Skip to main content

TO:   NKU Campus Community
FR:   Chris Cole, Director of University Communications
RE:   Scams Targeting University Students and Employees


October is National Cyber Security Awareness Month, and as a leader in cyber security and a National Center of Academic Excellence in Information Assurance/Cyber Defense (CAE IA/CD), Northern Kentucky University takes the cyber security of its students, faculty, and staff very seriously. Recently, we notified students of a check scam that targeted an NKU student. That student’s awareness and vigilance helped prevent her from becoming a victim.

We all share responsibility in maintaining cyber security on our campus and in our lives. These attacks are becoming increasingly sophisticated, and it has never been more important for you to exercise sound judgment in your electronic communications. Be vigilant now so that you aren’t victimized later.

While no additional scams have been reported to University Police, I am writing to inform you about a number of known scams that have targeted universities across the country.

  • The Internet Crime Complaint Center (IC3) has received an increasing number of complaints from businesses reporting extortion campaigns via email. In a typical complaint, the victim business receives an email threatening a Distributed Denial of Service attack to its website unless it pays a ransom. If you have received such an email, notify University Police (X-5500) immediately. Additional information on this threat is available here.

  • The FBI warns of a fictitious “work-from-home” scam targeting university students across the U.S. Students receive emails to their school accounts recruiting them for payroll or human resources positions with fictitious companies. Students are asked to provide bank account credentials under the guise of setting up a direct deposit. The student’s account is then used to perpetuate a fraud against someone else. Students who fall victim to this scam can have their bank accounts closed for fraudulent activity and could even be prosecuted for their involvement. Additional information about this scam is available here.

  • Students are also being targeted in a telephone scam. Victims report receiving a call from someone claiming to represent the FBI or other U.S. government agencies and threatening to arrest them if they fail to pay thousands of dollars in alleged student loans, delinquent taxes, and even overdue parking tickets. During each attempt, the caller tries to gain personally identifiable information from the student. The FBI does not call private citizens requesting money. If you receive a call that seems suspicious, hang up and immediately notify University Police (X-5500). Additional information on this scam is available here.

  • University employees are being targeted in a payroll scam. Employees receive fraudulent emails indicating a change in their HR status. The email contains a link directing the employee to log in to an HR website that looks similar to the school’s legitimate HR site. Once an employee enters their login information, the scammer uses it to sign into the real HR site and change the employee’s direct deposit information. The scammer could also access other accounts that belong to the employee. Tips to protect yourself include: looking for poor use of English in the emails (many of the scammers are not native English speakers); rolling your cursor over links to ensure the link goes to where the email says it goes; and never providing your login credentials via email (which includes after clicking on links sent via email – always go to an official website rather than from a link sent to you via email). Additional information about this scam is available here.

Again, we are providing this information so that you can remain vigilant in the face of increased cyber security threats on college campuses across the nation. Cyber security truly is our shared responsibility.

If you receive a suspicious phone call, notify University Police at X-5500. Suspicious emails should be forwarded to abuse@nku.edu.