sender, this should make you suspicious. If they are also asking to communicate by text or an email outside of the university, that’s a major red flag. Finally, always hover over links you receive in emails to see where it goes. In a situation like this, a link that would take you to site outside of the unc.edu domain would be a red flag, and should not be clicked.
Here are some additional tips to help protect yourself:
- If you are using Microsoft 365 or reading email, you should not be asked to enter your password or re-authenticate with 2-Step Verification. Additionally, the address bar should show login.microsoftonline.com or sso.unc.edu next to a closed lock icon during the login process.
- Your method of 2-Step Verification should not change without your input. If you normally use the Microsoft Authenticator app (recommended) to approve access, you should not receive a text message or phone call to confirm your identity.
- Examine the email address From line, not just the name. Is it an @unc.edu address? If from an outside source, is it somebody with whom you communicate regularly? Is the domain spelled correctly?
- Take extra care with Google Docs. The sender’s email address is included in the message from Google Drive and not in the From line. Be suspicious. Consider contacting the sender using a method other than email, such as chat or a phone call, to confirm the message.
- Does the message contain a threat or sense of urgency, such as confirming your account status within 24 hours? Does the message or document contain only a link? These are red flags for phishing.
What should I do if I receive a suspicious message?
- If you suspect a message is phishing, use the Report Message button on your email menu to help prevent others from becoming victims.
- Most importantly, do not click on any links or attachments in unexpected messages.
While these specific scams are typically targeted at students, the entire university community should be vigilant of unexpected or out of the ordinary emails. If you’re unsure, ask the ITS Service Desk by visiting help.unc.edu or calling 919-962-HELP (4357).