Don’t Fall for the Employment Opportunity Scam

Did you receive an unsolicited email about a part-time employment opportunity or work-study position? Think before you click - it may be a scam.

An employment opportunity phishing scam has been making its way through the UAlberta community. At first glance it appears legitimate, but a closer look provides several indicators of a malicious attempt to compromise your information. Here’s what you need to know to stay safe and protect your personal data.

The Scam

Several members of the university community have reported receiving an email with what appears to be an offer of fraudulent part-time employment or work-study opportunities. The email encourages recipients to respond back to the sender by email with their resume.

What to Look For

Below is a sample of the Employment Opportunity phishing email currently circulating the university:

Employment Phishing Scam Example

While this email may seem legitimate at first glance, there are a few red flags that give it away:

  1. The email address in the body text: Though the email appears to be sent from within the University of Alberta, the email address they are requesting you to send your resume to is outside of the U of A.
  2. The non-specifics: The email does not include details such as your name, the title of the position, or the name of an individual within the Office of the Registrar.
  3. Poor spelling and grammar: Phishing emails are often rife with misspelled words and grammar mistakes.
  4. Too good to be true: The recipient has received an opportunity to interview for a position that they have not applied for. The email indicates no work experience or skill is required.
  5. Incorrect information: Information within a phishing email can appear correct at first glance but details such as the address can often be inaccurate.

What to Do

If you receive this phishing email, do not respond back to the sender. As long as you don’t give up any personal information, this phishing attempt will remain just that: an attempt. Always think before you click, and continue to practice good password management.

If you have already received this email and responded to the sender, follow these steps:

  1. Reset your CCID password immediately. Go to IST’s CCID and Password page and then select CCID Password Change > Change Password.
  2. Review your Google Drive, Gmail, and Bear Tracks for any suspicious activity. You can see instructions for reviewing your latest Gmail account activity by visiting the GMail Support page.
  3. If you responded to the email, please contact the Staff Service Centre.
  4. If you have any other questions or concerns, contact IST via the information above.

If you are suspicious that you or someone you know may be subject to identify theft or fraud, you can learn more about how to protect yourself from the RCMP.

The Chief Information Security Officer (CISO) is dedicated to keeping you and the rest of the university safe from cybercrime. You can find more information on phishing and what to watch out for by reading What is Phishing? Everything you need to know about these identity theft scams.