Learn to recognize a common type of phishing scam that frequently targets MHC students. Here’s how the scam starts: A scammer impersonates an MHC faculty member and invites students to participate in a vaguely-described flexible paid research opportunity with the professor.
For examples of recent faculty impersonations, read the LITS Phish Bowl entries about an interdisciplinary research opportunity with someone impersonating Professor Katherine Schmeiser Lande and a nearly identical fake research opportunity with someone impersonating Professor Michael Robinson.
Common themes in the messages:
- Coming from non-@mtholyoke.edu email addresses created to look like the Professors’ personal email addresses. Faculty will never reach out to you from a personal email.
- Often going to students’ personal email addresses (LITS can only block phishing messages to @mtholyoke.edu inboxes)
- Offering “flexible” and “remote” positions with generous pay for students without any prior experience
- The research projects are not described in any detail
- There is no application, just a request to reply with personal details
What happens if a student replies to the scammer’s initial message?
The communication often quickly turns to sending the student checks in order to establish a payroll process, which can sometimes lead to asking the student to send a check to someone else. Scammers may also escalate and ask you to provide your MHC username and password. All of this is fraudulent. You should never provide your MHC Account password to anyone - even someone in LITS.
How can I protect myself from phishing attacks?
- Carefully examine the message. Look for red flags like misspellings, grammatical errors, or email addresses that don’t match the sender’s name or that claim to be MHC-affiliated parties but don’t come from @mtholyoke.edu addresses.
- Verify the legitimacy of the email's sender. Contact the alleged sender or organization directly using their official contact information, not the details provided in the email.
- Avoid clicking on suspicious links or downloading attachments from unknown sources. They might contain malware or lead to fraudulent websites.
- Be cautious about sharing personal information online. Legitimate organizations will never ask you for sensitive data via email or to send money to a third-party.
While the prospect of a remote research internship might be tempting, LITS urges you to be cautious. These deceptive emails are often traps designed to exploit your trust and defraud you into revealing personal details. The opportunity to acquire a well paid internship may seem appealing and have you letting your guard down, but that is the trap.
If you have any questions about recent interactions, please reach out to us at the LITS Technology Help Desk. To learn more about cyber scams and how to protect yourself, visit the security and privacy section of the LITS website.
