Screenshot of malicious email:
On September 9th, 2021, there was another round of job scam emails that were sent out from compromised University email addresses. There are a few variants in this campaign. One variant is shown above. These are the same job scams that the Information Security Team has been alerting the community to for many months.
In this scam, the malicious email encourages recipients to apply for a "job" at a DePaul "affiliate" by sending interest to an external non-DePaul email address.
Once in contact with the malicious actor, the malicious actor will often attempt to request further personal information, and the communications will often move to a text message format. Ultimately, the malicious actor will attempt to defraud the victim by sending the victim a fraudulent check and/or via a cash transferring app such as Zelle or Cash App.
Some indicators that these emails are malicious:
- Numerous grammatical errors
- Promises of easy money
- Appeals to emotion (i.e. alleging that you will help orphans)
- Communications being led off of DePaul's platform (i.e. emailing a non-DePaul email address and communications via text messages)
- Soliciting replies to come from the recipient's personal email address to avoid detection/blocking by DePaul's mechanisms
- Links to non-DePaul websites