Alerts Newsletter

Scam of the Month: RESEARCH ASSISTANT VACANCY FOR UNDERGRADUATE

By

The Office of Information Security has observed a trend in which criminals advertise a job while impersonating a Professor of Computer Science and Engineering. Impersonation is one of the most effective social engineering tactics used by scammers, and it can be particularly enticing if offered employment. 

If you see a message like the one below, please do not interact with the sender and do not follow any special instructions. When in doubt, you can always reach out to the person being impersonated using known contact methods. Please be aware of the following tips for recognizing these types of job advertisement scams.

From: Lexus Scott <paul@mycarsolutions.co.uk> Subject: RESEARCH ASSISTANT VACANCY FOR UNDERGRADUATE REDEFINED RESEARCH ASSISTANT OPPORTUNITY Washington University in St. Louis Department of Computer Science & Engineering at is looking for research assistants who are willing to work remotely for 0 a week. Students from any department at the university may participate in the study. Text Professor Patrick Crowley at (505) 309-0428 with your full name, email address, department, and year of study to receive the job description and additional application requirements. Many Regards. Professor of Computer Science, Patrick Crowley.
From: Lexus Scott <paul@mycarsolutions.co.uk> Subject: RESEARCH ASSISTANT VACANCY FOR UNDERGRADUATE REDEFINED RESEARCH ASSISTANT OPPORTUNITY Washington University in St. Louis Department of Computer Science & Engineering at is looking for research assistants who are willing to work remotely for $350 a week. Students from any department at the university may participate in the study. Text Professor Patrick Crowley at (505) 309-0428 with your full name, email address, department, and year of study to receive the job description and additional application requirements. Many Regards. Professor of Computer Science, Patrick Crowley.
From: Lexus Scott <paul@mycarsolutions.co.uk> Subject: RESEARCH ASSISTANT VACANCY FOR UNDERGRADUATE REDEFINED RESEARCH ASSISTANT OPPORTUNITY Washington University in St. Louis Department of Computer Science & Engineering at is looking for research assistants who are willing to work remotely for $350 a week. Students from any department at the university may participate in the study. Text Professor Patrick Crowley at (505) 309-0428 with your full name, email address, department, and year of study to receive the job description and additional application requirements. Many Regards. Professor of Computer Science, Patrick Crowley.
  1. The sender’s email address is from a UK car company. 
  2. The sender’s name is Lexus Scott, but the email address starts with Paul. Whoever the sender is, they are not Patrick Crowley, whose contact info can be verified in the WashU directory
  3. The phrasing is odd, and there are typos throughout. 
  4. They tell you to text someone your personal information. This tactic moves the conversation to a medium not managed by WashU, making it more challenging for our infosec team to intervene. It is important to remember that WashU will never engage with you through text for job opportunities, insist you buy your own equipment or deliver a check to you to cash via email. 
  5. The phone number they provide has an area code from New Mexico. 
  6. Instead of providing a link to a job application in Handshake, they demand your personal information in exchange for the job description.

If you do fall victim to a scam like this one, here are some steps you can take to secure your information 

First, determine what information you revealed during the hiring process. If you provided your social security number, debit or credit card information, bank account information, or online login information before being hired, report it to the Federal Trade Commission at IdentityTheft.gov. They will give you advice tailored to your situation. 

Further Reading 

Job Posting Scam | Office of Information Security | Washington University in St. Louis (wustl.edu) 

10 Phishing Safety Tips    

  1. Don’t click. Instead of clicking on any link in a suspicious email, type in the URL or search wustl.edu for the relevant department or page. Even if a website and/or URL in an email looks real, criminals can mask its true destination.    
  2. Be skeptical of urgent requests. Phishing messages often make urgent requests or demands. When you detect a tone of urgency, slow down and verify the authenticity of the sender and the request by using official channels rather than the information provided by the sender.    
  3. Watch out for grammar, punctuation, and spelling mistakes. Phishing messages are often poorly written. Common hallmarks of phishing are incorrect spelling, improper punctuation, and poor grammar. If you receive an email with these problems, it may be a phishing attempt. Double-check the email address of the sender, dont follow any links, and verify the authenticity of the request using official channels.    
  4. Keep your information private. Never give out your passwords, credit card information, Social Security number, or other private information through email.    
  5. Pick up the phone. If you have any reason to think that a department or organization really needs to hear from you, call them to verify any request for personal or sensitive information. Emails that say “urgent!”, use pressure tactics, or prey on fear are especially suspect. Do an online search for a contact phone number or use the contact number published in the WUSTL directory.    
  6. Use secure websites and pay attention to security prompts. Always check if you are on a secure website before giving out private information. You can determine whether a website is secure by looking for the “https:” rather than just “http:” in the Web address bar or for the small lock icon in the Internet browser. If your browser cannot validate the authenticity of the websites security certificate, you will be prompted. This is frequently a telltale sign of fraud, and it would be a good time to pick up the phone or report a suspicious message.    
  7. Keep track of your data. Regularly log onto your online accounts and make sure that all your transactions are legitimate.    
  8. Reset any account passwords that may have been compromised.    
  9. Know what’s happening. Visit the Office of Information Security Alerts page often.    
  10. Report it. If you are a victim of an email scam, report it to our office by using the Phish Alert Button (PAB). When you report a phishing attack, we will investigate it and, if necessary, remove other instances of the attack from our systems. Reporting the attack will help protect others and our institution.