Don’t let cybercriminals turn you into a Grinch this holiday season
You may be looking forward to the holiday season, but cybercriminals can quickly turn you into a Grinch. Be aware of common cyberscams and protect yourself from malicious attempts this upcoming holiday season.
Cybercriminals are targeting students eager for work with fraudulent job offerings that attempt to steal sensitive information or request funds in the form of cash transfers, Bitcoin payments or gift cards.
Crafty scammers can use sophisticated technology to create realistic communications that can fool you. We understand that identifying the legitimacy of an email can be difficult, especially when scammers can hack or mimic UIC email addresses.
However, students can look for these red flags to help determine its validity:
- Too good to be true: The job’s description is usually vague and will offer a large amount of money for very little work.
- Written poorly: The emails are usually full of typos, not written in professional language and use very casual greetings or closing words.
- Ask for sensitive data: If you start to engage, scammers may ask you to purchase something, provide them with sensitive data or personal bank account information through a link, fake webpage, or an online “job” application.
- Request money, gift cards or fund transfers: Scammers will email you a check to print, ask that you deposit it in your bank account, and send funds back via bank transfer, gift cards or Bitcoin. This should be an immediate red flag. The checks are fraudulent and you may be stuck with bank fees and headaches.
- Ask to use another email: You may be asked to contact individuals through a non-university email such as a Hotmail or Gmail address. Scammers are also not available to speak on the phone if you ask to call them.
Evaluate each email carefully and perform your research. Do not respond to emails that seem suspicious. If you are unsure if an email is fraudulent, forward the email to firstname.lastname@example.org so it can be investigated and shared with the community.
Email & Phishing
Phishing emails are a type of email scam where an attacker impersonates a person, company, brand, organization, or other entity with the goal to get you to click on a link or open a file attachment. These emails can appear authentic and can fool almost anyone.
Links and attachments in phishing emails have one goal: to steal information. Links will take you to a landing page encouraging you to sign in using your login credentials. Opening malicious file attachments can install malware to your computer that is meant to record your keyboard activity and steal data. Common phishing scams include:
- Password Notifications: Emails claiming you requested a password change and to log in immediately to cancel the request.
- Voicemail Messages: Scammers try to trick you into opening an audio attachment or logging into a fake website claiming you have an urgent voicemail.
- Shipping notifications: Be aware of emails impersonating shipping companies with fake delivery notifications or shipping status alerts.
- Receipts and invoices: Scammers posing as popular online retailers, such as Amazon, send emails with a fake receipt or invoice attachment.
- Gift card and prize scams: If you receive an email that you won a gift card, be very careful especially if you do not remember entering a contest. The scammers will state you need to pay a “processing fee” via bank transfer before getting the “prize money” deposited to your bank account.
Phone & Text Scams
Unfortunately, criminals are posing as charities, banking institutions, health care organizations, and even local authorities. Criminals are getting more creative and brazen each day. Be aware of these phone scams:
- Calls from cybercriminals pretending to be government organizations, family members in distress, banks/credit card companies, etc., usually with an immediate need or request for money or payment.
- Robocalls are less easy to detect than they used to be as the caller ID can be adjusted to make it look like the call is coming from your area code, and even real telephone numbers.
- These scammers can be very aggressive, and state immediate payment is required through bank transfers, gift cards or Bitcoin.
- Text messages
- Fake text messages with fraudulent messages and claims. Messages claim you’ve come into contact with someone who has tested positive for COVID-19 or you initiated a large bank transfer.
- These texts can contain a website link that claims to provide information.
- If you receive a text like this, do not click on the link or share any sensitive information.
- Charity scams
- Charities you don’t recognize may be asking for donations. While it is great to give back, scammers take the opportunity to mask themselves as charitable organizations.
- Verify all charities on the IRS tax exemption site before donating
Help and Support
If you receive phishing/scam emails or calls and have given or entered your NetID and password or other personal information, please immediately change your password at identity.uillinois.edu and contact email@example.com with the details.
- If you receive phishing/scam emails or calls and purchased gift cards, Bitcoin or deposited a fraudulent check, please contact UIC Police for assistance at 312-996-2830.
- If you receive a scam telephone call, hang up, block the number and call UIC Police to report it at 312-996-2830.
- If in doubt, email firstname.lastname@example.org with any questions.
Thank you in advance for your support to deter and prevent cyberattacks.