Recently the Fordham University community has been a part of a targeted scam email campaign. The emails are sent from what appear to be various Fordham faculty members corresponding to current Fordham students about a job opportunity involving research. The campaign requests personal and financial information from the student, such as social security number, usernames, passwords, bank account information, phone numbers, etc. These types of information requests are common in malicious emails. Students should avoid responding to these emails and report them to Information Security and Assurance using the Cofense button or forwarding the email to spam@fordham.edu.
To help identify these types of emails, the student should pay attention to the details within the email. Here is an example of the recent campaign email header that a student should pay attention to when receiving an email with this type of request. Specifically, the “reply to” address is not a Fordham domain email. Also, some of these emails may be going to the student’s non-Fordham personal email address.
| from: | professorsAccountName@fordham.edu |
| reply to: | professorsAccountName.fordham.edu@gmail.com |
| to: | studentsAccountName@fordham.edu |
The body of the introductory email is very straightforward and promising.
This is an invitation to participate in an Interdisciplinary research project collecting data remotely and earn $250 weekly. It is an adaptable job that requires little to no prior experience not to mention its flexibility to fit into your regular schedule. Provide the information below to indicate interest and you'll receive a follow up email detailing specific. Full Name: Cell# Alternate email:
If the student replies, there are several follow-up emails requesting more information. These follow-up emails may also request a financial transaction from the student to the malicious actor via a digital payment system with promises of reimbursement. They may even send a reimbursement check that they claim can only be deposited via mobile banking, but the check is fake.
Everyone with an email address is susceptible to falling victim to phishing emails. It is vital that everyone is aware of how to spot indicators of phishing emails. Below are some links to help raise your security awareness and best practices on handling and reporting these emails.
