Replying to a job scam could have serious consequences. It’s bad enough that phishers scam you out of money, but these fake jobs can also lead to identity theft and lasting damage.
Before you reply to a phishy email that might lead to identity theft, pay a background check fee, accept a package or cash a check for supplies — take a minute to be skeptical and scam savvy. Ask yourself, does the email match any of these red flags?
You didn’t apply for the job
Most of the time, you need to apply for a job before you’re offered one. If you receive an email with a new role promised to you and you haven’t applied, that’s a red flag.
From: jennia_barthlette@unc.edu
Dear Student, we are pleased to offer you a research position! Please contact us via WhatsApp for info.
You may also get emails encouraging you to apply to job openings. Some of these will be from legitimate groups like clubs and departments. But before you reply, take a minute and ask yourself a few questions:
- Do you know the sender?
- Is the sender a real person at the University? If so, is that the email address listed in the directory?
- Can you find a website for the department, unit or company? Does the website have information about job listings or somewhere you can confirm that it’s a real position opening?
Phishers love sending emails from compromised accounts. Recipients are more likely to click links or download attachments from people inside their organization and emails from real people are less likely to get trapped by spam filters.
The salary is very high or it pays up front
When something sounds too good to be true, it probably is. With job scam emails, it’s common to see offers with eye-popping salaries. One real-life example promised $350 a week for six hours of work. While there are great paying campus jobs out there, an unsolicited high-paying offer should be a strong clue it’s a scam.
From: DaviesLibary@yahoo.com
Now hiring for a campus office job. Compensation is $350 for 6 hours/week of work.
After depositing the check, you may feel confident sending some money back. But the scam relies on the delay between you depositing the check and your bank discovering it’s a fake. Once your bank tells you the check was fraudulent, the scammers will already have the money you sent — and you won’t be able to get it back.
They’re asking you for money
Often, a job scam entices you with an easy job and asks for money once you’re hooked. They figure that once you’re excited about the job, you’ll pay to make sure it stays on track.
From: DrRePHD@ooeir.ru
Remote job for students: mail packages for lab. Send $5 background check fee with your application.
It’s common for scammers to ask you for application fees or to cover the cost of a background or credit check. These aren’t costs that job applicants should pay for.
Another variation is that scammers say you’ll assemble products for high pay — if you buy a starter kit or supplies from them.
For all variations on the scam, once you’ve paid, the job disappears — and so does your money.The application asks for a lot of personal information
Admittedly, all jobs ask for personal information. Things like your email address and phone number are fair game, but job scammers often ask for a lot more.
From: UNChancellor@gmail.com
Apply to UNC campus jobs using this Google Form. You must include a copy of driver’s license or passport.
Scammers use these fake job applications to harvest your valuable data. They may use that data to steal your identity or sell your data to someone else who will. Or, they can use this personal information to pretend to be you and reset your password at places like your bank or Amazon.
A job application won’t ever need your mother’s maiden name. And you won’t need to share your date of birth and Social Security number until you’re officially hired — anyone who’s asking for those on a job application is trying to steal your identity. And be careful with how you apply. Google Forms and PDF job applications aren’t always scams, but you can’t be sure where that information goes when you hit send. Applying on official company, department or University sites is your best bet to keep your private information out of scammers’ hands.It just looks phishy
Phishing emails — including job scams — tend to follow a lot of the same patterns. And when you’re scam savvy and recognize those patterns, even subconsciously, you’ll notice the message feels “off.”
From: J0hnSmuth@28zqrz.cz
Apply now!Here is an amazing virtual job position that pays over 500 weeklies!!! CLICK HERE
- The “from” address doesn’t match the sender name or is an attempt to look like someone affiliated with the University, like Chancellor.unc.edu@gmail.com.
- The “to” field includes a bunch of other people, or it’s blank and you’re blind carbon copied (bcc’ed).
- The email has poor spelling and grammar. It may also feel stilted or like it’s written by AI.
- There’s a sense of urgency or emotional manipulation. Common themes include that you must act now or bad things will happen or that you’ll miss out on an opportunity if you wait.
What to do if you receive a scam
If you know a message is a job scam — or any other kind of phishing message — use the “report phishing” button in Outlook or Heelmail. Reporting a message as phishing alerts Microsoft to review and potentially remove the message from other inboxes. This can help keep other Tar Heels safe by removing the email before they see it.
If you’re not sure if a message is phishing, contact the ITS Service Desk. You can call 919-962-HELP (4357) or use the Help Portal to chat live or submit a help request. Phishing emails almost always include a sense of urgency — that you must act now. But the reality is that there’s always time for you to get a second opinion from ITS before you respond. If you were defrauded by a job scam — like if you sent money or gift cards — you can file a report with the FTC and FBI.Visit Safe Computing at UNC for more ways to be scam savvy and protect yourself online.