Email Phishing and Other Scams
FAQ on Email Phishing, Job Recruitment Scams and Other False Communications
In October 2018, Rasmussen College became aware of several fraudulent job listings at the College that were recently posted by scammers on social media, professional networking sites and online job boards. The individuals or groups behind these postings target potential victims for the purposes of identity theft, to obtain bank account information and/or to take money from them by asking them to pay in advance for an application or a training program.
Fake job postings and similar solicitations such as phishing scams often include the name of a public figure, such as a college president or executive to add legitimacy to their scam. We are currently investigating remediation and proactive measures to thwart similar incidents in the future as we take these situations seriously. Our main priority is to protect our students, staff and community members and their personal information.
Please know that our student and employee information is safe. If you have shared any confidential information with a scammer, contact your local law enforcement agency and monitor your accounts for suspicious behavior. If you feel someone is trying to steal your identity, file a report with the Federal Trade Commission at FTC.gov/complaint and the Anti-Phishing Working Group at www.antiphishing.org/report-phishing.
Always be wary of unsolicited job offers and any offer that seems too good to be true. If you have any questions regarding a Rasmussen College job posting, please send your question to UltiPro@rasmussen.edu; or call the Rasmussen College Personal Support Center (PSC) at 866-693-2211. Urgent concerns can also be directed to the Compliance Hotline at email@example.com.
Similarly, last summer, Rasmussen College investigated a phishing scheme that spread through the Rasmussen.edu email system. The PSC deleted thousands of suspect messages and blocked subject lines. Once it became apparent people were filling out the fraudulent employment application from the scammer, the PSC escalated the situation and notified the Rasmussen College Legal and Compliance team.
Users who provided their personal information after receiving this fraudulent application shared photos of fake checks and letters sent to their home addresses. These false employment opportunities asked the user to deposit the fake check and wire two money orders with funds from their personal account. The fake check bounces, and the target is left without any reimbursement for the money orders as promised.
Below are questions and answers to help safeguard yourself and others against phishing attempts, job recruitment scams and other false communications—a widespread problem across the internet, unfortunately.
Q: Why did Rasmussen College students get targeted for the phishing scam?
A: Any system connected to the internet is at risk, and if one scam message is opened, it can begin to spread to other accounts. The scammers lure their targets by spoofing legitimate companies, using trusted logos or even pretending to be an employee, a friend or a family member. According to the FBI, College students across the U.S. continue to be targeted, including receiving messages to their school accounts that recruit them for phony employment positions. The best way to protect yourself from possible future scams is to stay vigilant and suspicious of email messages, job postings and other communications that seek personal information.
Q: What should I do if I gave scammers my personal information?
A: If you gave personal information to suspected scammers, monitor your accounts for suspicious behavior and, if you think someone may be trying to steal your identity, file a report with the Federal Trade Commission. We encourage you to contact your bank and/or your local police department if you believe you’re the victim of a scam.
After someone provides personal information to scammers, they may receive more emails, phone calls or mailers that could also be malicious. Those mailers should be disregarded and thrown away, and any suspicious phone numbers blocked. Any time you get a phone call or piece of mail regarding an account or pending account, search for the phone number of the organization to research its legitimacy first.
Any solicitation should be researched before you provide personal information. If email messages appear fraudulent, do not click any of the links within it and instead forward to firstname.lastname@example.org.
Warning signs for malicious email messages:
If a suspicious message contains any of the following, it might be a scam:
- Email comes from an unknown sender or from an unknown domain.
- Email includes incorrect or outdated company logos or branding.
- When hovering your mouse over a link in the email (DO NOT CLICK), the link doesn’t match the sender’s email address or company website.
- Email supposedly requires immediate action from the receiver.
- Email is seeking personal information about the receiver.
The Federal Trade Commission’s tips to avoid becoming a target of a phishing scam:
- Be cautious about opening attachments or clicking on links in emails.
- Do your own typing. Use a search engine to look up a website rather than clicking on and following a suspicious link.
- Don’t respond to any emails that request personal or financial information.
- Turn on two-factor authentication to require both your password and another piece of information to log into accounts that support it.
- Back up your files to an external hard drive or cloud-based storage.
- Use security software and update it regularly.
- Report phishing emails and texts.
Q: What is Rasmussen College doing to keep my private data safe?
A: Rasmussen College takes the security of its students’ data seriously and understands these are concerning situations, especially for those who may have provided their personal information. The College’s Personal Support Center has been monitoring and investigating these incidents and is working to prevent their spread. Rasmussen College will continue to utilize as many safeguards as possible to ensure these systems are secure and safe to use.
Student and employee information is secure. The phishing scams are spread via email systems; scammers are looking or “phishing” for individuals who are willing to click on a link in the fraudulent email and are then tricked into providing financial information on a one-off basis.
Q: Should something have been done to prevent this?
A: Fraudulent email messages and other false communications continue to proliferate across the internet, and scammers have learned to adapt their tactics to maximize their effectiveness. The best weapon against these threats is education and awareness. Knowing the difference between a legitimate email or job posting and one that is phishing for personal information is key. If something seems too good to be true in a pitch from an unknown company, then it probably is.
Q: How are job postings communicated with students?
A: The original fraudulent messages contained an offer of employment that appeared to have come from Rasmussen College. Because of the latest tactics scammers use, it’s important to investigate whether job postings are legitimate. In addition to the tips above for spotting malicious messages, you can look for employment opportunities through:
- Your Career Services advisor
- The Dean of your school of study
- Your instructors
- Official Rasmussen College social media accounts (verified status)
- Rasmussen College Student Portal
If you are seeking employment within one of 0ur campuses as a work study, openings and all other information can be found at: guides.rasmussen.edu/workstudy.
- Rasmussen College School of Tech Blog: What Is Phishing? 6 Common Cyber Security Exploits Explained
- FBI Public Service Announcement on scams targeting college students
- Federal Trade Commission article on phishing
- Report suspected identity theft to the Federal Trade Commission
- FTC - Job Scams
- Forbes - How To Avoid The Latest LinkedIn Scam