S.C.A.M.

Look for S.C.A.M. Red Flags To Spot Phish

 
There's an uptick in cybercriminals targeting the N.C. A&T community with phishing emails, texts, and phone calls by impersonating trusted employees and departments.  Some students and employees have already fallen victim resulting in compromised accounts and stolen money.  Use S.C.A.M. to spot Red Flags and stay safe. 
 

🔍 S.C.A.M.  

S – Senders, Shared Files, and Spelling
Look for N.C. A&T office and employee impersonators with @gmail.com, ncat.edu@gmail.com, @live.ncat.edu, and other addresses not from the official @ncat.edu domain including SharePoint shared files; compromised addresses from @aggies.ncat.edu or @ncat.edu; typos and poor grammar.
 
C – Contact Methods
Look for impersonators asking you to call or text non-university phone numbers, provide personal/alternative email addresses or phone numbers, or click on links or scan QR codes; these scams move away from @aggies.ncat.edu and @ncat.edu addresses to avoid detection. 
 
A – Act (Emotions) and Authentication
Look for a sense of urgency, pressure, or enticement to act (e.g., limited, expiry account, first come first served, remote, etc.); look-alike fake webpages that capture @ncat.edu/@aggies.ncat.edu credentials; MFA prompts due to compromised credentials.
 
M – Money and Messages
Look for fraudulent N.C. A&T checks to mobile deposit, buy office supplies, then payback the difference with app, gift card, or bitcoin payments; bitcoin for sale; nominal shipping fees; Use Caution (@ncat.edu) and External Sender (@aggies.ncat.edu) email tags; job, estate, machinery, instrument, and all other too good to be true scams.

View actual phish in the Phish Bowl below. 

 

 

Account Compromises and Financial Scams In 2023 - 2024

59

Student and Employee Compromises

6

Student Fraudulent Transactions

5,050

Fraudulent Transactions ($)

The Phish Bowl: Scams Targeting the Campus Community

Scammers send fake checks that resemble this one with employment scams.  If you're asked to cash or deposit a check to purchase office supplies and pay the difference back, it's a scam.

fraudulent check image

According to the FBI's Internet Crime Complaint Center (IC3),  the definition of identity theft is someone stealing and using personal identifying information, like a name or Social Security number, without permission to commit fraud or other crimes and/or (account takeover) a fraudster obtaining account information to perpetrate fraud on existing accounts.  

Scammers are interested in resumes because they contain information such as contact information like names, email addresses, phone numbers, and social network links; employers along with work experiences; education and certifications; and references.

Before you send or upload your resume, do your homework and verify that the recipient is legitimate.   Scammers could attempt the following bad behavior with resume information:  

  • Target you in future scams
  • Befriend you on social networks
  • Pose as/impersonate you
  • Open fraudulent accounts

Common Communication Methods:

Scammer use these methods to impersonate university staff, departments, or trusted organizations to trick you.

  • Phone
  • Email
  • Text
  • QR Codes

 

Red Flags To Look For:

  1. Unknown/impersonated sender
  2. External email domains (is not from @ncat.edu)
  3. Email has Use Caution. This message is from outside N.C. A&T tag. (applies to employee email only)  
  4. Urgent or emotional language; time sensitive
  5. Request for personal/financial information
  6. You're asked to pay for office supplies, equipment, etc. as part of employment
  7. Emailed fake N.C. A&T checks, asked to buy gifts cards, or pay with digital currency
  8. Unexpected attachments/catchy titles
  9. Untrusted shortened URLs; (hover over link without clicking to see entire URL) 
  10. Mismatched sender/email addresses
  11. Poor writing/misspellings (less common)
  12. Sounds too good to be true
  13. Persistent communication
  14. Text or call a non-university number
  15. Advertising for personal use violates the Acceptable Use Policy (AUP)

     

 

How You Can Be Safe:

  • STOP, LOOK, and THINK before responding.
  • Verify and contact the sender using the N.C. A&T online directory or the company’s website information.
  • Don't contact the sender via the number or email address in the email unless legitimacy has been confirmed. 
  • Enable Multi-Factor Authentication (MFA) for all accounts.
  • Report suspicious messages to informIT@ncat.edu.

 

Scam Awareness Videos