Students with concerns about any job posting or opportunity should notify the Magner Career Center before taking any action. Students can reach us at 718.951.5696, or through email at careernews@brooklyn.cuny.edu.

The Magner Career Center has no affiliation with these employers and can make no representation or guarantees concerning the positions listed. While the vast majority of positions are legitimate, we have seen an increase in the number of scam employers who are using job posting sites to scam students. While the center does its best to vet the employer and postings, it is the students’ responsibility to do additional research before they apply or interview for a position, even if the posting is on BC Handshake or any other site you encounter. Scam employers are becoming very sophisticated in evading detection during the vetting process by masquerading as legitimate companies or sending emails that come from a Brooklyn College email.

Before responding to any email, keep this in mind:

• Legitimate employers will not ask for your bank account details or your SSN prior to a job interview, job offer and/or job acceptance.  They will not ask you to send money or to deposit money.
• Beware of Brooklyn College Hacked Email Accounts: If you are receiving an email from a student or staff/faculty you have never interacted with, NEVER SEND PAYMENT for any reason. Staff/faculty will use official channels like CUNYFIRST when requesting payments.
• Prior to a legitimate job acceptance, don’t: Provide financial information, a copy of your driver’s license, a copy of your SS card or a copy of your Student ID.
• Reddit can be a great tool to begin the job vetting process. Simply search up the name of the company on Reddit and see if you can find any existing discussions.

The Recruiter (BIG RED FLAGS)

• How They Contacted You/Want You to Contact Them 
  1. You receive an email that appears to be from a professor, staff member or student you don’t know. The email may appear to come from an official Brooklyn College email address or a personal email address that includes the person’s name in the “From” field. However, when you check the actual sender’s email address, it seems random, unfamiliar, or suspicious (e.g., not an official school domain or with a suspicious username).
  2. You receive a job opportunity in an email from a sender that is not from the Magner Career Center.
  3. The posting forwarded to you says to use your personal email to respond and not your school email or they email you at your school email address but ask you to email them from a personal email to try to avoid the school’s spam filters.
  4. The employer uses a personal email account to communicate. Make sure addresses are coming from a corporate or business email.
  5. The email came from one address such as a BC email but after you respond they are emailing from a different email address.

• You did not apply for the position (this may happen but it is best to call the company to make sure it is a real person). Tip: be careful what information you post on job search sites. Even legitimate sites can have scam job postings.
• Contacts you via LinkedIn, or another social media outlet (While this can be legitimate, you should always try to call or email the company’s Human Resources department, to find out if they really have such a job opening and, if the name of a recruiter is given, ask if that person really works for them). For entry level jobs they usually won’t reach out to you.
• The organization uses street canvassers.
• The employer uses an e-mail address or website that may look legitimate but differs slightly from the real organization’s e-mail address and/or website (even just one letter off). 
• Or is pretty different from the URL of the company or emails listed on the site (might even say the company name but does not match the rest). The phone number or address does not match the company. 

• Difficult to contact or identify the person who posted the position.  Tip: Check on LinkedIn to see if the person is there  but even if you find the person’s name on LinkedIn the scammer may be just using their name. 
• The employer makes inappropriate comments or has unprofessional behavior during the interview or after.
• The employer asks illegal interview questions.
• The employer makes a job offer over the phone or via email without an interview.  
• The employer requests for an interview during non-business hours.
• The employer asks someone to apply on a website separate from the company website

Information They Ask For/Instructions Given 

1. The employer asks for your social security number or other personal information such as a copy of your ID, mailing address, bank information especially before hiring you or interviewing you.
2. Asks you to send money or to deposit money.
3. Employment agencies that charge a fee
   1. While some legitimate agencies may charge for use of their services, it is encouraged to do extensive research

Company/Job Details

• The organization has no established website.
• There is a generic description of what the company does, and not what the intern/employee will do.
• Limited details about the organization are available in the posting or online when you do research.
• You might even get something that looks legitimate, has their logo, address etc. but read the document carefully to see if what is written makes sense, has proper spelling and grammar.
• An internship is unpaid but does not comply with DOL’s Guidelines for Unpaid Internships.
• The organization posted an internship after mid-semester when it is too late to make arrangements for academic credit.
• Be cautious of startup organizations; some can be unorganized and not in compliance with DOL guidelines.
• You are set to work in a home office or residence versus a business office setting – the internship/job can also be virtual where you work from home.
• The opportunity sounds too good to be true. An example of this can be the organization offers a high hourly rate or salary.

Here are some real examples of emails that look legitimate but are a scam:

• Sent to a BC staff member: My name is Alexandra, i am an Alumni of Brooklyn College. I have an uncle Doctor Paul <last name> who is moving to the College  area, he needs someone to watch, bath and walk his dogs, he is offering $300 Weekly. if you know a student who might be interested in this position have them email him via <different email address>. to make sure he sees their respond, interested student should message him from their personal email address.
• Email from student scammed $100 by sending payment to unverified staff email:
  Someone sent me an email through the school email that Kendra Lewis was giving away her husbands stuff because she’s moving overseas and you have to only pay for shipping. I wanted the camera so I emailed her and she said okay send me 100$ for shipping and you will have the camera on Sunday. But, she kept demanding to send her another 50$ for insurance. I told her I can’t the 100$ was all I had. Now I demanded a refund, but she’s not answering.
• Sent to a BC student from another BC email: 
  I’m <First name last name> from Indeed. I am in urgent need of a Personal Assistant/Errands person (part-time) Pay is $500/week. Interested? Write to <different email address> from your personal email for more details about this job.
• Sent to a BC Student:
  “Dear Staff and Student, This message is from Campus Job Placement & Student Services. During this time that we are in, working from home would be great. Therefore, The school job regulatory system has offered you a Job Opportunity at the convenience of your home or school,  which serves as a gateway to paying all expenses incurred on campus. This opportunity should be done at leisure taking at most 1 hour/day,2-3 times a week and earn $450 Bi-Weekly.. It’s a Flexible Opportunity where you will determine your working time. All the tasks are work from home/on campus, you don’t need to travel , you don’t need to have a car to get started. You can be in any location and work from your home/ school, To apply:
  CLICK HERE or email your resume to …@m.com.” 
  CUNY Career Centre
• Sent to a BC student through someone who got their email from Linkedin:

You are welcome to <name of real company> Pharmaceuticals telecommute position, attached to this Email entails the company details and the job briefing of the position.  I would like to chat with you for about 40-55 minutes to learn more about your background and what you are looking for in a career. To setup an interview, you are required to follow up by following steps below.

Step 1.Download RingCentral application for your device (glip.com) on your PC,smartphone,IOS/Andriod.  

Step 2. Create an account using your existing email to create a username and password.

Step 3. Add me to your contact using my email (barbara@careers-name of real company.com) after you might have created your account.

Step 4. Send me your Interview Code: “PF501180” once you are set up.

Let me know what time works best for you to interview. Note: This is a work from home position and you can work from anywhere within the states. Full training will be offered to you. You are also welcome to apply for part-time, keep your other jobs and still enjoy full benefits.

Signed with name of actual employee from company (found on Linkedin) 

Types of Scams:

The frequency, complexity, and variety of employment scams are on the rise. Below you will find examples of four common employment scams:

• Payment Forward Scams: After you apply for a “position” or reply to an e-mail, the bogus “employer” replies with instructions to complete a task. Typically, the details are that you receive a check in the mail with instructions to deposit the check into your account, and send a percentage, via wire transfer, to another person. The employer promises that you will keep a percentage. This scam is sometimes referred to as a “money mule,” posted under the titles of “financial manager”, “payment processor”, or “transaction specialist”. Do not accept the check. The check will then bounce and you, the job seeker, will lose whatever money you sent to the “employer”. They will ask you to deposit a check, transfer some of the money to someone else or to purchase other items. But in reality, the money received is stolen, often the result of fraud on accounts, and is then laundered to overseas bank accounts. 
• Application Fee or Training Scams: These scams charge you an “application fee” or ask you to pay for “mandatory training” in exchange for “guaranteed” employment. The cruise line, postal service industry and security officers have been used as pawns in this scam.
• Phishing Scams: Unsolicited emails or texts from “employers” declaring that they are responding to your posted resume are typically examples of phishing scams. They will often state that your skills match the position that needs to be filled, but they need more information from you. The information they are seeking is often personal information, which can be used to steal your identity.
• Mystery/Secret Shopper Scams: There are legitimate mystery shopping companies that hire college students and others to provide feedback to retailers and restaurants. Unfortunately, many mystery shopper postings are scams. This scam also occurs through unsolicited emails or via online job posting boards. Typically the “company” asks you to pay a fee to become an “employee” or “mystery shop” If a job sounds too good to be true, it almost certainly is…don’t pursue it without diligent research.
• Network Marketing: Individuals, claiming to be Brooklyn College alumni, have been contacting students and enticing them with promises of earning income and retiring early. They employ persuasive phrases such as “network marketing,” “personal mentoring,” and “investment opportunities.” They may also offer you a book to read and discuss during an in-person meeting. It is important to recognize these red flags, as these individuals may eventually request that you invest money with the promise of high returns. If you receive messages of this nature, it is crucial to report them immediately through LinkedIn and refrain from responding.
• Personal Assistant Scam: Individuals claiming to be successful international employers have been reaching out to students via WhatsApp. Be wary of any job requesting you to call or text to apply; this is not a common application method for legitimate employers.

What to do if you are caught by a Scam:

• Assess how much of your personal information is potentially out there.
• If they sent you a check, destroy it and let them know you are no longer interested in the position.
• Get in touch with your bank or credit-card company and dispute any fraudulent activity immediately.
• If you received the scam through your BC email or another BC source notify the Magner Career Center so we can alert other students.
• Review the FTC’s article on what to do if you were scammed 

What to do if you experience Discrimination/Sexual Misconduct on an Interview?

• Review CUNY’s Policy on Equal Opportunity and Non-Discrimination.
• Review Brooklyn College’s Sexual Misconduct Information and Resources available to you.
• Report it to the Magner Career Center immediately.

For further information on recognizing and protecting yourself from job posting scams view the following links:

• Better Business Bureau
• Federal Trade Commission, Consumer Information
• Federal Trade Commission, College Student Scam Information
• Hoax Slayer
• Labor NY
• Recognizing Scam Employer Techniques (Wall Street Journal)
• Protections for INTERNS in the Workplace
• The Muse – Job Scams Are on the Rise – Here’s How to Spot them and Steer Clear
• The Balance Top Job Scam Warning Signs
• NACE Fraudulent Employers
• 22 Year Old Shares Nightmare of Getting Scammed by Fake Job
• Spoofing and Phishing — FBI

Although the vast majority of internships and job postings are legitimate, it is very important for students to know the warning signs to watch for. Scams can appear on legitimate sites such as BC Handshake, indeed.com, LinkedIn etc. Just because it is on the site, does not mean the posting/employer itself is legitimate. Some postings may be using the information of a real company but the contact information is directing you to a scammer or the scam may even come from the BC email of another student or staff member, whose account was hacked.  Students should notify the Career Center if they have any concerns by calling (718.951.5696) or emailing careernews@brooklyn.cuny.edu. Being notified about negative internship/job experiences allows us to prevent other students from applying in the future.

Review the email safety tips and phishing examples.

• Do not respond to these e-mails, and never provide any personal information by e-mail.
• Do not click any links and do not open any attachments you weren’t expecting to receive.
• Do not forward these e-mails to your friends.

View examples of real spam/phishing emails sent to Brooklyn College.

Red Flags

Here are some examples from actual phishing email scams and red flags to look for:

• Mouse over the VERIFY link, will reveal non-Brooklyn College/CUNY address.
• Official Brooklyn College/CUNY email correspondence will always have official Brooklyn College contact information listed.
• NO official correspondence originates from student email account (@bcmail.cuny.edu).

• As our system clearly indicates, this email came from outside of Brooklyn College it DID NOT come from within the college.
• Official Brooklyn College email correspondence will always have official Brooklyn College contact information listed.

• As our system clearly indicates, this email came from outside of Brooklyn College it DID NOT come from within the college.
• Legitimate signature is missing.

• As our system clearly indicates, this email came from outside of Brooklyn College it DID NOT come from within the college.
• Mouse over the GATEWAY link, will reveal non-Brooklyn College address.
• Official Brooklyn College email correspondence will always have official Brooklyn College contact information listed.

• As our system clearly indicates, this email came from outside of Brooklyn College it DID NOT come from within the college.
• Despite the fact this email came from Brooklyn College, mouse over the link, will reveal non-Brooklyn College address.
• Official Brooklyn College email correspondence will always have official Brooklyn College contact information listed.

• As our system clearly indicates, this email came from outside of Brooklyn College it DID NOT come from within the college.

• Despite the email showing sender as someone from Brooklyn college (irs.service@brookyn.cuny.edu) our system clearly indicates it DID NOT come from within the college.

• Our system clearly indicates it DID NOT come from within the college.
  Scammers will often send the email from a random email account and change the Display Name of the email address to either your boss, supervisor, or director.

• Despite the email showing sender as someone from Brooklyn college (helpdesk@brookyn.cuny.edu) our system clearly indicates it DID NOT come from within the college.

• Our system clearly indicates it DID NOT come from within the college.
• The name of the sender does not match sender’s email address.

• The FROM field states this email came from kbcc.cuny.edu (Kingsborough Community College) BUT the footer says it came from Brooklyn College ITS Help Desk.

• The domain of the sender does not match.
• The spelling of NYS is wrong (there shouldn’t be a lowercase s in NYs). Possibly the easiest way to recognize any fraudulent email is bad grammar.
• Unsolicited emails that contain attachments reek of hackers. Typically, authentic institutions don’t randomly send you emails with attachments, but instead direct you to download documents or files on their own website.

1. Our email security system that filters all inbound and outbound email traffic flagged this email as suspicious by inserting [Suspect] in the Subject line of this email.
2. Despite the email showing sender as someone from Brooklyn college (securities@brookyn.cuny.edu) our system clearly indicates it DID NOT come from within the college.
3. Mouse over the FIX ERROR button, will reveal non Brooklyn college address.

Despite the email showing the sender as someone from Brooklyn college (webmaster@brookyn.cuny.edu) our system clearly indicates it DID NOT come from within the college.

The training covers phishing, password protection, and data safety to protect personal and university information.

More CUNY Cybersecurity awareness resources.

• Install and Maintain Antivirus Software. Antivirus software recognizes malware and protects your computer against it. Always visit vendor sites directly rather than clicking on advertisements or e-mail links. Because attackers are continually creating new viruses and other forms of malicious code, it is important to keep your antivirus software up to date.
• Use Caution With Links and Attachments. Take appropriate precautions when using e-mail and web browsers to reduce the risk of an infection. Be wary of unsolicited e-mail attachments, and use caution when clicking on e-mail links, even if they seem to come from people you know. If an email looks or sounds suspicious, ask the IT helpdesk before you click. Learn more about spoofing and phishing.
• Block Pop-Up Advertisements. Pop-up blockers disable windows that could potentially contain malicious code. Most browsers have a free feature that can be enabled to block pop-up advertisements.
• Use an Account With Limited Permissions. When navigating the Web, it’s a good security practice to use an account with limited permissions. If you do become infected, restricted permissions keep the malicious code from spreading and escalating to an administrative account.
• Disable External Media Autorun and Autoplay Eatures. Disabling AutoRun and AutoPlay features prevents external media infected with malicious code from automatically running on your computer.
• Create and Use Strong Passwords. Make your passwords as difficult as possible to prevent attackers from guessing them.
• Keep Software Updated. Install software patches on your computer so attackers do not take advantage of known vulnerabilities. Consider enabling automatic updates, when available.
• Back Up Your Data. Regularly back up your documents, photos, and important e-mail messages to the cloud or to an external hard drive. (Make sure your hard drive is disconnected from your computer after backup is done). In the event of an infection, your information will not be lost. Keep in mind data containing New York State and other private information (Social Security number, state-issued driver’s license or non-driver identification card number, financial account number, credit or debit card number), in combination with any required security code, access code, or password that would permit access to an individual’s financial account, is also classified as Confidential Data regardless of context. Confidential data is not allowed to be processed, created, collected, stored, oor archived in the cloud unless approved by the university’s chief information security officer.
• Install or Enable a Firewall. Firewalls can prevent some types of infection by blocking malicious traffic before it enters your computer. If the operating system you are using includes one, enable it.
• Monitor Accounts. Look for any unauthorized use of, or unusual activity on, your accounts—especially banking accounts. If you identify unauthorized or unusual activity, contact your account provider immediately.
• Avoid Using Public Wi-Fi. Unsecured public Wi-Fi may allow an attacker to intercept your device’s network traffic and gain access to your personal information.
• Use Dedicated Applications for Banking, Making Payments, Etc.

We encourage you to complete CUNY’s short cybersecurity awareness training.

Need Help?

Contact the IT Helpdesk

To minimize your exposure to the damage that might come from malicious e-mail, take a few extra precautionary steps and investigate every incoming e-mail.

Be Aware

Phishing e-mails and text messages may look like they’re from a company you know or trust: a bank, a credit card company, a social networking site, an online payment website or app, or an online store. Phishing e-mails and text messages often tell a story to trick you into clicking on a link or opening an attachment. These days it is hard to avoid getting phishing e-mails. However, you can avoid becoming a victim!

Do not respond to these e-mails, and never provide any personal information by e-mail. Do not click any links and do not open any attachments you weren’t expecting to receive. Do not forward these e-mails to your friends.

Just because an e-mail message looks like it came from someone you know does not mean that it did. Many e-mail messages have spoofed senders, making it look like the message came from someone else.

To minimize your exposure to the damage that might come from malicious e-mail, take a few extra precautionary steps and investigate every incoming e-mail.

Learn more about Phishing emails.

For iPhone and iPad Users

Tap on the e-mail to display the message, then tap on Details, and, finally, tap on the sender’s displayed name. Page displaying options for this sender will show as well as the sender’s e-mail address. To see where the links provided in the e-mail lead, tap and hold on any link until preview window appears.

For Android Users

Tap on the e-mail to display the message, then press the displayed name to reveal sender’s e-mail address. Regardless if the e-mail sender is legitimate or not, press the link to “Copy Address,” which will reveal the real URL.

For Mac Users

Hover the mouse on top of the sender’s e-mail to display options. Click on open outlook contact, which should look like an image of an ID card located on the right-hand side of the prompt. This should display the sender’s entire e-mail as well as other information such as organization and details. To see where the links provided in the e-mail go, hover you mouse over a link; this will reveal the real URL.

For Windows Users

Tap on the e-mail to display the message, then right click on the displayed name to open sender’s contact card. To see where the links provided in the e-mail go, hover mouse over to reveal the address.

Please remember, do not just click on any links provided in an e-mail. Mishandling fake e-mail could cost you thousands!

Also review the article on employer job scams.

Need Help?

If you receive an e-mail that worries you, report it to the IT Helpdesk.

I responded to phishing email, what should I do?

If you sent money via Zelle to a phishing email, you should take the following steps immediately:

1. Contact Your Bank – Reach out to your bank or Zelle provider to report the fraudulent transaction and see if a reversal is possible.
2. Report the Fraud to Zelle – Although Zelle transactions are typically irreversible, reporting the issue may help in certain cases.
3. For an actual loss report to FBI at IC3.GOV
4. File a Fraud Report – Report the scam to the Federal Trade Commission (FTC) at reportfraud.ftc.gov and to your local law enforcement if needed.
5. Monitor Your Accounts – Keep an eye on bank statements for any unauthorized transactions.
6. Change Login Credentials – If you shared sensitive information, you should update passwords and enable two-factor authentication on their accounts.
7. Report this incident to BC Campus Security
   Telephone: 718.951.5511
   E-mail: security@brooklyn.cuny.edu

For users’ protection, Brooklyn College requires 128-bit Secured Socket Layer (SSL) strong encryption during users’ online sessions with Web Services. Encryption is a sophisticated way of scrambling all information transmitted online before it leaves a user’s computer, so that all information, including passwords and online bill payments, are completely unreadable by unauthorized third parties. No transactional information will be transmitted without first being encrypted.

Brooklyn College requires that a user’s Web browser support 128-bit encryption because it is more effective than 40-bit encryption. While 40-bit encryption might be fine for low-risk transactions, it is not adequate for protecting financial transactions. When students supply data via the Internet, it is encrypted before it travels across the World Wide Web. Brooklyn College decodes and processes the data at our end of the transaction process. When we provide data to users, the data is encrypted by the college and sent to the user. When the user receives the data or information, his or her browser decodes the information and displays it to them.

Users can ensure that online information is encrypted in Internet Explorer or Netscape if the small key or lock at the bottom left-hand or right-hand corner of their screen is latched.

Database Server Security

Brooklyn College database servers are protected behind secure firewalls to prevent unwarranted access from the Internet and are protected by multilayered password and encryption security.

Family Educational Rights and Privacy Act (FERPA)

What is FERPA (Family Educational Rights and Privacy Act)?

The Family Educational Rights and Privacy Act of 1974, as amended (also sometimes referred to as the Buckley Amendment), is a federal law regarding the privacy of student records and the obligations of the institution, primarily in the areas of release of the records and the access provided to these records. Any educational institution that receives funds under any program administered by the U.S. Secretary of Education is bound by FERPA requirements. Institutions that fail to comply with FERPA may have funds administered by the Secretary of Education withheld.