New Cyber Scams Target Universities
(WHNT) – The Internet Crime Complaint Center is following several scams targeting universities, university employees, and students across the nation.
Scams range from Internet fraud to intrusions.
One scam involves sending you an email where you click on a link where they ask you to log in with your name and password. When you do that, they have access to your account and personal information.
Some scammers are said to have used professor’s personal information to file false income tax returns.
The following are common scenarios:
• Spear phishing e-mails are being sent to university employees that appear to be from their employer. The e-mail contains a link and claims some type of issue has risen requiring them to enter their log-in credentials. Once employees provide their user name and password, the perpetrator accesses the university`s computer system to redirect the employees` payroll allocation to another bank account. The university employees` payroll allocations are being deposited into students` accounts. These students were hired through online advertisements for work-at-home jobs, and provided their bank account information to the perpetrators to receive payment for the work they performed.
• Scammers are posting online advertisements soliciting college students for administrative positions in which they would receive checks via the mail or e-mail. Students are directed to deposit the checks into their accounts, and then print checks and/or wire money to an individual. Students are never asked to provide their bank account information to the perpetrators.
• Perpetrators are compromising students` credential resulting in the rerouting of their reimbursement money to other bank accounts. The reimbursement money is from student loans and used to pay tuition, books, and living expenses.
• Perpetrators are obtaining professors` Personally Identifiable Information (PII) and using it to file fraudulent income tax returns.
• Some universities have been victims of intrusions, resulting in the perpetrators being able to access university databases containing information on their employees and students.