Don't lose money with these scams!
With the rollout of Duo to campus, LTS has noticed that internet fraudsters haven't been moving away from trying to gain login credentials and have started trying to scam people out of their money directly. Scammers have found it's easier to try and trick you into giving up money instead of trying to get around Duo's two-factor authentication. While it's still important to be aware of phishing scams for your login information, these new scams are tricky and require some heightened awareness when reading your email.
Job Offer Scams
This scam, targetted mostly toward students, is a job offer that's too good to be true. They will either offer work-from-home or limited hours work, such as tutoring, then give you a huge up-front check and ask you to pass some of the money along to a supplier or someone else. The check will pass your bank's initial security checks that it's from a real bank, and you'll see the funds in your account. The scammer will ask that you urgently send money to the supplier. A few days after you send the money, your bank will call you to say the original check was fraudulent and that the money you sent to the supplier is unrecoverable, so you've now long both the original money and the money you sent to the supplier.
- Never take on a job where they found you when you weren't even looking for a job.
- Always be suspicious if they want to send you money before you've even worked for them.
- Be wary of sending personal information to any potential employer who deals through email and text messages only.
This scam, targeted mostly toward faculty and staff, tries to trick you into buynig gift cards for your boss or organization and emailing them images of the gift cards so they can use them. The initial email starts with a short but urgent request for help, typically from a supervisor, org president, or department chair. At a glance, their name and email address may look legitimate, but a closer inspection will reveal the email is not from a wellesley.edu address, but from a fake yet similar address that may include wellesley in it.
- If the email looks suspicious either in tone or from someone who usually does not reach out to you, examine the From address by clicking or tapping on the name in the From part of the email. If it is not from an @wellesley.edu address, do not respond and seek advice from the LTS Help Desk and/or forward the email to firstname.lastname@example.org.
- If by mistake you responded to the first email, you will almost always get a subsequent email asking you for money in some form. DO NOT RESPOND this email and send it immediately to the LTS Helpdesk at email@example.com.
- When the Help Desk is notifed of these scams, we block emails to and from the suspicious email addresses so it is very important for you to forward such emails as soon as you noticed it might be a scam.
Identifying fake email addresses
There are many free email services on the internet that don't have any true identity verifcation. Most of these systems will grant you the email address you requested as long as it's available. As a result, scammers search the internet for the names of people in the Wellesley community and then create email addresses on these free systems that look similar to members of the community.
Scammers try all kinds of tricks to make the fake email addresses look legitimate, so make sure you pay close attention to the address when the email content doesn't sound quite right or demands you do something urgently. If there's even a chance of doubt, you should try contacting the person via another method, such as a phone call or in person.
Some examples of what the scammers have done were to use someone's legitimate @wellesley.edu username, but created on one of the free systems, and another where they added wellesley into the username.
How to check the details of who sent an email:
- On a laptop or desktop or in the Google Gmail app for iOS & Android: Login into your Wellesley Gmail. When you have an email open, click on the little triangle next to the 'To' field. This will give you lots of details about the email. Look at the From: section and make sure it's from a @wellesley.edu address. Also make sure the 'signed-by' field says "wellesley.edu" (not visible in the Gmail app) and the 'security' field says "Standard encryption (TLS)."
- In the Apple Mail app on iOS: When you are viewing an email, tap on the name next to the From field to get the detailed information about the sender, such as email address, and additional information if they're in your Contacts.