Unveiling the Rise of Employment Scam Emails Targeting Students

by Ryan Miller

Summary

A rising trend in employment scam emails is targeting college students. exploiting their open-mindedness and less experience with such scams, making them highly vulnerable to these targeted attacks.

These phishing scams go beyond just causing disappointment; posing risks such as identity theft, financial loss, and even the potential involvement in criminal activities. It is crucial to understand the various forms of these attacks and take proactive measures, as elucidated in the international email security standards of the International Telecommunication Union (ITU).

1. Overview

According to CNBC’s report, phishing attacks surged by 61% in 2022 compared to 2021, and the trend is expected to continue rising in 2023 as phishing techniques become more sophisticated and advanced. In July 2022, the Better Business Bureau (BBB) issued a warning about job scam emails targeting students, and in November 2023, a new phishing scam targeting northern U.S. students emerged. This scam employs tactics like header manipulation, similar domain attacks, and URL phishing, sending emails or messages appearing to be from legitimate sources (e.g., companies/school professors), requesting personal information or login details on fake websites. Some emails may also contain PDF files with additional information about the company's location, along with malicious URLs.

In October 2022, a university sophomore (referred to as A) received a deceptive email offering a high-paying job from someone claiming to be a graduate of Ithaca College. The sender claimed to be a remote administrative assistant recruiter for the university’s Life Sciences Department, even including the signature of a real honorary professor. Upon scrutinizing the contact card in the email, discovered it was sent from an unspecified Gmail account, realizing it was an impersonation of a university professor. A admitted they only realized the scam after a closer investigation (refer to the provided reference for more details).

Colleges are a prime target for employment scams as students, often seeking flexible remote work and lacking experience in identifying scams, are vulnerable to frequent job scam attacks.

2. Scope of Damage

Employment scam emails pose a range of threats, encompassing financial losses, damage to personal information, and harm to one’s reputation.

These scams may promise unrealistic salaries or benefits and request upfront payments for training, background checks, or equipment under false pretenses. Alternatively, they may seek personal financial information such as bank account details. Obtaining sensitive personal information like social security numbers, bank account information, or copies of identification can result in financial losses and damage to credit scores. Stolen personal data may be sold to other scammers or used in further fraudulent activities, leading to increased spam, targeted phishing attempts, or more severe breaches of personal information. Particularly alarming is the potential for scammers to use the victim’s identity to commit additional fraud, potentially implicating the victim in criminal activities associated with the employment scam.

3. Types of Attack and Technical Mechanisms

To identify and prevent employment scam emails effectively, it is crucial to comprehend the various attack types and the malicious intentions that hackers use to target victims. Understanding the security requirements for a proactive response is equally important.

In the realm of email security standards, these hacking methods fall under the category of [7.2 Social Engineering Email Attacks] within [7. Threats for Targeted Email Attacks]. These standards carry international credibility, being registered with the International Telecommunication Union (ITU), a specialized agency of the UN.

'Social engineering attacks' are psychological attacks aimed at deceiving users into transferring money or revealing confidential information, rather than exploiting system vulnerabilities. This encompasses manipulating email headers or sender information to make messages appear as if they originate from legitimate companies or recruiters.

● Similar Domain Attacks: These attacks involve sending malicious emails from addresses similar to legitimate accounts, making it challenging for recipients to distinguish between them. This can result in information leaks and financial damage. For example, altering a few characters in a company or university's legitimate email address or using visually similar characters (e.g., replacing "rn" with "m" or "0" with "o", like "Gooogle") to create an email address or domain that appears legitimate. These cunning techniques make it difficult to differentiate between real and fake domains at a glance.

● Phishing URL Attacks: These attacks use URLs or files that include webpages prompting for information entry. Such URLs can lead to phishing sites where victims are prompted to enter crucial information or download files infected with malicious software. Emails with attachments like PDFs, Word documents, or ZIP files may contain malware or ransomware, and malicious URLs in these files can compromise device security, leading to data loss or unauthorized access.

These spoofing techniques aim to convince recipients that they are receiving emails from a trusted source. To reduce the risks associated with these attacks, it is important to analyze sender information in advance, provide warnings to users, and proactively respond to potential threats.

4. Solution/Preemptive Response Strategy

Effectively resolving and proactively countering phishing emails involves adhering to the [Security requirements for countering social engineering email attacks] and [Countermeasures for social engineering email attacks] as outlined in international standards sections 8.2 and 9.2.

To counter similar domain attacks, the following security requirements must be met:

Step 1. Email security administrators and users must be able to register specific email addresses.

Step 2. There must be a function to block similar email address attacks for each user by referencing previous email history.

By implementing these security requirements, proactive measures against similar domain attacks can be taken as follows:

● Domain similarity calculation involves accumulating the sender domains of inbound emails and subsequently comparing and analyzing newly received emails with the accumulated domains. Domains with less than three characters of similarity that are difficult to identify can be subjected to blocking. Inbound emails face suspension or blocking if alterations are detected, such as changes in the top-level domains (TLDs), modifications to the order of characters in a string array, or substitutions where a character is replaced with a similar character or symbol. It is advised not to rely solely on the count of differing characters when determining domain similarity.

To respond to URL phishing attacks, the following security requirements must be met:

Step 1. The final destination of URLs containing web pages that prompt for personal information entry must be continuously tracked.

By implementing these security requirements, proactive measures against URL phishing attacks can be taken as follows:

● URL tracking endpoint: The final destination of all URLs must be tracked to monitor the likelihood of prompts for information entry.

● HTML Source Code Analysis: The HTML source code of web pages should be analyzed to identify input fields prompting users to provide personal, ID, or password information, and it should be verified whether the entered information is transmitted to a third-party server.

Combining these proactive measures can significantly reduce the risk of employment scam emails as well as other emails with similar attack types. Moreover, to recognize and respond to these attacks, it is necessary to be aware of and comply with international standards, using solutions that adhere to them. Mail Inspector Platforms incorporate these necessary functional requirements.

5. Conclusion

In the digital era, your data is as valuable as physical assets. As hacking techniques become more sophisticated and advanced, awareness and vigilance are key to preventing cyber threats. Email security standards offer security requirements and solutions to address various email attacks, including the social engineering attacks discussed earlier. Proactively countering evolving hacking techniques involves staying informed about these standards and implementing solutions aligned with them. Initiating compliance with international email security standards can commence with assessing adherence to mail security standards through a Mail Inspector.

6. References

https://www.mail.com/blog/posts/fake-job-offer-emails/169/

https://cybernews.com/security/job-scam-emails-northern-america/

https://theithacan.org/46153/news/students-receive-scam-emails-promoting-remote-jobs/