Resources
Recognizing Job Scams
One of the most common types of phish sent to students are job scams. Job scams have also proven to be very effective by utilizing the student's inexperience against them.
Some characteristics of job scams are:
- Very high salaries
- No experience required, or bare-bones experience prerequisites
- Ask you to reply to an email address that is not the sender's
- Ask you to reply using your personal account
- Unconventional application methods (i.e., Google Form) may be characteristic of a scam
Avoiding Gift Card Scams
Gift card scams are a very common type of phish sent to University staff. These scams will often impersonate your superiors which can instill urgency in the recipient, causing them to miss certain details in the email.
Some details include:
- Both the sender display name and the signature in the body indicate that it is your superior, but the sender address is not your superior's arizona.edu email address
- The sender claims they are "currently in a meeting and need you to buy a gift card" and send them the card codes
- The email simply requests a favor with no other information
Detecting Credential Harvesters
Credential harvesters are highly dangerous phish that give almost comprehensive access of your account to malicious actors. Account compromise can result in situations where your account is used to send malicious emails, to further compromise University systems, and/or steal money from your payroll.
Some indicators of a credential harvester campaigns include:
- The email is a file share through Google or SharePoint
- The email impersonates an account alert for a critical service
- Clicking the link leads to a page requesting login credentials, but the URL domain is not reputable.
- Clicking the link leads to a form service (i.e., Google Forms) you will never need to submit credentials to a survey form for authentication