A personal assistant job offer paying $500 for 11 hours of work might seem like a diamond in the rough. But Dan Crabbe, director of information technology services at St. Thomas University, said emails like this one are phishing emails sent by cybercriminals to gain personal information.
“The scam may be initiated against you, a friend, a family member or your employer,” he said.
Crabbe said, in general, scammers use a vulnerable student account so their emails are sent from a stu.ca domain and look legitimate.
“Many of us don’t question an account that’s inside the organization as much as we do [an external account],” he said.
Andrea Escober, a third-year STU student from Honduras, said the first time she clicked on a phishing email, she did it unconsciously.
“It was really dumb on my end, but at the same time, I feel there should be better measures … for us not to get as many [phishing emails],” said Escober.
On Jan. 3, many STU students received an email titled “Work from Home,” which promoted a job as a personal assistant with a salary of $500 for only 11 hours of work. The email contained a link to a form that asked for basic information and a non-STU email address.
Crabbe said one of the reasons scammers ask students for a non-student email is because university IT services won’t be able to see it.
While Escober did not fall for this particular scam, she said scams prey on students’ financial and vocational needs and are especially detrimental for international students.
“My friend actually commented on how excited he was for that [job] opportunity because he has been looking for summer jobs … because he’s staying here in the province and not able to go back to his home country,” said Escober.
Crabbe said STU is looking into the phishing emails and is going to improve cybersecurity soon by asking students to use multi-factor authentication to protect their accounts. STU’s IT services offered technical support to students who fell for the scam. Crabbe recommends students change their passwords and block strange emails.
“The systems and tools organizations use are continuously improving to help protect people from phishing,” he said. “However, each of us holds a key to our own security. I would ask that everyone review their personal security habits to make sure your accounts are secure.”