When you’re a student, every dollar counts. Getting an email that says you were selected for a paid internship with a check for $1,900 feels like winning the lottery. As you read through the mail, one notice says you need to purchase supplies from a vendor with those funds. 

It seems easy, and you scan the check with your banking app. The funds immediately show up as a balance, so you buy the supplies. There’s a window of time when the bank must verify the information, even though it shows up on your balance. And that’s what scammers use against you. 

This type of college scam used to be quite popular. Now, it’s gaining traction again and has changed its format. The company from which students are asked to buy the supplies is the scammer or has partnered with them. Students fall for the scam with or without depositing the check. When they eventually try to cash it in, they notice it’s fraudulent. 

Austin Community College is the latest victim of this type of phishing attack. Hundreds of students received the same email, and nearly a dozen fell for it. The reason this attack works is because of authority. The email claims that a professor needs help with research, and the interns will get compensated. When you’re a student, you don’t think a professor would lie or try to scam you. 

ACC issued warnings that all internships will be posted on their main website. As for the emails, they reminded students only to trust information coming from official ACC accounts. 

However, Virginia Tech suffered the same fate, with breached official email addresses. In this case, scammers sent emails from an official “vt.edu” email address and requested information to be sent to a non-official one. The email subject lines included texts like “Flexible Internship Work,” “Assistant Job Opportunity,” or “Position Announcement.” 

The body of the email stated that visiting professors needed help with basic admin duties. Successful candidates could help them remotely and be compensated $400 weekly. 

What should you do if you receive such an email? 

There’s a thin line between a real internship opportunity and a scam. It’s hard to notice the difference when an email comes from an official source. But your first instinct should be not to respond. Simply research for more information. If you’ve communicated back and forth with a scammer, stop the communication. Then, when you confirm that you’ve received a scam email, report the phishing attack through Outlook or Gmail. 

Remember, you should never share your passwords with anyone. No one will ever ask for that data in an email. Whenever you see such a request, it’s a scam. Enable two-factor authentication for all your accounts and report any incidents for requests you didn’t make.

Security tips for students 

Here are some security tips to keep in mind: 

Don’t reply 

Depending on the information cybercriminals have, they will try to initiate a conversation. Sometimes, cybercriminals will call you and offer more details on a program or product. No matter the case, be respectful and tell them you will go to their website to collect more information. Don’t give any personal data over the phone or email unless you initiate the conversation. 

Check the sender 

Check the sender whenever a message seems urgent or out of the ordinary. Hackers often spoof their emails to look like the original ones. You can determine whether the message is authentic when you check the address. To double-check, call that person or talk to them in real life to confirm the content before you act. 

Change your username and password 

A common cybersecurity practice is to change your username and password once a year. If you feel it’s necessary, do it more often. Follow the best practices for creating a new password and secure your account. 

Use a VPN 

Virtual private networks (VPNs) help to safeguard your digital identity. They protect your private information online, preventing scammers from personalizing attacks. However, even protection tools can sometimes leak data. You should perform a DNS leak test regularly if you don’t have a reliable provider. 

VPNs help to protect your privacy by preventing websites from installing cookies. That way, no one can monitor what you’re browsing. On top of that, your data becomes encrypted. 

Don’t click on links and don’t download attachments 

If a colleague sends you an email with an attachment, ask them about it. Don’t click on it immediately. If the sender is from an unknown organization, call the support center and verify. Hackers can plant a virus in a PDF or Microsoft Office file. Treat every file as dangerous and only work with files you’re certain are safe. 

Don’t overshare 

Social media posts are the most extensive digital footprint hackers can access. What you post reveals a lot about you. Every photograph, YouTube video, blog comment, or review says a bit about your personality. Don’t let it get used against you. 

Review your mobile use 

Visual hacking happens when people peep at your passcode. You don’t want others to know how to unlock your phone. Apps go deeper because they mine your location, online activities, and email. Before using any apps, check what kind of data they track on you.