As the University of Washington community has been finding new ways to learn and connect through web applications and services, cyberthieves have been looking for new ways to target your UW NetID credentials, personal information, and your bank account.
Recently there has been a surge in email, text and phone scams aimed at UW students. These scams may promise easy jobs, tuition discounts or other rewards. They may attempt to convince you to purchase gift cards or to send or receive money advances.
Some deceptive offers have been tied to internships, financial aid or tuition payments. Those sent via email can appear to be from UW employees, but are often sent from phony or spoofed email accounts. The scammer may also ask you to provide a cell phone number or non-UW email address in order to contact you via alternative methods.
These scams aren’t new, but they are always increasing in sophistication. So, let’s review some examples of scams targeting UW students.
Meet Ava. She received this email claiming she was awarded an emergency aid grant through the federal Coronavirus Aid, Relief, and Economic Security, or CARES, Act.
The email stated that she would receive funds either through direct deposit or via a check in the mail. Ava was so relieved to read about this grant that she quickly clicked on the link provided. Unfortunately, this link led to a phony web page that was made to look like a UW logo page, and when she entered her NetID and password credentials they were stolen by cyberthieves who were then able to access her personal and student information, which they sold to other cyberthieves.
Financial Aid Credentials
Here’s Demetrius. He opened this email which appeared to be from the “HR department” admonishing him to clarify some information on an unemployment claim. These email messages are tailored to harvest login credentials for student financial aid accounts, and once the credentials are obtained, thieves change the direct deposit information, re-directing payments to their own bank accounts. Fortunately, Demetrius decided not to click on the link provided. Instead, he opened his browser and navigated to MyUW, where he was able to verify that his financial information was up to date.
Kiara opened a message directing her to apply for a job as a secret shopper. She’ll receive $300 a week, it says, to pose as a customer–with no prior experience needed. This email appears to be from a UW office, according to the signature, and it is also from a uw.edu account. Kiara could definitely use $300 a week, but the offer sounds too good to be true. And she’s right. In this case, the link provided in the email leads to a website infected with malicious software, or malware, and if she would have clicked on the link, she may have been tricked into downloading the malware on to her computer. Fortunately, she reported the email and then deleted it. It had been sent from an account that had been taken over by a successful phishing attempt.
Luke received a job offer, too. The position would be personal assistant for a UW physician who specializes in sports medicine and surgery, who is searching for an assistant to mail letters and make purchases for $500/week. At first, Luke is impressed with the many accomplishments and endeavors describe in the email, and it makes sense that a surgeon, team doctor, world traveler, and consultant for Cirque du Soleil would need an assistant. Luke quickly sends back their contact information and, soon they are contacted via text with a request for their personal email account. Once Luke replied with their email address, they were asked for their Social Security number, bank account number for direct deposit, and other personal information. Luke was told that a check would arrive in the mail in a few days and that for their first task, they should cash the check and then use most of the money–all but their $500/week salary–to make a wire transfer through a service at a well-known national chain of stores.
Luke felt hesitant to give out their Social Security number so they decided to check online and found out that employment scams often involve things like big checks in the mail and moving money through wire transfer services. Luke reported the scam to firstname.lastname@example.org and to the Internet Crime Complaint Center at ic3.gov.
Tips and Resources
Here are some tips and resources to help keep your personal information and UW NetID login credentials secure throughout the academic year:
- Remember that official UW business is regularly conducted through UW systems, such as MyUW and Canvas. So open a browser to visit these sites directly, instead of clicking on links in email.
- Protect your UW NetID credentials by using strong passwords and 2-factor authentication. And protect your bank and other financial accounts with multi-factor authentication as well.
- Be suspicious of work-from-home job opportunities.
- Beware of requests for transfers of money or gift cards.
- Account names and email addresses can be spoofed, so be cautious about clicking links in email and downloading attachments, even if it appears to be from someone you know or a UW office.
- Email messages, phone calls, and texts that request that you log in to your bank account or other financial accounts should be regarded as highly suspicious, as well as any messages with an offer to send you money.
- Don’t use your UW NetID credentials and other UW student information on links and websites that are not official UW systems.
- Enable notifications of transactions from your bank and financial accounts, and regularly check your contact and notification information on those accounts.
- If you are the victim of a scam, contact local law enforcement, such as UW Police.
- Report phishing and email scams to email@example.com
More information about each of these tips can be found on the navigation bar on this web page.