McMaster IT Notice: Beware of scams and phishing attempts!
why protect yourself from Scams?
McMaster University recognizes how important it is for you to feel safe at McMaster and in Hamilton, and this includes protecting yourself from scams and phishing attempts.
If you are contacted by a service or someone promising you a tuition discount or fake scholarship, it is a fraud/scam. International students living in Canada can be vulnerable because it can be difficult to recognize scams, and students are often worried that they will cause more trouble by asking for help.
types of scams
McMaster’s Information Security Services team is advising students, staff and faculty to be aware of current online phishing and spoofing attempts. There are different types of scams like gift card phishing scams and tuition payment scams.
how do scams work
Students at Canadian universities are increasingly being targeted by fake websites or services offering fake scholarships, soliciting fraudulent application fees, and tuition discounts. While there are many different variations of the scam, financial phishing scams typically start with some form of impersonation.
Students are often contacted by the scammers online using popular apps such as WeChat, email, phone, or in some cases may even be approached in-person. They may also try to recruit people at universities to promote the scam as a legitimate tuition discount service. The fraudsters typically create a fake website or free email address impersonating an executive, or someone at the university.
The scammers will typically ask the student for their login credentials, and then pay the tuition on behalf of the student using a stolen credit card. After the student confirms their tuition has been paid in their university account, the student transfers a payment to the fraudsters. When the tuition payment is later identified as fraudulent, a chargeback is issued. The student ends up losing the tuition amount they sent to the fraudsters and still owe the university the original tuition amount.
Recent scams have used fake websites such as “universityname[.]wixsite[.]com” (with “universityname” replaced with the real name of the university) and other free website providers impersonating legitimate university websites.
The scam works since it entices students with a discount on their tuition. Unfortunately, it is very difficult to identify the fraudsters let alone hold them accountable.
How to PROTECT YOURSELF FROM SCAMS
Learn to identify when a message is fraudulent, report, and delete the message. Here are a few things to look for:
- Email subjects are typically “Are you available?”, “Do you have a moment?”, “Can you do me a quick favour?”, “Quick task for you…”, “Important Task”, etc.
- From/Reply-To email address is not from the @mcmaster.ca domain. Hover over the sender’s name in the message to see the “reply-to” address and review it carefully. If it is not @mcmaster.ca, it is not a legitimate message.
- Sense of urgency or very brief message. A few examples, “Currently in a meeting and need you to buy me $100 iTunes gift cards”, “Give me your cell number. I need you to do a quick task”, “Need a quick favor. just reply to my email”, etc.
- Message has poor formatting, grammar, or spelling.
- The style or signature isn’t quite right. Does the message appear like other messages from this sender? If something doesn’t seem right, it’s likely a phish.
- If rewards or prizes of small monetary value are required for any reason, the decision and authorization for their purchase should be done in person.
- Never reply or talk to the fraudsters since they may try to lure you further into the scam.
Staying informed and taking specific precautions can help you detect and protect yourself from scams.
- Be suspicious of calls that demand money or immediate action.
- Do not reply to the scammers since they may try to lure you further into the scam.
- If possible, block the scammers in the chat app to prevent them from contacting you further.
- Don’t share your university credentials or passwords with anyone.
- Never use any stolen credit card numbers provided by the scammers to pay your tuition.
- Do not pay your tuition to a third-party facilitator/intermediary.
- If approached in person, do not talk to the scammers, and contact the police.
- No law enforcement agency will demand payment of currency in order to conduct an investigation.
- Never offer information to the caller.
- Never share your banking information with anyone.
- Don’t be afraid to say no.
- Remember to never send money to someone under uncertain conditions.
Recognize a phishing scam? Here’s what to do:
We ask that students and the university community continue to be vigilant about these types of fraudulent phishing scams and continue to report them. For more information and how to protect yourself against these types of scams, please also see The Importance of Protecting Yourself from Scams.
If you do receive one of these messages, please report the message to email@example.com, then delete the message. If you’d like to increase your cyber security awareness, there are a number of McMaster IT Security resources available, including:
- IT Security phishing resources
- IT security tips for students
- Cyber security tips for remote working
- IT security resources