A money mule recruitment scam that targets college students has been uncovered by an email security firm.
Mimecast says it’s tracking a Nigeria-based cybercriminal group posing as a consulting company. The group has been targeting college and university students with work-from-home job offers in phishing emails that aim to have them cash checks for a commission.
“In this two-part operation, the scammers compromise student email accounts through phishing attacks, and then they send the job offer to the compromised student’s address book, which could include friends, professors, or other staff at the college or university,” Mimecast noted in a blog post outlining the scam.
The job-offer emails contain short URLs that redirect to a Google Form, and as part of the application process, the recipient is asked to fill out personal information. The victims are asked to provide an alternative, non-academic email address, giving the scammers access to other targets outside of the college or university, according to Mimecast. In a follow-up email, the scammers provide details of the administrative tasks that come with the job, but the first responsibility always involves cashing checks.
More details on the fraudulent email campaign can be found here.
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.