n a recent Binghamton University Dateline announcement, BU officials and Binghamton’s New York State University Police Department (UPD) addressed the reappearance of phishing scams in faculty and administrator emails, warning University employees to avoid falling into the trap.
The messages, under email addresses such as firstname.lastname@example.org, impersonate managers and deans who ask a colleague to purchase a gift card with the promise of reimbursement. However, after the individuals send pictures of the purchased gift card to stores such as iTunes, Amazon and Google Play, they are not compensated, according to the Dateline announcement.
According to Andrew Weisskopf, director of security operations and chief information security officer at BU, faculty members should take care with messages they are unsure of and forward them to email@example.com to assess the validity of the email. They can also reach out to the person who the email is impersonating and verify the content with them.
“Faculty and administrators need to pay careful attention and examine the entirety of the email address before replying,” Weisskopf wrote in an email. “They can also benefit by taking the conversation outside of email if they have any concerns about impersonation.”
Nearly identical fraudulent messages have also hit other universities across the country, including the University at Albany, Harvard University, Appalachian State University, University of Houston and University of Iowa, according to The Chronicle of Higher Education. In previous years, the University has seen several surges of phishing scams. In May 2014, accounts claiming to be BU email addresses asked students and faculty for their usernames, passwords and birthdates, according to the University Information Technology Services (ITS) website. Additionally, students have historically received messages of fake job offers.
However, the BU ITS website says that scam emails often have misspellings and grammatical errors, an indicator to students that the message is fraudulent. Terrence Deak, a professor of psychology at BU, wrote in an email that, though fraudulent messages pose security threats, they are typically easy to spot.
“From my perspective, I get hundreds of phishing scams by email every week and they are a nuisance, but generally easy to avoid,” Deak wrote. “Nevertheless, I do regard these as a serious threat to privacy and security, particularly as my own kids age into more advanced computing.”
Nevertheless, several faculty members have been tricked into purchasing the gift cards and sending photos of them to scammers. UPD has received several reports of fraud. According to the Dateline statement, the scam has been successful largely because of the similarities in email addresses between real administrators and scammers.
“For any communication requesting personal information or financial transactions, verify the legitimacy of the sender in as many ways possible,” the statement read. “At first glance this can look like a real BMail address, but it’s actually a standard generic GMail address.”
Aaron Mok contributed reporting to this article.