New research from Proofpoint finds that threat actors are targeting higher education organizations with employment fraud scams.

“Threat actors use the promise of easy money working from home to collect personal data, steal money, or convince victims to unwillingly participate in illegal activities, such as money laundering,” Proofpoint explained in a press release. “The threat, called employment fraud, almost exclusively impacts higher education organizations.”

Proofpoint added that this threat type has been exacerbated by the COVID-19 pandemic as more people are open to working from home.

In a press release, the cybersecurity firm explained that of the job-themed threats recently identified by Proofpoint, nearly 95 percent are targeted to educational institutions – mainly colleges and universities. Although most targets are in the United States, threat actors occasionally target European and Australian entities as well. Proofpoint said it identifies nearly 4,000 of these email threats each day.

Colleges and universities are a particularly appealing target for threat actors because students are likely more open to flexible, remote work opportunities; international students may not recognize telltale signs of fraudulent emails as well as native English speakers; and rising inflation and costs of education is putting the pinch on students’ finances, making the promise of quick cash more attractive.

Proofpoint concluded its report by saying that users should be aware of these types of threats, especially job hunters and students and faculty at post-secondary educational institutions. Proofpoint added that key components of fraudulent job offers may include:

  • An unexpected job offer received from a freemail account such as Gmail or Hotmail spoofing a legitimate organization;
  • Nonexistent or overly simplistic interview questions with little to no information about the job duties;
  • Receiving a “paycheck” almost immediately after beginning a discussion with a sender;
  • A sender encouraging a recipient to switch to a personal email or chat account to discuss the job opportunity; and
  • Language requesting a “quick task” be completed, especially if it involves sending money via mobile applications or Bitcoin addresses.
Read More About
Kate Polit
Kate Polit
Kate Polit is MeriTalk SLG's Assistant Copy & Production Editor, covering Cybersecurity, Education, Homeland Security, Veterans Affairs