Dear Students, Faculty, Staff and Families: The start of the spring semester is quickly approaching, and many in our community are working diligently to prepare for the return of our students and to safely resume in-person teaching and learning. We…
Watch Out for Email Scams!
Information Technology Services (ITS) urges you to be vigilant. Email scammers are becoming more creative and are making their emails look like they are coming from official University offices and syr.edu accounts.
There are currently at least three types of email scams that are targeting the Syracuse University community:
- Phishing scams that contain a link that when clicked takes you to a page appearing to be a legitimate login page and attempts to get you to enter your SU NetID and password. Often, the fake login page looks exactly like MySlice!
- Employment scams that offer some type of well-paying job. If the victim accepts the job, they receive a counterfeit check or money order with instructions to deposit it into their personal account. The victim is instructed to keep some of the funds (usually several hundred dollars) as their compensation, and withdraw the balance and send it, via wire transfer or in the form of gift cards or gift card codes, to another individual or “vendor.” The money is supposedly for equipment, materials or software necessary for the job. Days later, the victim’s bank confirms the counterfeit check and demands the money back from the victim. The scammers often obtain personal information, such as social security and telephone numbers, physical and email addresses, from student victims while posing as their new employer, leaving students vulnerable to identity theft.
- Known as a “sextortion” scam, the victim receives an email from someone who claims to have hacked their computer. They back up this claim by providing an actual password that the victim may have used or is currently using, on some website somewhere. The hacker says they have used the camera on the hacked computer to take videos of the victim in compromising situations and threatens to publicize the videos if the victim does not pay an extortion fee, usually in the form of bitcoin. These are false. The password is usually an actual password that the victim used on a previously compromised site like Yahoo that has been made public.
Recently, numerous Syracuse University students have reported all three scams, and several students have fallen victim to them. Unfortunately, students who fall for the scams suffer financial losses and identity theft. The students’ bank accounts may be closed due to fraudulent activity, and student victims are responsible for reimbursing the bank the amount of the counterfeit checks.
Be Vigilant. Protect Yourself!
If you receive such a job offer by email, examine it closely. Assume that any job that seems too good to be true probably is. Employment scams begin with experienced con artists posing as recruiters or employers who offer attractive employment opportunities doing simple tasks for a few hours a week. These criminals frequently work from overseas locations. They often require job seekers to pay them money in advance, usually under the guise of work-at-home, high salary, no experience required, make your own schedule, shopping or personal assistant, and special vacation or travel arrangements.
Here are some tips to help you avoid email scams:
- Enable two-factor authentication for your online University and, if available, other accounts. This will protect against unauthorized use of your credentials, even if they are stolen.
- Do not pay any money up front.
- Do not accept payment for services you have not provided (i.e., as a “pre-payment” for expected services).
- Be cautious of emails written with poor grammar, lacking proper verb usage and sentence structure, or with text in all caps or bold font.
- Never send money from a deposited check until it officially clears your bank. Note: It can take several weeks for a fake check to be discovered.
- Never provide credit card or bank account numbers, and be cautious of payments by wire service or courier.
- Be suspicious of any email from senders you don’t know, or that seems out of character for the sender. Verify that the sender is actually who they appear to be before clicking on any links or attachments.
- Verify the URL of any link before you click it by hovering your cursor over the link and examining the URL. If you don’t recognize the URL, don’t click it.
- Never open attachments unless they are from someone you know, or you expect them.
- Don’t enter your username and password (especially your University NetID) to access any website if you are not 100 percent sure of its validity. In particular, you should be suspicious of email messages that have links to sites that ask you to use your University NetID and password to log in.
- Keep your computer software updated and patched, particularly your antivirus and anti-malware software.
- Remember that nobody at Syracuse University will ever ask for your NetID or password for any reason, in any form other than when you’re logging in to an SU system. If somebody does, they’re not representing the University or any of its offices. Report any occurrences to firstname.lastname@example.org.
If you receive a suspicious offer or fall victim to an email scam, please forward any related emails to the ITS Information Security team at ITSecurity@listserv.syr.edu and the Department of Public Safety at email@example.com. Please include your name, SU email address and contact telephone number.
If you have questions about student employment at Syracuse University contact Student Employment Services at 315.443.2268 or HRSES@syr.edu.
ITS staff will do all they can to prevent spam and phishing emails from landing in your SU mailbox, but inevitably some will get through. Please, be cautious about the email to which you respond. And if you’re not sure, get in touch with ITS at 315.443.2677 or firstname.lastname@example.org.