Department warns students of scam emails
February 6, 2020
Everyone with an email account is susceptible to phishing or scam emails. University students and faculty are prime targets for potential attackers posing as fellow staff, faculty or even businesses looking for interns. While some are easy to spot and avoid, others can be quite difficult upon first glance.
James Planey, doctoral candidate in Education, recently received a scam email and posted a warning based on his experience to Reddit for other students.
“It was from a completely different department, so I figured if I got it, then other people were probably getting it,” Planey said. “Since it was early enough, I figured if I gave people a head’s up, then hopefully they wouldn’t click it.”
The email Planey received appeared to be from a faculty address and had the University logo attached. The scammer also included a fake Technology Services email, asking Planey to upgrade his email account. Upon further inspection, he realized there was a typo in the email address for Tech Support, and the links included didn’t actually redirect anywhere.
“First thing I did was call the tech support help desk,” Planey said. “They said they knew about it and were taking care of it.”
Technology Services is responsible for taking care of issues regarding University emails and accounts, dealing with scam emails on a regular basis. Just between August and October of last semester, the University saw over one billion emails enter its servers.
Jason Choi, chief communications officer of the Communications and Marketing Team at Technology Services, said for every one scam email a student sees, about nine are filtered out by the department.
“We’re always on the lookout for the next threat or potential threat to make sure we have processes in place to limit that impact,” Choi said. “Every time something new comes up, we take that as an opportunity to learn.”
Technology Services uses each new scam email that comes in to update their filters or add the email addresses to block lists.
There are two main ways these scams are sent. They are either from a staff or faculty member who’s email has been compromised or spoofed or from scammers posing as businesses or organizations that frequently interact with the University.
“Those are the ones that take a little bit more effort to maybe put in a logo or make it look more official,” Choi said. “They almost get the right contact information, but something still feels a little bit off.”
Choi said attackers tend to get a feel for the flow of University schedules, leading to more scam emails in inboxes with more regularly received emails. These are usually seen at the beginning of semesters and early in the morning at the beginning of normal business hours.
If you think your email may have been compromised, Technology Services advises your first steps to be immediately changing your University email password, as well as any other service you might use the same password for.
Another way to stay on the lookout for different types of email scams on campus is to check Phishing Alerts, a blog page run by Technology Services which posts confirmed phishing attempts from University email accounts.
“Often (phishing emails) will have this urgency and scary type messages that can make people a little more susceptible to them,” Choi said. “That’s why it’s important to take that extra time to double-check what and who is sending this email.”