New phishing scams are targeting colleges and students nationwide. Reports from Amherst College, Louisiana State University, Dartmouth, and more say students have reported multiple types of online phishing schemes in recent weeks.
Phishing scams are usually performed online, through email. One scam features emails that contain fake job opportunities and request student’s personal information. The Department of Homeland Security reports that scammers use email pretending to be interested in hiring a person. The email then asks for critical information, such as one’s address or social security number. Once the information is obtained, scammers are able to access bank accounts and personal information.
Several thousand students at Dartmouth received emails that appeared to come from President Phil Hanlon. In reality, the messages were linked to malware designed to steal information. At LSU, IT Services Communications Officer Sheri Thompson said spam bots were impersonating the university’s help desk. She said, “Be skeptical, be skeptical about any links that you get, any request for information that you get. Even if it says it’s coming from an LSU person, be skeptical.” Wellesley college recently alerted students of fake versions of its student login page. The school’s IT department said, “This scam copied our login page, even using our Wellesley College Images! What set the scam website apart was that it was not located at Wellesley.edu and wasn’t a secure website.”
University Employees have also been targeted through scams. Institutions across the country are experiencing a phishing fraud with an email that indicates a change in their employee’s human resource status. The email then directs the employee to a fake login page. If employees provide login information, their login can be stolen and paychecks can be rerouted to the scammers.
As attackers continue to impersonate emails and web portals, it is important that faculty and students take extra precautions to protect themselves. The Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) warns that these attacks are particularly prevalent during both calendar and fiscal end of year financial wrap ups. Users should be cautious when accessing email and never send account information to others. In addition, students receiving unsolicited emails should remain skeptical, and be alert to poor spelling and demands for a rapid response. To report phishing emails, forward them to firstname.lastname@example.org – and to the organization, company, or college impersonated in the email.