For a better experience, click the Compatibility Mode icon above to turn off Compatibility Mode, which is only for viewing older websites.

Student & Employee Best Practices


Jobs that sound too good to be true should raise a red flag for any college student. Attackers are preying on students who are looking to make extra money while in college. Fake job postings, often distributed through unsolicited private messages or appearing on online job listing websites, represent efforts to illicitly obtain personal information.

How to Recognize a Scam 

If the email or job posting contains any of the following, it is likely to be a scam: 

  • Does not indicate the company name/the employer’s contact information.
  • Comes from an email address that does not match the company name.
  • Offers to pay a large amount of money for very little work.
  • Requests sensitive information such as Social Security Number, bank account/credit card details, copies of your passport/license, or other documents during the interview process.
  • Requires you to transfer/wire money from one account to another, or purchase any type of gift cards.
  • Offers you a job without ever interacting with you.
  • Offers to send you a check before you start working.

If you are suspicious of a job posting or email, don’t hesitate to contact the Steinbright Career Development Center.

How to Avoid a Scam

Here are some things that you can do to protect yourself from a scam:

  • Visit the organization’s website: if the organization in question doesn’t have a website or the website doesn’t seem to match the advertised job, there may be cause for concern.
  • Use personal contacts, LinkedIn, or other networking sites: use any connections you may have that can help you find inside information about the company.
  • Be suspicious of poor communication skills of the employer: be careful when an employer cannot communicate accurately or effectively on the website, by email, or over the telephone.
  • Don’t pay any application fees that may be requested from you: legitimate employers, including the federal government, will never ask you to pay to get a job.
  • Never bank on a “cleared” check: no legitimate potential employer will ever send you a check and then tell you to send them part of the money or buy gift cards with it.
  • Take the DUST: For more knowledge on Information Security, please take Drexel University's Security Training.

If You Were Scammed

Here are some things you can do if you have been scammed:



When working remotely...

  • Use Drexel-provided information technology services.
  • Use Drexel’s VPN when available.
  • Have a dedicated, secure place that is safe from virtual and physical break-ins.
  • Do not have sensitive work conversations near listening smart home devices, e.g., Alexa, Google Home, etc.
  • Avoid using public Wi-Fi, e.g., coffee shops, airports, etc.
  • Do not leave sensitive information exposed physically or online.
  • Lock your device when you are away.
  • Call in person before disclosing sensitive information regarding ordinary purchases (e.g., gift cards), change of information, account numbers, etc.
  • Do not share passwords with others or use the same password for multiple accounts.

To learn more about self-protection from cyber-threats, take the D.U.S.T, Drexel University Security Training.

Planning on traveling internationally? Check out our Technology Guidelines for International Travelers.



Drexel University Password Recommendations

Guidelines for Creating Secure Passwords

Follow Drexel’s password requirements:

  • The password must be between 10 and 32 characters in length.
  • It must contain characters from at least 3 of 4 character sets: lowercase (e.g. a, b, c), uppercase (e.g. A, B, C), numbers (e.g. 1, 2, 3), or symbols (e.g. @, $, !).
  • It should not contain your name or your username.
  • The new password must be different from the old one by at least three characters. That is, you can't change just one or two characters.
  • The new password should be one you have never used before.



You are the first line of defense against account compromise.

  • Log out of public workstations before leaving.
  • Keep your browser up to date.
  • Beware of phishing scams. Drexel will never ask for your password.
  • Change your password immediately and contact if you suspect your account has been compromised.

Do you run a Drexel University Official Social Media Account? Here are some guidelines on how to secure it.



Protect your computer from remote compromise by regularly installing OS patches. 

If you have questions or need help updating your Drexel-provided devices to the latest OS version, contact your IT department or the Drexel IT Help Desk

Microsoft Windows Update

For instructions on how to update, follow the instructions presented within Microsoft's support website: Update Windows - Microsoft Support.

MacOS Update

For instructions on how to update, Follow the instructions presented within Apple’s support website: Update macOS on Mac - Apple Support.



Drexel distributes Microsoft Defender for Endpoint to protect University owned systems. For personal machines, Drexel recommends Windows Defender Antivirus, an anti-virus solution supporting both Windows and macOS.

For more information on endpoint security software, please see



Students, Faculty, and Staff

Drexel users are strongly encouraged to enable their built-in operating system firewall. Firewalls help protect computers by restricting remote access to critical system services.

Windows 10/11

For more information on Windows firewall, follow this link to Windows’ official site: Turn Microsoft Defender Firewall on or off - Microsoft Support.


For more information on macOS’s firewall follow this link to Apple’s official site: Change Firewall settings on Mac - Apple Support.