Phishing Alert: Subjects may vary: “Assistant” Fraud Scheme Targeting College Students

Some U-M community members reported receiving this email. It is fraudulent or malicious. Do not respond, click any link in it, or provide personal information or money. See Phishing & Scams for more tips. If you need help, contact the ITS Service Center.

Date Sent: 
Friday, December 11, 2020

Phishing and Scam Summary

The Michigan Cyber Command Center (MC3) has reported the following multi-part phishing and fake job offer scam targeting college students.  

A phishing campaign is targeting students to capture their username and password for their .edu accounts. This information is used to access the victim’s email account for a variety of criminal purposes.

In a second part to the scam the compromised accounts are used to send out  email offering others a fraudulent work from home position. The job offer claims to be from an individual with a doctoral degree, working at a university or elsewhere, who is seeking a personal assistant.

In the third step of the scam a person who agrees to the fake job offer is asked to purchase blank check paper, print out a check, and cash it at their personal bank. Once this is done, the victim is asked to purchase iTunes gift cards (or similar), scratch off the back, and send pictures of the redemption code to the scammer.

Protect Yourself

  • Do not use your U-M uniqname and password on non-UM sites.
  • Always check the URL when logging in. The correct U-M login site is https://weblogin.umich.edu. If you have already logged in, this address should direct you to Wolverine Access.
  • Be skeptical of job offers or other financial offers in email.
  • Verify unusual email by contacting senders, even if their name or title are familiar. Call their office, or email them, do not use "reply," as reply addresses can be misdirected.
  • Do not participate in printing checks at others' request, this can lead to accidentally participating in check fraud.

See Phishing & Suspicious Email for more details on how to spot, avoid, and report phishing and other email scams.