Scammers Target International Students

Job Scam
https://pxhere.com/en/photo/1566887

The Information Security Office has observed that the international student community is often the most targeted for job scam emails. Scammers prey upon the trusting nature of the student population by promising some form of employment (either part-time or full-time) that requires very little time and effort on the student’s end for a high reward. Further, international students may not be aware of acceptable hiring practices of U.S. employers, and so are more likely to trust these emails.

An example we often see is a “job opportunity” for 4 hours of remote work (such as looking up prices of office supplies at Walmart) that promises $350 (equating to $87/hour, an enormous rate for such easy work). Often, you are promised a reimbursement check, including a bonus amount that totals over $1,000, but when you deposit the check, you find that your bank account has instead been drained of that amount. This is an example of the all-too common check fraud that we see on campus.

Other times, the work requires you to purchase $200 to $800 in gift cards, which you will then scratch off the codes and send to the “employer”. They promise to reimburse you with a bonus, but you never see any payment for it. This is an example of the other most common scam targeting students, gift card scams. 

Things to keep in mind when you see job opportunity emails: 

  • Does the company exist?
    A quick Google search can tell you if the company exists and is legitimate, and if the hiring manager exists.
  • Did you tell anyone that you are in the job market?
    Have you applied at that company for that position, or have you signed up for any job/internship websites?
    If yes, are you receiving an email from that website (such as an email from the company, LinkedIn, Indeed, etc), or is the email from a personal email account, such as GMail or Yahoo? Legitimate recruiters will use only the company emails, or the job website will contact you; they will never use personal email accounts for business communications.
  • Was the email in your spam folder?
    GMail filters emails to your spam folder based on information gathered from similar spam messages reported by other users. Although there are instances of a legitimate email being sent to your spam folder, chances are high that if it is in your spam folder, it’s because the email is spam, a scam, or even phishing. Don’t interact with these emails unless you are absolutely sure you were expecting it and that the email is legitimate.
  • Does the email request personal information that is unrelated to the job?
    Examples include age, gender, birthdate, full home address, and other personal information. This is often inappropriate or illegal for U.S. companies to ask for due to the potential for biased hiring.
  • Is the email in another language?
    Often, scammers will write their scam emails in the native language of their victims, urging them to use non-professional apps, such as WeChat, to avoid the Information Security Office from finding out their scam.
  • Are there other students on the email Cc or To list?
    Scammers send these emails in bulk, and will often neglect to hide their recipient list.  
  • If the email is in English, are there spelling errors or grammar mistakes?
    This is the first red flag that can identify if this email is legitimate or fraudulent.

If you receive an email about a job opportunity matching some or all of the above criteria, what should you do? 

  • You can report it as spam or phishing and Google will filter the email to your spam folder. Reporting it as spam/phishing can also benefit other users by training Google’s filters to identify emails of this pattern as spam, which Google will then filter to their spam folders so they won’t get scammed. 
  • If you want to report it to the Information Security Office, you can email security@case.edu. This will notify our office so we can take immediate action to block the scammers and identify any victims. 
  • If you want to verify whether it is legitimate or not, forward the email to the Information Security Office and ask us to verify if it is legitimate. We can provide more insight into the email, and answer any additional questions about it. 

What To Do If You Are The Victim Of Fraud: 

  • If you deposited a phony check, call your bank immediately and let them know that you are the victim of fraud, and the check you recently deposited was sent to you as part of a check fraud scheme. Work with them to retrieve any stolen funds.
  • For both check and gift card fraud, file a police report with your local precinct or the CWRU police department (if it is safe to come on campus). This may be vital in getting your money back and proving to the bank that your case is legitimate. 
  • If you purchased gift cards, see if you can return them as you purchased them due to a scam. You may not always be able to return them or resell them for full value, but it is worth asking.  
  • Inform your coworkers that a fraud scheme is going on to prevent them from falling victim. 
  • Contact the Information Security Office at security@case.edu so they can prevent the scammers from contacting you and prevent any other members falling victim.

--

Written By:

Katherine Starr
Information Assurance Analyst
CWRU Information Security Office