In general, look at any email you are not expecting asking for personal information or a resume with caution.
Let's break down the phishing email (from January 16th, 2025) below as we look for signs that something fishy is going on:
A quick google search for "Project Hope" tells us that is a valid organization but that does NOT mean this email is safe.
Look at the email-addresses and find all the reg flags:
1. The sender: __@cfbisd.edu
- The organization in this email-address does not seem to be connected to Project Hope. A google search will tell us that this might be related to Carrollton-Framers Branch Independent School District (a school district in Texas). How is this connected to Project Hope, an organization for public health and humanitarian aid?
- You can even look up the person the email is supposedly coming from. This person is on Linkedin and their profile shows they are currently working in Medical Insurance. The connection with "Project Hope" or even the Texas school district seems a bit of a stretch. These facts do not make sense together in this context
- While the email-address may be real and actually exist with the user, bad actors have the ability to collect information from a compromised account to make it look real.
2. The intended recipient for your resume: ___@careers-projecthope.org
This email-address perhaps looks more convincing. A google search tells us the person in question does seem to work for Project Hope and the organization domain could be right.- A warning flag for this is the hyphenation with projecthope.org. Bad actors often try to make similar looking domains.
- There are simple tools to find to discover when an organization's domain was created. When looking up "careers-projecthope.org" on https://www.whois.com/whois/ we see that it was created early December, just a few weeks before receiving this email. This leads us to believe that it is NOT a real email for the organization Project Hope. (See the image on the right >>)
All these pieces of information lead to the conclusion that this email is a SCAM and we should NOT reply and should not provide a resume.
Submitting for job applications and sending resumes should always be done through the official website's career page unless you know the person sending the request.
In this particular case, sending a resume generated a follow-up email. A snippet is included below:
Another warning flag is the line "will be no formal interviews." It seems too good to be true.
At the end of email, there was a link to apply. This link is most likely dangerous. It can look exactly like the real Project Hope but in reality, it is a copycat website created to save all the personal information fields one fills out when applying for a job (name, date of birth, social security, address, etc.) and sends it all back to a bad actor. This is why clicking on links in emails in general can be dangerous.
Summary
- Recognize the signs of phishing
- Don't respond to phishing emails
- Report these messages to us and central campus
- Avoid sharing personal information via email
- Your supervisors won't send a mass email asking for your cell phone or other personal information, nor will they ask for any financial information or gift cards
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article