security

Students receive scam emails promoting remote jobs – Ithaca College The Ithacan


Sophomore Sena Namkung said she was excited after receiving an email in October 2022 from Ithaca College’s Department of Biology offering her a high-paying job. She later discovered the offer was a phishing attempt, but not before falling prey to the scam.

“I got really excited because it’s like a lot of money for the work, and my friends were like, ‘I hate to tell you this, but I think this is a scam,’” Namkung said. “I already was asked to and wrote a whole full-length page paper for [the scammers].”

Namkung’s experience is not unique — students’ inboxes are often the target of email scams promising high-paying jobs, which recently have impersonated the college’s employees. In Namkung’s case, she said the email she received was from someone claiming to be a recruiter for a remote administrative assistant job in the college’s Department of Biological Sciences. The Department of Biological Sciences does not exist at the college but the Department of Biology does. The scammer claimed the job paid $350 a week and the email was signed by Williams Wenmouth, claiming to be a professor and director in the department. Wenmouth Williams is a real professor emeritus in the Department of Media Arts, Sciences and Studies. The scammer switched the first and last name of Williams to sign the email.

According to CNBC, a study by information security provider SlashNext said that in 2022 there was a 61% increase since 2021 in phishing attacks — where people online send a realistically misleading email to obtain private information, like financial details, from individuals to gain entry into their computer and information systems. In July 2022, the Better Business Bureau (BBB) released an article warning students of the danger. The article highlighted the increased risk college students have to these attacks because of their busy schedules and high expenses making them an easier target, as compared to the general public. 

Readers Also Like:  Microsoft faces backlash over irresponsible security practices - Business Insider India

According to the BBB, impersonating the identity of an email is called spoofing; which is when scammers forge someone’s email address to send out messages. Namkung said the emails sent to her had a contact card claiming to be “Ithaca Remote Employment,” but upon closer inspection, the emails were sent from a non-specific Gmail account. According to the screenshot of the fraudulent email provided to The Ithacan by Namkung, the email was sent from mmarinegandbase7@gmail.com 

“People are impersonating [college] faculty,” Namkung said. “That could be extremely consequential and dangerous for the administration. … Why [is the college not] taking the measures to [protect faculty]?”

Namkung said she learned that she may be getting scammed through her friends. Ultimately, she did and lost about $30 in supplies for the remote job she was promised.

“I have a box of $30 worth of check paper sitting in my room,” Namkung said. “I don’t know what to do about it. That’s what they do: they’ll say they’ll reimburse you for the supplies.” 

According to the BBB, the promise of reimbursement for supplies is a common theme among employment scams, and sometimes scammers send fake checks that take weeks to detect, often when it is too late.

Mike Hanson, information security engineer in the Office of Information Security and Access Management, said via email that scammers may attempt to direct targets outside of the college’s email system by asking for personal phone numbers to avoid being tracked.

“We believe the attackers want to move the conversation out of the IC email system to communication channels where IT is unable to detect or block future scams,” Hanson said via email. 

Readers Also Like:  Invitae's Common Hereditary Cancers Panel Receives FDA Market ... - PR Newswire

Toward the end of Fall 2022, the Office of Information Technology (IT) sent out an email and Intercom announcement to students, warning them of the employment scams. 

Jason Youngers, information security officer in the Office of Information Security and Access Management, said via email that IT regularly sends alerts to the campus community about phishing attempts through Intercom and email. 

“We try to send security awareness messages to students, faculty and staff regularly enough to be helpful but not so often they become noise,” Youngers said via email. 

To combat the issue, some colleges, like The University of South Carolina, have begun adding spoofing and phishing protection to their email systems. Youngers said Ithaca College is equipped with the latest Microsoft security technology, like the A5 security suite, but would not confirm whether or not it matches that of the University of South Carolina. 

Hanson advised students to be cautious of emails requesting an urgent response or asking for personal information. 

Sophomore Lily Milkis received an email from someone claiming to be President La Jerne Cornish. In the email, the scammer asked for Milkis’ personal cell phone number and stated, “I need to get an important job done as soon as possible.” Milkis said she moved the email to her spam folder.

While Milkis did not end up being scammed by the phishing attempt, she said she owes that to her parents.

“My dad works in the tech industry, so I know what to look out for in emails,” Milkis said. “The email was so poorly constructed that it was very apparent it was a scam.”

Readers Also Like:  Preventative medicine for securing IoT tech in healthcare organizations - BleepingComputer

Financial institutions, like Chase Bank, frequently warn their customers of the risks of spoofing, with many banks posting advisories at the end of communications and on their websites. With the rise in employment scams targeting students, some colleges, like the State University of New York at Buffalo, recently posted news bulletins warning students. Ithaca College’s IT Office lists similar information on its IT service portal, but its post was last updated nearly three years ago and several images on the page do not load.

Emails falsely advertising employment opportunities are not the only risk students face, with some scammers attempting to steal personal information by impersonating government agencies. According to Federal Student Aid, some of the latest email scams often relate to the Biden Administration’s student loan relief plan.

Despite emails from IT alerting the campus community to scams, students, including Namkung, feel the college should do more. Namkung said she was grateful her experience was not worse, but she wishes she had known more about the risk.

“I really do wish I was more aware of this,” Namkung said. “The college definitely isn’t talking about it enough.”





READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.