October is Cybersecurity Awareness Month, so we'd like to bring your attention to two increasingly common scam tactics that go beyond the usual clumsy phishing for your username and password.

Online Job Scam

Have you ever seen an email that offers you easy work or an interesting internship for a very attractive wage? If it sounds too good to be true, it probably is! 

Job scams are rife in Higher Education - scammers see students as easy targets because they are enthusiastic about new opportunities, are eager to please, and often could use some extra money. The same is true of faculty and staff - if you've ever felt underemployed, underappreciated or underpaid, or like you could use a move in a different professional direction, you might be susceptible to scams that promise new opportunities, better compensation, or even a review of your pay and benefits in your current position.

Spotting online job scams can be tricky, but knowing that they exist and always considering emails or other online materials with a healthy dose of skepticism will keep your identity and your wallet safe.

TOAD (telephone-oriented attack delivery)

Nearly everyone knows about phishing at this point, but what about scams that are delivered by means other than email? Scammers are increasingly using text messages and phone calls to augment traditional email phishing techniques. 

These attacks, known as "TOAD" (telephone-oriented attack delivery), use the same tactics as traditional phishing - fear, uncertainty, and doubt - to trick people into responding. By mixing communication methods, however, they establish credibility in the recipient's mind. If you receive an email that seems suspicious because of its content or presentation, you would likely choose to ignore it or ask someone about it, right?  If the attacker follows up with a text message or phone call to your personal phone, however, it may make you question your assessment of the original message. But don't be fooled!

At a time when data breaches are common and data brokers have an increasingly complete dossier of our personal information, this type of sophisticated attack is likely to become more prevalent. Education and skepticism will help you identify this type of scam and allow you to delete/ignore unwanted communications.