Safe Computing @ Andrews

Have you received an email similar to this about a job opportunity?

Unfortunately, the email above it is not a legitimate job offer, but a scam that could cost you money. Scammers are spoofing Andrews University email addresses to send job scam emails designed to trick students into applying for a job that requires them to provide personal information and potentially engage in criminal activity.
Please confirm all employers and representatives before corresponding via email or phone.

There are many ways to identify a job scam email:

• The email is from a Gmail, Yahoo, or other non-Andrews address. Legitimate companies should email from their corporate email account. Andrews University will not post jobs from employers that do not have corporate email accounts.
• You are not the only recipient on the email. Legitimate companies will not send an email about a job offer to multiple people at once.
• The email does not address you by name. The email may say your information was obtained from a job board, school database, or a career services office. If so, they should address the email to you directly, rather than “Hello Student” or “Good Morning”.
• The company name is a legitimate company. To make the scam more believable the email will use the name of a legitimate company. However, the person contacting you has no relationship with the company they are claiming to work for.
• They ask to continue the conversation by text. This makes the scam harder to document. Conversations about legitimate offers should be conducted by email.
• They ask for personal information in an email. Legitimate job opportunities require you to apply and provide your personal information in an official application, many times on the company website.
• The email contains grammatical or spelling errors. A very common attribute of scam emails is that they do not bother to spell check or grammar check their outgoing emails.
• There is no contact information for the sender. Any legitimate email from a company’s Human Resources or Recruiting department should have a signature line with the sender's name, title, and contact information.
• The email asks you to visit a non-Andrews website. Andrews University will only ask you to visit the website for official career services events on campus.

If you receive an email that contains this type of information, delete it. There is no need to respond. If you ever have questions about whether or not an email is legitimate, forward it to:  helpdesk@andrews.edu.

Never:

• Never give out personal information like your social security or bank account number over email or phone.
• Never take cashier’s checks or money orders as a form of payment. Fake checks are common and the bank where you cash it will hold you accountable.
• Never cash a check that comes with “extra” money. Scammers send checks that require you to deposit a check at your bank, withdraw the “extra” money as cash, and then deposit that cash elsewhere. The check will bounce and you will be held accountable.
• Never wire funds via Western Union, MoneyGram or any other service. Anyone who asks you to wire money is a scammer.
• Never apply for jobs listed by someone far away or in another country.
• Never agree to a background check unless you have met the employer in person.
• Never apply for a job that is emailed to you out of the blue.

Always:

• Be skeptical. If a job is offering a lot of money for very little work, it could be a scammer trying to get personal information from you.
• Research the employer. Do they have a reputable website or professional references? Is the job listing you want to apply for also on their main career page? Note: work-study jobs may not be advertised on employer websites.
• Meet face-to-face with a potential employer. An in-person interview or informal chat over coffee will help you determine the employer’s intentions.
• Be sure to choose a public place to meet, tell someone where you are going and bring your cell phone, just in case.
• Trust your instincts. If a job sounds too good to be true, it is likely a scam.

When Internet criminals impersonate a business to trick you into giving out your personal information, it’s called phishing. Do not reply to email, text or pop-up messages that ask for your personal or financial information. Don’t click on links within them either—even if the message seems to be from an organization you trust, like Andrews University—It is not! Legitimate businesses don’t ask you to send sensitive information through insecure channels.
Malicious email typically uses urgent language, asks for passwords, bank account numbers, user names, credit card numbers or other personal information; and may have grammatical, typographical or other obvious errors.

• Spear Phishing: Scam, Not Sport  |  Norton
• Phishing  |  OnGuardOnline.gov
• Recent Phishing Emails at Andrews University
• Take this "phishing" quiz from OnGuardOnline.gov
• Report phishing attempts. If you suspect an email to be a phishing attempt, forward the entire email to helpdesk@andrews.edu.

What happens if I am scammed?
If you think you gave personal information in response to a phishing email or on a suspicious webpage, your account may be compromised.

• Change your Andrews password. go to Vault, sign-in to My Account, then select Change Your Password.
• Carefully review any online accounts that became vulnerable as a result of responding to the email message.

Report Possible Phishing Scams and IT Security Incidents
If you have received an email that you believe is a potential phishing scam, it is important that you report the incident(s) as soon as possible so that work can begin to investigate and resolve them. Forward the suspected phishing email to the ITS Helpdesk at helpdesk@andrews.edu. IT security incidents include but are not limited to items listed in 1:762:10 General Guidelines of the Andrews University Computers & Networks Policy.

Still Not Sure?
The following links are well-known services to check domains for reports of phishing, scams and spam email. They let you search for websites and domains that have been reported by others as being good or bad.

https://community.opendns.com/domaintagging/
https://www.mywot.com/en/scorecard
http://www.phishtank.com/

• Set up your spam filter. Search online for various tutorials concerning instructions for your email client.  Andrews University uses a spam filter by Microsoft.  For more information, see Manage Spam Emails at Andrews.
• Block unwanted instant messages. Spam attacks instant messenger as well, so set up your spam filter on your messaging client.
• Block Images. Pictures sent through email can be modified to communicate with the sender. Spammers use the info to find active email addresses so prevent pictures from downloading until you’ve read the message. Check your email User’s Guide to learn about this feature.
• Only share your primary email address with people you know
• Set up an email address dedicated solely to web transactions
• Watch out for pre-checked boxes. When you buy or download online, companies sometimes pre-select check boxes to trick you. Make sure to read all check boxes and uncheck anything you don’t agree with.
• Delete junk email messages without opening them. Some emails contain hooks that capture your email address when you open the email.
• Don’t reply to spam emails. Be wary of messages that include a link to "remove me from this list."
• Don’t give out personal information in an email or instant message.
• Think twice before opening attachments or clicking links in e-mail or instant messages. Viruses can attach themselves to email and infect your computer when you click on them.
• Don’t buy anything or give to any charity promoted through spam. Spammers often swap email lists. So, buying something from spam mail may result in your name being passed to another spammer resulting in even more spam being sent directly to you.
• Don’t forward chain email messages. You can easily lose control of who sees your email address and further provide your email address to additional spammers.
• Report abusive, harassing, or threatening email messages to Student Life and Campus Safety.
• Report phishing scams or fraudulent emails to the company who was misrepresented by contacting them directly.