S.C.A.M.
Look for S.C.A.M. Red Flags To Spot Phish
Cybercriminals are targeting the N.C. A&T community with phishing emails, texts, and phone calls by impersonating trusted employees and departments. Some students and employees have already fallen victim. Use S.C.A.M. to stay safe and secure.
🔍 S.C.A.M. – Red Flags to Look For
S – Sender, Subject, Spelling
Be cautious of emails from addresses not ending in @ncat.edu; messages from other domains (e.g., @gmail.com, @live.ncat.edu, ncat.edu@gmail.com) are unauthorized and may be malicious; even legitimate-looking addresses can be compromised; common red flags include offers for jobs, requests for passwords, or links to shared files; watch for typos, poor grammar, and incorrect department names.
C – Contact and Communication
Requests to text employees or to provide personal (alternate) email addresses and phone numbers to move away from @aggies.ncat.edu to avoid detection; asks for sensitive information (e.g., passwords, SSNs, bank details); the ITS Help Desk doesn’t send texts.
A – Act (Emotions), Applicants
Messages that create urgency or emotional pressure to act quickly (e.g., “account will close”, “limited spots”, “password expiring”, “first come first served”); lure applicants with fake N.C. A&T internships, research assistants, and other roles.
M – Money, Message
N.C. A&T doesn’t email checks nor use gift cards, payment apps, or cryptocurrency for payments; “are you there”, “buy gift cards”, “purchase office supplies”, “mobile deposit”, or “send payment screenshot” messages are scams.
View actual phish in the Phish Bowl below.
Account Compromises and Financial Scams In 2023 - 2024
59
Student and Employee Compromises
6
Student Fraudulent Transactions
5,050
Fraudulent Transactions ($)
The Phish Bowl: Scams Targeting the Campus Community
Scammers send fake checks that resemble this one with employment scams. If you're asked to cash or deposit a check to purchase office supplies and pay the difference back, it's a scam.
According to the FBI's Internet Crime Complaint Center (IC3), the definition of identity theft is someone stealing and using personal identifying information, like a name or Social Security number, without permission to commit fraud or other crimes and/or (account takeover) a fraudster obtaining account information to perpetrate fraud on existing accounts.
Scammers are interested in resumes because they contain information such as contact information like names, email addresses, phone numbers, and social network links; employers along with work experiences; education and certifications; and references.
Before you send or upload your resume, do your homework and verify that the recipient is legitimate. Scammers could attempt the following bad behavior with resume information:
- Target you in future scams
- Befriend you on social networks
- Pose as/impersonate you
- Open fraudulent accounts
Common Communication Methods:
Scammer use these methods to impersonate university staff, departments, or trusted organizations to trick you.
- Phone
- Text
- QR Codes
Red Flags To Look For:
- Unknown/impersonated sender
- External email domains (is not from @ncat.edu)
- Email has Use Caution. This message is from outside N.C. A&T tag. (applies to employee email only)
- Urgent or emotional language; time sensitive
- Request for personal/financial information
- You're asked to pay for office supplies, equipment, etc. as part of employment
- Emailed fake N.C. A&T checks, asked to buy gifts cards, or pay with digital currency
- Unexpected attachments/catchy titles
- Untrusted shortened URLs; (hover over link without clicking to see entire URL)
- Mismatched sender/email addresses
- Poor writing/misspellings (less common)
- Sounds too good to be true
- Persistent communication
- Text or call a non-university number
-
Advertising for personal use violates the Acceptable Use Policy (AUP)
How You Can Be Safe:
- STOP, LOOK, and THINK before responding.
- Verify and contact the sender using the N.C. A&T online directory or the company’s website information.
- Don't contact the sender via the number or email address in the email unless legitimacy has been confirmed.
- Enable Multi-Factor Authentication (MFA) for all accounts.
- Report suspicious messages to informIT@ncat.edu.
Scam Awareness Videos