How to maintain cybersecurity and protect yourself from fraudulent job and internship offers
By LYNN CHEN — features@theaggie.org
At UC Davis, most of us are young adults just beginning to enter into society, trying to achieve career goals and become financially independent. As such, it is no wonder that many online scammers target our population.
Jade Lee, a second-year student majoring in psychology, said that she often receives emails advertising fraudulent job postings for research positions in labs.
“I would say I get a decent amount of emails from [UC Davis] non-affiliated accounts asking if I want to do lab work and stuff,” she said.
Lee was almost taken in by one of these scams in her first year. “I think I might have fallen for the first [scam email],” she recounted. “I was looking for a bit for lab work last year […] and I end[ed] up reaching out to the person who sent it the first time.”
Luckily, because Lee already obtained a legitimate lab position before the scammer replied, she was able to avoid the fraudulent position.
Unfortunately, many people receive similar emails like Lee does: messages that advertise fake research, internship or other employment opportunities to college students.
“By far, the most prevalent [form of scam] is a job scam,” Jeff Rowe, a senior cybersecurity analyst at UC Davis, said. In their emails, attackers typically pose as genuine recruiters from companies or professors from UC Davis and other accredited universities in order to trick students, according to Rowe.
In recent years, email frauds like these have surged in numbers across student inboxes. Even undergraduates who have not yet stepped onto campus are being targeted.
“You have a natural refresh of ‘naive’ students every year,” Rowe said. “The summer before [new undergraduates] show up is when we see the most [scam] activity.”
Job scams typically belong to the bigger category of “phishing scams,” which refer to forms of fraud that attempt to acquire sensitive information from the victims. For students, their phone number, email address and campus LoginID username and password are all in danger of being stolen.
“The number one thing [attackers] want is, of course, money,” Rowe stated. “But the second thing they really, really want is your email account.”
Rowe explained that scammers will often try to deceive students into providing their email passwords and Duo Security tokens. With access to a verifiable email address, attackers can more easily target people at other universities.
“The third thing they want is your personal contact information,” Rowe added, “because once you start to communicate with them using your cell phone or personal Gmail account, […] none of the security controls that we have here at UC Davis or our security operations can help you anymore.”
Job scams can play out over several days, where bad actors — those who wish to cause harm through cyber means — have dialogue via email with a student several times, according to Rowe.
During this process, potential victims can easily leak their bank account number and information to the attackers.
Chief Information Security Officer Cheryl Washington emphasized that repeated interactions between bad actors and victims can provide scammers with more opportunities to learn about their targets and more successfully siphon profits from them.
She underscored that the core of email scams is not how computer-savvy scammers are, but rather how adept they are at being manipulative with their targets. This was also agreed upon by Rowe.
“The psychological portion is what’s important for these attacks,” Rowe explained. “[The scammers] are not at all technical people who know anything about computers. They know how to send emails and that’s it, […] but they are extremely good at manipulating people.”
Rowe stated that it was common for attackers to impersonate people that students deemed their superiors, such as professors, to get to students.
“[Having] someone who’s above you, that has power over you, reaching out to you and communicating with you without you asking [for it] is a very powerful sort of psychological motivation,” he said.
Because of this, students may feel more compelled to reply to job scam emails, like Lee did.
“I dare say, in extraordinary cases, they want to probe and get so deeply immersed in who you are as a person,” Rowe remarked.
Additionally, scammers may try to be clever with their wording in emails in order to appear genuine. By offering opportunities to students who may not be actively looking for such work, potential victims feel specially chosen and thus have a greater chance of falling for job scams.
Furthermore, though it is common to think that job scammers will present huge sums of monetary rewards in their emails to attract more students, attackers actually often advertise quite reasonable amounts of “monetary compensation” for their fake job postings. This is to more effectively impersonate real recruiters to deceive undergraduates.
As mentioned earlier, attackers know to target those who would be more likely to fall for their schemes, like incoming first-years who may be more inexperienced. Evidently, the capabilities of scammers should not be underestimated.
However, if students are engaging with attackers through their school email, the campus may actually have time to step in and warn potential victims of their suspicious correspondents. As such, Rowe advises against undergraduates giving away personal emails and other contact information too easily to unknown senders, since the university would no longer be able to interrupt any questionable transactions for the students.
UC Davis has also been trying to prevent its community from being scammed through educational campaigns.
“A few years ago, [because] we saw a significant volume of these sorts of scams hit our community, [Rowe] and I met with a number of stakeholders including representatives from the Career Center, other branches of Student Affairs, the privacy officer, the legal council officer and a host of others to talk about some strategies that we could use to better educate our students,” Washington said.
“What we’ve tried to do is illustrate by way of example, [educating people about] things we see in emails that might serve as flags,” Washington stated.
The campaigns also strongly encouraged people to verify the legitimacy of the emails they were interested in through the Information Security Office, the Internship and Career Center and other relevant university offices.
“Part of the reduction [in numbers of people being defrauded] has been part of the byproduct of the campaigns that we’ve launched to educate, to educate, to educate,” Washington explained. “Not adding more technology, but expanding our outreach and education [to prevent scams].”
Rowe and Washington also provided specific tips on how to avoid job email fraud.
Initially, Rowe strongly recommended students never use their personal bank accounts to conduct business with UC Davis. “If you have a job at UC Davis, money goes into your bank account, not out,” he emphasized.
In addition, undergraduates can use Google to search for unknown email senders’ names to verify their identity and actual email addresses.
Washington gave similar advice: “If a bad actor asks you to spend your money to buy supplies for their job, chances are, that’s a scam. If they ask you for your bank account information, that’s a scam.”
She also cautioned the community to be wary of emails offering opportunities that seemed too good to be true.
“I won’t necessarily assert it’s a scam, but let’s ask questions first,” she said.
While knowing how to identify and protect yourself from job scams is important, Rowe also urged students to report any suspicious emails to cybersecurity@ucdavis.edu, in order to impede the potential attackers from victimizing other members of the school community.
As young adults, we have just begun to build our first steps into society and our careers. Don’t let an email with false hope compromise our valued wealth and assets.
Written by: Lynn Chen — features@theaggie.org