Information Services > Security > News & Updates > Recent DePaul Security Events
[April 20, 2021]
This email is to alert you to a resurgence of the hiring scams that have been targeting the DePaul University community in recent history.
As previously, the scam emails are sent from compromised DePaul email accounts, utilizing stolen credentials. These credentials are often initially harvested through a phishing campaign, which in this case has frequently been disguised as a link to a "document" that the victim is enticed to "review" by the scammers. However, credentials used in these scam campaigns may also be the result of other phishing campaigns as well.
As a result, these emails often appear to come from DePaul University email addresses, and as such, it is important to remain vigilant when handling email, as email addresses can be either spoofed or compromised by malicious actors.
The job scam emails themselves typically follow a fairly similar format, and usually contain several red flags, including:
- Contact from a DePaul email address not used for hiring/job communications
- Promises of money, especially extremely high hourly wages (e.g. $100 per hour)
- Grammatical errors
- Vague references to sender and recipient identity
- Requests to email a non-DePaul email address with interest (e.g. reply-to an external gmail address), or to click a link leading to a non-DePaul website (e.g. fake Google docs form or a malicious website)
Ultimately, the scammer will request personal information, and attempt to defraud the victim via a sent fraudulent check or cash transfer app.
If you believe you may have fallen victim to the job scam, or have further questions/concerns related to information security, please contact the Information Security team at firstname.lastname@example.org.
Lastly, helpful security training and resources are available at https://go.depaul.edu/securitytraining. Both the employee and student offerings provide knowledge on a variety of information security topics and can help community members familiarize themselves with safe computing practices.
[April 27, 2020] [Copy of email "Information Security Alert - Malicious Phishing"]
Yesterday, many in the DePaul community received a malicious phishing message with the subject "[EXT] OLIVIA (1 202-205-6510) has left you a message." This email contains an attachment which, when clicked will bring up what looks like a Microsoft login page. Please do not click on this attachment or put your credentials into this malicious phishing page. Some clues that this is a phishing message:
- [EXT] tag on a message claiming to be from our voice mail system
- no text in email - only an attachment
- when launched, inspection of the URL will show evidence that you are not at a Microsoft page
As many of us in the DePaul community are working remotely, we'd like to share thoughts on continuing to be vigilant in protecting yourself and the personal information of our community that DePaul is the steward of.
First, be aware that threat actors commonly use crises like this to take advantage of situations where people are searching for and sharing information relating to the crisis, by planting fake "information" links which lead to malicious pages. Please be especially cautious when seeking information on Covid19.
Note that your personal device may not have the same security protections as your DePaul computer. DePaul devices have several layers of security controls. It is highly recommended that you use your DePaul computer when conducting remote work on behalf of DePaul, either through a DePaul laptop in your home connecting via a trusted WiFi network or through a remote connection to your office computer. The DePaul KnowledgeBase page at https://depaul.service-now.com/sp?id=kb_article_view&sysparm_article=KB0010746&sys_kb_id=cb3d46591ba30090f15543f8bc4bcb1f will give further information on working remotely and, for particular information on setting up your on-campus computer remotely, see: https://depaul.service-now.com/sp?id=kb_article_view&sysparm_article=KB0010629&sys_kb_id=10b6bcf81b634c508e0e337cdc4bcb35.
Below is list of potential security threats to watch out for and links to trusted sources of information.
Do not click on links or attachments from resources or sites that you are not familiar with as they can install malware onto your device. Threat actors use "phishing" techniques and try to closely mimic the names of legitimate source.
As the U.S. Cybersecurity and Infrastructure Security Agency (CISA) advises: "Exercise caution in handling any email with a COVID-19-related subject line, attachment or hyperlink, and be wary of social media pleas, texts or calls related to COVID-19."
Be wary of emails claiming to be from the Centers for Disease Control and Prevention (CDC) or experts saying they have information about the virus. Instead, go directly to legitimate websites, like the Centers for Disease Control and Prevention - https://www.cdc.gov/coronavirus/2019-ncov/index.html, and the World Health Organization https://www.who.int/emergencies/diseases/novel-coronavirus-2019.
Be aware of scams involving advertisements or offers for cures or treatments including, vaccines, pills, potions, lotions, lozenges or other prescription or over-the-counter products available to treat or cure COVID-19. None of these currently exist.
Multiple scams have been reported with virus tracking maps which have malware embedded. Please go directly to legitimate sources referenced above or to this official map https://coronavirus.jhu.edu/map.html .
The FBI has recently warned of an increase in extortion scam emails. If you receive one of these and are unsure of what it is, please forward it to email@example.com.
If you have any questions on this, please contact the Help Desk at 312.362.8765 or write to firstname.lastname@example.org.