Have you received unsolicited job offers via email for secret shoppers, personal assistants or for any position? DO NOT apply.
As the fall semester starts, universities within the Triangle area are seeing an increase in the number of phishing emails that lure students into providing personal data for part-time job opportunities.
At NC State, job-based phishing emails are up 200 percent. This past weekend, OIT blocked more than 5,000 job-based phishing emails that were sent to 3,000 students from “Chancellor Woodyson offering a part-time position as a personal assistant.”
In addition to your full name, address and mobile phone number, phishers are now requesting an alternate email address — one that is different from your ncsu account — because they are aware that the university is successfully blocking their phishing attacks.
Students as well as university employees should be aware of phishing emails that are designed to fool them into releasing sensitive data, such as passwords, account or social security numbers, birth dates, and other identifying information, to be used for nefarious acts.
These emails may also contain links to harmful URLs or attachments that will download hacking programs or other malicious malware onto your devices. Once you click on a link or open an attachment in a phishing email, you have taken the bait.
To protect yourself and your data, follow these recommendations:
- Know your senders
Phishing emails can look like they come from trusted sources. Before clicking on links or opening attachments, ensure you recognize the sender’s email address. When in doubt, don’t click on links or open attachments. - Beware of phishy emails
Phishing emails may be vague or sound “funny” and sometimes contain multiple spelling or grammar errors. If you receive such an email from a known sender, contact them by phone for verification. Do not reply to the sender by email, as you may be communicating with someone who has hacked the sender’s account. - Recognize phishing in all its forms
Phishing attacks aren’t limited to just email. They may also come in the form of instant messages or text messages (aka smishing) or even phone calls (aka vishing). Follow the same precautions you would for email when receiving links, attachments or requests for personal information by any of these methods. - Don’t share sensitive data
No matter how “official” an email appears, legitimate companies and organizations will never ask for personal information, such as passwords and account numbers via email. Such phishing emails often contain urgent messages, requesting that you provide sensitive data to avoid an action being taken against you. - Ensure your antivirus software scans for malware
Viruses are only one type of malware, so confirm that your antivirus is also protecting your devices against other malware, such as worms, spyware, nagware, trojans, adware, and a host of malicious codes. - Don’t forward phishing information to others, especially the active bad links
You may want to warn your friends, co-workers or end users of a phishing attack by forwarding them a phishing email. With some attacks, you can get your account phished just by clicking on the email link that directs you to a fraudulent website or form. - Instead, send a summary of the phishing email text and subject line
You can mention the links or take a screenshot of the original email, but do not include the real one. Never forward a “loaded” phishing email, and tell others not to do so. - Report suspicious activity
- In your Google email, select Report phishing from the drop-down menu in the upper right corner of your message. See Avoid and report phishing emails.
- You can also send new phishing emails to phishing@ncsu.edu. Make sure you include the full email headers.
- Keep up with phishing trends and tactics
Pay attention to articles and alerts concerning current phishing scams, especially during certain times of the year, such as holiday shopping seasons or tax season. - Enroll in two-factor authentication
To provide an additional layer of security for your NC State accounts, visit Two-Factor Authentication (2FA) at NC State and enroll in Google 2-Step and Duo. To protect your personal data, visit Two Factor Auth (2FA) to view other websites, including social media sites, that support 2FA.
As always, contact the NC State Help Desk at help@ncsu.edu or 919.515.4357 (HELP) with any concerns or questions about suspicious emails, even before you click on any links.
For additional information on phishing and computer safety tips, refer to the following resources: