Hey college students: even though you’re likely far from campus, scammers are still trying to find you.
Maybe you or your friends have gotten an email claiming to be from the “Financial Department” of your university. The email tells you to click on a link to get a message about your COVID-19 economic stimulus check — and it needs to be opened through a portal link requiring your university login. Don’t do it. It’s a phishing scam. If you click to “log in,” you could be giving your user name, password, or other personal information to scammers, while possibly downloading malware onto your device.
How can you spot and avoid scams like these? Before you click on a link or share any of your sensitive information:
- Check it out. If you have concerns about an email, contact the sender directly. Look up their phone number or website yourself. Don’t click on a link. That way, you’ll know you’re not about to call a scammer or follow a link that will download malware.
- Take a closer look. While some phishing emails look completely legit, bad grammar and spelling can be a tip-off to phishing. Another clue that the email is not really from your school: they use the wrong department name. In one example we’ve seen, the scammers called themselves the Financial Dept instead of the Financial Aid Department.
If you spot something that looks like a phishing scam, report it. Forward the message to the Anti-Phishing Working Group (an organization which includes ISPs, security vendors, financial institutions, and law enforcement agencies) at reportphishing@apwg.org. You can also report phishing to the FTC at ftc.gov/complaint.
5 Comments
Read Our Privacy Act Statement
It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.
Comment Policy
This is a moderated blog; we review all comments before they are posted. We expect participants to treat each other and the bloggers with respect. We will not post comments that do not comply with our commenting policy. We may edit comments to remove links to commercial websites or personal information before posting them.
We won’t post:
Comments submitted to this blog become part of the public domain. To protect your privacy and the privacy of others, please do not include personal information. Also, do not use this blog to report fraud; instead, file a complaint.