According to a 2018 online survey by The Harris Poll, nearly 60 million Americans had their personal information accessed. Some Binghamton University students may be among them after two recent phishing scams circulated around campus through student email accounts.
B-Line announcements in February and April have warned students of online phishing scams, or emails that contain job offers that provide links or ask for personal information.
The emails typically appear to come from a legitimate source, such as a company, bank, university or police company, according to the BU Information Technology Services (ITS) website. Scam emails frequently request personal information such as a credit card number, social security number, ATM PIN number or password to other accounts.
In May 2014, BU students, faculty and staff received emails from accounts claiming to be University email addresses, which requested their usernames, passwords and birthdates, according to the University ITS website. Additionally, the email said those who didn’t reply would no longer be able to send and receive emails through the University server. The ITS found that over 100 students, faculty and staff replied to one of the scam emails, unintentionally jeopardizing their personal information and exposing themselves to identity theft.
Many BU email addresses received messages with fake job offers in February. Most recently, students, faculty and staff received spam messages regarding Services for Students with Disabilities, according to a B-Line announcement.
According to Logan Robinson, communications manager for ITS, the latest scam was advertising a job listing for a “territorial manager.” The email provided a link for users to respond with more detail, which caused user accounts to become compromised.
Robinson said the best thing students, faculty and staff can do if they receive a suspicious email is report it to the University Security Team or the ITS Help Desk.
“If a phishing scam is reported and identified on campus, our email administrators can put security measures in place to prevent the message from spreading further,” Robinson wrote in an email. “The key is to, [one], not engage with the email, and [two], report it so that the situation can be regulated.”
According to the University ITS website, BU will never ask its students, faculty and staff for personal or password information via email, and therefore, those with University email addresses should ignore the messages and report them.
Additionally, the ITS website says students, faculty and staff who receive unsolicited messages can use their cursor to hover over the link to see its true URL. Often, the URL will be different from what is visible in the email. The website also advises that if any part of the message is written in broken English or has grammatical errors, it’s likely a scam.
Andrew Weisskopf, BU’s director of security operations and chief information security officer, wrote in an email that scammers usually want to spread viruses, access University resources or steal money.
“Generally those looking to compromise your account want one of two things: your account to use to phish others, or to access a University resource such as library journals or they want to convince you to provide money in some way,” Weisskopf wrote. “The most common scams being reported this semester are job offer scams.”
Bradley Matican, a junior quadruple-majoring in business administration, Spanish, comparative literature and Latin American and Caribbean area studies, said the University has done a good job of informing students of phishing scams and explaining how to identify unsolicited messages.
“I do think that [BU] does a pretty good job with the phishing scams, but sometimes they just can’t catch them,” Matican said. “Recently, I found one that was appealing to me, but instead of replying, I sent it to the ITS Help Desk to help resolve the issue.”