Screenshot of malicious email:
On September 23rd, 2021, compromised community member email account(s) were utilized to spam Covid-19 relief allowance/grant scam materials.
The malicious email encourages recipients to apply non-existent a Covid-19 relief allowance/grant, via non-existent grant foundation, by clicking a link that leads to a non-DePaul website. The application scam form utilizes DePaul University imagery in an attempt to bolster their fraudulent impersonation of the University. The form requests personal information from victim, including bank information.
Based on the information requested in the form, this scam likely the malicious actor will likely attempt to defraud the victim by sending the victim a fraudulent check or via a cash transferring app such as Zelle or Cash App.
It is always important to remain vigilant when handling email, even when it appears to come from a DePaul email address or other official looking email address. Email addresses and login portals can be spoofed and imitated. Compromised email accounts (e.g. if a fellow DePaul community member fell victim to phishing) are often used to target the community. Keeping your DePaul account secure helps keep the entire community secure.
Some indicators that these emails are malicious:
- Numerous grammatical errors
- Promises of easy money
- Incorrect references to identity (the scammer's template mentions a different education institution)
- Link to a non-DePaul website
- Leading communications off of DePaul's platform (i.e. contact will likely be followed up via text or non-DePaul email)
Anyone with concerns regarding this scam can contact the Information Security Team at security@depaul.edu.