The Information Security Office has been working diligently to investigate and defend UCR against a Job Offer Scam that is primarily targeting UCR students.

This is a type of email scam in which the attacker will impersonate the identity of a UCR faculty member or administrator. Using social engineering tactics, the attacker will try to trick their targeted victims into sending money or sensitive information through email. For example, these fraudulent emails may ask students to send resumes, bank account numbers, social security numbers, addresses, birthdays, research data, gift card codes, etc.

In this recent campaign targeting students, the attackers will impersonate UCR faculty and administrators and email students from Gmail accounts. The email is worded like a job offer to solicit personally identifiable information, which is then used to contact the student directly via personal email or phone to persuade the student to provide money or sensitive information, such as a social security number or bank account number.

In one recent attack the victim believed they received a virtual personal assistant job. The victim received a check and explicit instructions to deposit the check into their personal bank account to purchase gift cards on behalf of the person impersonating a UCR employer. Once the victim sent the gift card codes to the scammer the check was voided, resulting in the gift card money being deducted from the student’s own personal savings.  

This kind of attack is very similar to previous Business Email Compromise (BEC) scams targeting students, faculty, and staff. As a reminder, here are some tips to prevent yourself from falling victim to these kinds of cyberattacks:

1. Locate the “From” field of the email and double-check that the email address of the sender matches exactly with the address of a trusted UCR faculty or staff member. Next, hit “Reply” and make sure the address showing in the “reply-to” field is the same ucr.edu campus address. Keep in mind that scammers can spoof an email address to make it appear real, so it’s important to ensure the reply-to address isn’t going to a non-campus email address. When in doubt, you can find contact information for faculty and staff at profiles.ucr.edu. If you believe the email address to be illegitimate, do not send a reply to the email or open any attachments.
2. Validate any requests for monetary funds or protected information by taking additional actions, such as calling the person on their UCR office phone number or physically visiting the person’s office or department office to verify the legitimacy of the email.
3. Never send sensitive information over email (i.e., credit card numbers, bank account routing numbers, social security numbers, etc.). If asked to provide sensitive information over the phone, verify that the phone number matches the UCR office phone number of the person you believe you’re speaking with, or ask to call them back at the office number listed on an official UCR directory or website.
4. Other red flags to watch out for include:
   • Having to open an email attachment in order to view the offer
   • No company name provided
   • Promise of high pay for very little work
   • Spelling and grammar errors or awkward phrasing
   • Offers to send money
   • Requests for money or gift card codes
   • Requests to communicate using non-UCR channels (text message, non-UCR email, other applications, etc.)
   • You received a job offer but didn’t apply for/are not actively looking for a job

In general, ITS advises all UCR students, faculty, and staff to be wary of any suspicious emails and to always think twice before responding to any email. Please report any suspicious emails to abuse@ucr.edu (see complete instructions here). To learn more about job fraud, visit the UCR Career Center’s website. For more cybersecurity tips to protect yourself, visit our website at its.ucr.edu/cybersmart. 

If you are a victim of a Job Offer Scam and lost money or sent personal information to the attacker, you should file a report with UCPD. In the event you sent personally identifiable information, it is a common practice to put a Credit Lock on your credit reports with three major credit bureaus (Equifax, Experian, and Transunion) to mitigate identity theft. 

ITS would like to thank you for your deliberate efforts in keeping the campus secure.