Greetings,
This email is to alert you to a resurgence of the hiring scams that have been targeting the DePaul University community in recent history.
As previously, the scam emails are sent from compromised DePaul email accounts, utilizing stolen credentials. These credentials are often initially harvested through a phishing campaign, which in this case has frequently been disguised as a link to a "document" that the victim is enticed to "review" by the scammers. However, credentials used in these scam campaigns may also be the result of other phishing campaigns as well.
As a result, these emails often appear to come from DePaul University email addresses, and as such, it is important to remain vigilant when handling email, as email addresses can be either spoofed or compromised by malicious actors.
The job scam emails themselves typically follow a fairly similar format, and usually contain several red flags, including:
- Contact from a DePaul email address not used for hiring/job communications
- Promises of money, especially extremely high hourly wages (e.g. $100 per hour)
- Grammatical errors
- Vague references to sender and recipient identity
- Requests to email a non-DePaul email address with interest (e.g. reply-to an external gmail address), or to click a link leading to a non-DePaul website (e.g. fake Google docs form or a malicious website)
Ultimately, the scammer will request personal information, and attempt to defraud the victim via a sent fraudulent check or cash transfer app.
If you believe you may have fallen victim to the job scam, or have further questions/concerns related to information security, please contact the Information Security team at security@depaul.edu.
Lastly, helpful security training and resources are available at https://go.depaul.edu/securitytraining. Both the employee and student offerings provide knowledge on a variety of information security topics and can help community members familiarize themselves with safe computing practices.
Sincerely,
Information Services