Screenshot of UNICEF variant of scam:
On September 14th, 2021, another round of job scam emails were sent out from compromised community member email addresses. These are the same job scams that the Information Security Team has been alerting the community to for many months.
During this timeframe, there were two variants of the scam that were seen. Another WHO attempt (see previous scam for screenshot) and a UNICEF internship (see above screenshot). The malicious email encourages recipients to apply for a for an internship with one of these organizations at a non-DePaul free-website-builder site.
Once the victim submits their information via the malicious free-website form, the malicious actor will often attempt to request further personal information, and the communications will often move to a text message format. Ultimately, the malicious actor will attempt to defraud the victim by sending the victim a fraudulent check or via a cash transferring app such as Zelle or Cash App.
It is always important to remain vigilant when handling email, even when it appears to come from a DePaul email address or other official looking email address. Email addresses and login portals can be spoofed and imitated. Compromised email accounts (e.g. if a fellow DePaul community member fell victim to phishing) are often used to target the community. Keeping your DePaul account secure helps keep the entire community secure.
Some indicators that these emails are malicious:
- Numerous spelling and grammatical errors
- Promises of easy money
- Directions to click a link to a non-DePaul website (remember to hover over hyperlinked text to see the underlying URL)
- On the imitation website, there are major appeals to emotion (e.g. stating that applicants will help orphans)