Aware and Share: A Visual Guide to Phishing Scams Targeting International Students
Content created by Eesha Alla as part of a Spring 2025 research assistantship
This webpage is part of an academic project for the UNC Charlotte Office of Undergraduate Research aimed at raising awareness about phishing scams targeting International students. It builds upon insights from a SMiShing study conducted by Sarah Tabassum, Dr. Cori Faklaris, and Dr. Heather Lipford [1].
What is Phishing, and Why Would Anyone Fall for That?
Phishing attacks are fraudulent attempts to access personal information by pretending to be a trustworthy individual/institution. Scammers tend to use tactics like urgent language, emotional manipulation, deceptive links, and offering fake rewards to attract victims and exploit their data. While anyone could fall for a phishing scam, there are a variety of factors that make International students more vulnerable to such attacks. These include cultural differences linked to security literacy and awareness, concerns about legal compliance to maintain their visa status, and the lack of university-based security training resources specifically targeted at International students.
So, What’s Missing?
Some federally-funded sites and universities host security and privacy literacy pages online to educate readers about recent scams that have been affecting the International student body [2][3][4]. However, a majority of these resources solely use text-based descriptions and often lack clear, visual examples to guide readers’ understanding of phishing scams.
To address this gap, we will be going over five types of phishing attacks that have been targeting International students recently using visual mockups created in Figma:
Different Types of Phishing Scams:
1. SMiShing Scam:
SMiShing or SMS Phishing primarily occurs through text messages/SMS and is one of the more popular attack methods against International students.
Scammers often pretend to be credible entities like government agencies, banks, or official corporations to trick students into sharing private information like credit card numbers, passwords, and verification codes.
These scams also tend to include deceptive links which the scammer will try to urge the student to click on. When clicked, these links can lead to harmful consequences like setting up unauthorized charges, losing sensitive data, or installing malware on your device.
Here is a mockup of a SMiShing scam where the scammer uses urgent language and deceptive links to make the International student believe that they are at risk of losing their visa status and get them to click. This is a common fear tactic that students must look out for.
2. Nigerian 419 Scam:
The Nigerian 419 scam promises the user a generous reward (typically, money or expensive goods) which they can receive after making a “small” deposit upfront.
After paying this amount, the scammer disappears along with the promised reward. To gain the student’s trust, the scammer often pretends to be an official organization or a wealthy individual such as a foreign investor or a member of royalty.
While the promise of a financial reward can seem attractive to International students migrating from varied socioeconomic backgrounds, it is important to be skeptical of rewards that sound too good to be true and to avoid giving these scammers any money or personal information, especially when the tone seems urgent or overly generous [5].
Here is a mockup of a Nigerian 419 scam where the scammer pretends to be from the “North Carolina Fraud Detection Department” (this does not exist!), offering the student an overly generous reward of 6 million dollars for a 1500 dollar deposit. If the student has experienced a scam in the past, this “compensation” might seem tempting, but it is crucial to be suspicious and seek advice from trusted individuals/departments around you to avoid such scams.
3. Google Docs Scam:
Last year, the IT Services department at Miami University spread awareness about scammers who were using Google Docs and QR codes to offer fake “departmental rewards” to students on campus [6].
When students clicked on the Google document shared with them, scammers would then collect their sensitive information. Considering how many International students (often Graduate/Masters students) tend to take up research and teaching assistantship positions at universities, this type of phishing scam should be considered a security risk.
Students must make note of indicators like the sender being “outside your organization” or different names being used for the sender and the person sharing the file with you.
Here is a mockup of a Google Docs scam where the scammer pretends to be within the student’s organization by offering them a fake research opportunity. Look out for signs like the name of the sender (Clara Knightly) being different from the person who shared the file with you (John Lowly). Another crucial detail here is the warning from Google that the sender is outside your organization.
4. Social Media Scam:
According to the Homeland Security site, scammers may also target International students through social media platforms [7]. One tactic they use is pretending to be an official account representing the student’s university/institution to trick them into paying fees or additional money.
Formal and urgent language is often used to encourage students to take immediate action and pay up to avoid affecting their visa or student status. It is important for users to remember that universities typically never contact students on social media so this in itself is a major warning sign.
Here is a mockup of a phishing scam where the scammer is pretending to message the student from UNC Charlotte’s official Instagram account to ask for 1200 dollars in fees. Pay close attention to the threatening tone in the message below which is meant to be a fear tactic to encourage a quick response from the student. The fact that the sender is delivering an external message as seen in the warning below should also be flagged.
5. Gift Card Scam:
Gift card scams have also been a popular phishing method targeting International students. Scammers will use urgency, emotional deceit, incentives like cash rewards, or overpayments for a transaction to push you to buy a gift card from a local store as soon as possible [8][9].
Once the gift card has been procured, they will then ask for the PIN and card number which can allow them to steal your money. Make sure to stay alert for unexpected messages, urgency, or fake links.
Here is a mockup of a gift card scam sent to a student through SMS. The scammer overpaid for a transaction and is asking the student to buy a gift card, even going as far as sharing a specific store location to buy one. The friendly tone and urgency are meant to emotionally deceive the student into purchasing the card quickly. The unknown number here is also a potential indicator of phishing.
Summing Up
Here is a quick checklist of some key indicators to look out for when trying to identify a phishing scam:
• Suspicious/Unknown senders
• Requests for personal/sensitive information
• Urgent or emotionally manipulating language
• Typos/Grammatical errors
• Strange Links or Attachments
• Unrealistic rewards/offers
Moving Forward and a Proposal for the DAE
Visuals offer an accessible and intuitive way to disseminate information on phishing attacks, allowing for greater awareness. In the context of security and privacy related research with International students, it is crucial to understand the broader implications of cultural differences, security literacy, and privacy mental models on their perceptions of and attitudes toward phishing scams. Using visually-centered tools like the DAE may offer valuable insight into these topics. The DAE (Describe, Analyze, and Evaluate), is a cultural framework that has been adapted from Bennett and Bennett’s “DIE” (Describe, Interpret, and Evaluate) by Nam and Condon in 2010 [10]. The model involves showing participants photographs of a seemingly unfamiliar/unique idea or action before asking them to walk through three key steps: Describe: Participants share what they see in the image on the surface-level Analyze: Participants start examining the possible meanings/symbolism depicted in the image. Evaluate: Finally, participants reflect on their feelings and assumptions based on their description and analyses.
When combined with relevant security and privacy-related visuals (such as these phishing scam mockups), the structured format of the DAE exercise can allow International students to critically think about their privacy needs and goals, while reflecting on their current biases and attitudes toward these scams. By understanding International student perspectives on a deeper level, Privacy and Security Researchers and Designers can empathize with their needs and build stronger security systems and interfaces.
References
[1] Sarah Tabassum, Cori Faklaris, and Heather Richter Lipford. 2024. What Drives {SMiShing} Susceptibility? A {U.S}. Interview Study of How and Why Mobile Phone Users Judge Text Messages to be Real or Fake. 2024. 393–411. Available at USENIX
[2] U.S. Department of State. 2024. Fraud Warning. Retrieved from https:// travel.state.gov/content/travel/en/us-visas/visa-information-resources/fraud.html
[3] International Student and Scholar Services, Texas State University. 2025. Examples of Common Scams and Frauds Aimed at International Students. Retrieved from https:// www.international.txst.edu/student-resources/scamsandfraud/examples-of-commonscams-and-frauds-aimed-at-international-students.html
[4] annekauf. 2025. WARNING: Scammers Are Targeting International Students – Don’t Fall for It! – Office of International Services. (February 28, 2025). Retrieved from https:// ois.usc.edu/2025/02/28/warning-scammers-are-targeting-international-students-dontfall-for-it/
[5] D. Schaffer. 2012. THE LANGUAGE OF SCAM SPAMS: LINGUISTIC FEATURES OF “NIGERIAN FRAUD” E-MAILS. ETC: A Review of General Semantics, 69, 2 (2012), 157–179. Retrieved from http://www.jstor.org/stable/42579182
[6] D. Connors and E. Parsons. 2024. Recent phishing scams: Google Docs and QR codes. Miami University IT Services. (May 3, 2024). Retrieved from https://miamioh.edu/ it-services/news/2024/05/phishing-scams-may24.html
[7] Department of Homeland Security. 2015. Scammers Target International Students on Social Media. Study in the States. (July 29, 2015). Retrieved from https:// studyinthestates.dhs.gov/2015/07/scammers-target-international-students-social-media
[8] Federal Trade Commission. 2015. Avoiding and Reporting Gift Card Scams. Federal Trade Commission. (July 29, 2015). Retrieved from https://consumer.ftc.gov/articles/ avoiding-and-reporting-gift-card-scams
[9] Office of International Students & Scholars, Yale University. 2025. Scams & Fraud. Yale University. Retrieved from https://oiss.yale.edu/campus-community-life/forstudents/safety-resources/scams-fraud
[10] Kyoung-Ah Nam and John Condon. 2010. The DIE is cast: The continuing evolution of intercultural communication’s favorite classroom exercise. 81-87.