American students bombarded with job scam emails


Threat actors have been impersonating bioscience, healthcare, and biotechnology companies to defraud job seekers in North America.

“As layoffs impact thousands of people across many different industries, threat actors continue to exploit the labor market with employment scams to attempt to steal money from job-hunters,” cybersecurity company Proofpoint said.

Its experts identified a new spam campaign targeting students in the north of the country.

The scam starts with an “innocent” message, usually coming from bioscience, healthcare, or biotechnology organizations. The message is a fake interview request for a remote data entry job. Most of the malicious emails contain a PDF file with more information about the position.

“The sender would invite the recipient to conduct a video or chat interview on a third-party platform for additional information and to prepare them for the role. While Proofpoint was not able to confirm the requests made in a video interview, researchers assess with high confidence based on previous related activity that the actor likely told the recipient they would need to pay an advance fee for equipment before receiving it, which the threat actor would collect,” the company explained.

Pundits categorize these sorts of scams as advance fee fraud (AFF) activity. While this particular campaign was first observed in March, similar frauds have been around for years.

Universities are a common target for cybercriminals. Given that students are flexible, often open to remote work roles, and likely have less experience with recognizing fraudulent activity, they’re being bombarded with employment scams.

“Rising inflation and cost of education is putting the pinch on students’ finances, making the promise of quick cash more attractive,” the company said.

How to recognize a job scam

The first thing you should know is that legitimate employers will never ask you for money nor will pay you in advance. Here’s key tell-tale signs of fake job offers, as per Proofpoint:

  • An unexpected job offer received from a freemail account such as Gmail or Hotmail spoofing a legitimate organization
  • A job offer from an email address that uses a domain different from the official company website
  • Nonexistent or overly simplistic interview questions with little to no information about the job duties
  • PDFs or other documentation that includes grammar and spelling mistakes, and includes generic content about the organization and role
  • Receiving a “paycheck” almost immediately after beginning a discussion with a sender
  • A sender encouraging a recipient to switch to a personal email or chat account to discuss the job opportunity
  • Language such as requesting a “quick task” be completed, especially if it involves sending money via mobile applications or Bitcoin addresses