Avoid a Recent Phishing Scam Regarding a WFU Paid Research Project
Recently, some student accounts (both official WFU and personal accounts) have been the target of a phishing campaign. The scam offered an invitation to participate in a research project with promises of a weekly paycheck. Even though the email appeared to come from a Wake Forest professor, the sender’s address was external.
Phishing scams abound at all times of the year, and in many forms. Beware, stay alert, and keep in mind some common scammy red flags:
Last things first- If you ever receive an unexpected 2FA (Google 2-step, text, etc) prompt, especially from a location where you are not physically present at the time, STOP. Don’t answer it, and change your password immediately for that account. WFU password changes are easy at account.wfu.edu. An unexpected 2FA prompt is a signal that someone may have your password.
Non-WFU sender- Even if the name is one you recognize, hover over it to determine the actual sender’s address. Hackers love to “impersonate” to lure recipients into their schemes. Forward to the person’s official WFU.edu address to verify, or send it along to infosec@wfu.edu.
Offers for special internships or research work – It is uncommon for faculty to advertise paid internships or research opportunities over email, so be particularly cautious of these messages. Forward to their WFU address to verify. If it’s real, you’ll still impress the sender with your cautious approach.
Disguised links – Check linked text by hovering over it. Examine the URL carefully to ensure it is official.
Odd phrasing, spelling, or grammar – Phishy messages often have odd wording, grammar, or capitalization.
Urgency or scare-tactics – Scammers often create a false sense of urgency to respond to their message. Pause and use caution. Don’t hesitate to call The Bridge at 758-HELP, chat us at help.wfu.edu, or send the message along to help@wfu.edu and we will help you with real insights into what is going on (or guide you to experts with this info).
BONUS-Secure your accounts using the handy Google Security Check at go.wfu.edu/GoogleSecurityCheck for all of your Google accounts.
If you receive a suspicious email, please report it by forwarding it to infosec@wfu.edu.
Want to learn more about phishing emails and how to protect yourself?
- Visit the Information Security webpage and brush up on cybersecurity best practices, tips, and tools.
- Explore helpful training by visiting https://www.knowbe4.com/homecourse and use password homecourse
We can all do our part to protect Wake Forest from cyber threats. Have you seen any new phishing or cyber scams recently? Help the team with awareness, or send any questions to the Information Security team at infosec@wfu.edu.