Phishing crises should not be a significant issue at academic institutions

By Sophie Foster

Opinion Editor

Washington College is no stranger to the dramatics of a phishing scandal.

The latest incident took place at the beginning of the spring semester with a claim that “free downsizing and giveaway items” were available for students and staff. Recipients were urged by the Office of Information Technology to delete the email and not reply. This came after several members of the campus community responded to the email — some with jokes, others with sincere requests for items in the fake giveaway.

This is not the first time the College was met with an issue of this variety, and it almost certainly will not be the last. In 2023, students, faculty, and staff were required to take an online training to better prepare themselves for pinpointing emails and communications that are likely to be scams. This training, it seems, was not universally successful.

According to the University of Michigan, colleges, universities, and other educational institutions are often prey for these scammers for a variety of reasons, including access to library services, personal account information, networks, and online storage. These also tend to be more successful endeavors because of peoples’ increased willingness to trust emails coming from an “.edu” address. This makes the process of obtaining money from involved parties much easier.

Recipients of these emails should be aware of several aspects of scam practices, according to the University of Michigan. For one, most institutions feature information about faculty and some students online. Scammers find names, contact information like email addresses, and social media presences through this practice. Then, they may attempt to create or otherwise gain access to an email address affiliated with those individuals to send messages to others found online or in the school’s database, leading to tactfully requesting payment or further information without revealing true intent.

Some of these cases are more severe than others. There is, for example, an immense difference between an individual’s loss of $100 via fraudulent Venmo transaction and a massive leak of sensitive information like student social security numbers. It is often very difficult to tell which direction a scam might go in until after-the-fact, though, let alone ascertain that an email is a scam to begin with.

“Some advice we generally provide is to trust your instincts. If an email seems suspicious, be wary and slow down. Read the message carefully to determine if it seems like something you would get from the sender and if it sounds authentic,” Chief Information Security Officer of Pennsylvania State University Kyle Crain said for Inside Higher Ed. “If you click on a phishing email ‘just to check’ if it’s really from the person or organization it says, it may already be too late, as simply clicking on a link can infect your system with malicious code. Also, some signs of a phishing attempt include mismatched email domains, bad grammar and spelling, and an urgent call to action.”

  There has been an uptick in the trend of phishing in recent years as scammers discover workarounds to institutional safeguards. Emails get hacked, diction in messages improves, and content becomes more subtle.

According to Inside Higher Ed, while “such scams are on the rise,” the implementation of two-factor authentication decreases their likelihood. This is why logging in to a WC Outlook account now requires not only a password, but a code sent to the Microsoft Authenticator app.

Students, faculty, and staff need to be more vigilant when faced with suspicious communications. The reality is that, in some ways, that vigilance is a demonstration of community care, especially when it comes to those with positions of administrative power at the College with access to sensitive data and information regarding other people beyond themselves. Some data leaks are potentially catastrophic.

There are a handful of basic ways in which individuals can pay careful attention to phishing moving forward to be protective of themselves and their community. According to Merrimack College, the first questions you should ask upon receiving a questionable email are if said email is unsolicited or too good to be true. Did you contact this account for any reason previously? Is it offering a good or service unlikely to be sincerely offered, such as a celebrity’s former possession or expensive technology for free?

It is also important to consider the email address itself. Is it close to an institutional address with a few letters or numbers subtly off?

Finally, as a clear baseline, everyone should be wary of requests for personal information, emails containing unfamiliar website links, or messages with a seemingly misplaced or alarming sense of urgency tied to their requests.

Internet literacy is crucial, and each member of the WC community needs to improve theirs to protect both themselves and the rest of us.

Elm Archive Photo

Photo Caption: Most phishing scams can be found in individuals’ Outlook inboxes and other emails.

Leave a Reply

Your email address will not be published. Required fields are marked *