Screenshot of malicious email:
On October 15th, 2021, another round of job scam emails were sent out from compromised DePaul community member email address(es).
The malicious email encourages recipients to apply for a for a non-existent Bitcoin/cryptocurrency themed job. The email makes reference to a real cryptocurrency company, which the scammer is impersonating.
Once the victim emails the malicious actor, the scammer may attempt to request further personal information, and the communications may move to a text message format. Ultimately, the malicious actor may attempt to defraud the victim by sending the victim a fraudulent check, via a cash transferring app such as Zelle or Cash App, or other methods.
It is always important to remain vigilant when handling email, even when it appears to come from a DePaul email address or other official looking email address. Email addresses and login portals can be spoofed and imitated. Compromised email accounts (e.g. a DePaul email account owned by an individual that fell for phishing) are often used to target the community. Keeping your DePaul account secure helps keep the entire community secure.
Some indicators that this email is malicious:
- Grammatical errors
- Promises of easy money
- Impersonation of other organizations
- Leading communications off of DePaul's platform (i.e. directing recipients to email a non-DePaul email address, and requesting that communications come from the victim's non-DePaul personal email)
- Mismatched sender name and signature block name (though more sophisticated scams will spoof this)
If you have fallen victim to this scam, or have further questions or concerns, please contact the Information Security team at security@depaul.edu.