The Center for International Cyber Intelligence, or CI2, is aware of a new scam affecting college students in the United States. A local company sent a job offer to a student for a remote admin position paying $400 a week. The offer included an email address of a “representative” to contact if he was interested. It was received through their school email and was from a fellow student's address.
The student requested more information. The next day, he received a text from “Human Resources” inviting him for a Skype interview. Unknown to student, the text came from a burner phone. The interview was held by chat only, no audio.
The student was sent a Google Form to fill out his personally identifying information, including his social security number and driver’s license details. This seemed to be normal onboarding procedure. He was then asked to request an invoice for office supplies by email. Unknown to the student, that email was fake.
The student received an email with an (E)Check and was told to scan it into their bank account, then send the same amount of money to a bitcoin address. Unknown to the student, the check was forged. The student was a victim of crypto theft.
CI2, the college and the police were contacted. CI2 deployed a team to investigate and determined that the suspects used a smart device from the United Kingdom, a desktop in the United States, possibly from a virtual private network, and a virtual machine to mask their identities. A similar scam was found at another college.
Here is how you can prevent becoming the next victim of cyber theft:
- Pay attention to emails you receive. Does it make sense?
- Do not reply if you are sent to another email address domain. Most recruiters talk on the phone, video, or email from their company's domain.
- Do not fill out personally identifying information on a website that you are unfamiliar with or have not confirmed to be legitimate. Instead, state that you will provide your identifying information in person, or through a verification process.
- Under no circumstances should you transact any money with a business or individual without verifying their legitimacy.
- Most businesses are registered with their state or country, and most people in a leadership role are on a website other than their own.
- Most importantly, use common sense: if it seems too good to be true, it probably is.