BY SENIOR REPORTER
AND , SENIOR REPORTER
Approximately two weeks ago, a university (its name is confidential) reported a new type of scam referred to as “spear phishing” that targets members and advisors of the university’s student organizations. The scammers posed as club officers, asking other officers for money and information over email.
Spear phishing scams select a specific target because of an affiliation with an organization, such as a university. A standard phishing event is random and not based on identity but, in this case, scammers are looking for those who have a university email address.
Cybercrime is a relatively new kind of threat but its effects have already been significant, particularly on college campuses. Because online scams are constantly evolving and becoming more personalized, it can be difficult to stop them before they happen.
“We don’t know what new wrinkle the spammers will come up with,” said Richard Gordon, manager of the UD IT communication group.
Because of this, IT groups are advocating for public awareness of potential scamming and hacking.
“This is a medium-term con, where the president of the organization’s email was forged, so at first the treasurer thought he was writing to the president, but that isn’t what it was,” Gordon said.
Fortunately, advisors from the unnamed university who reported the attempted scam to UD were able to stop it before any money was lost. They felt it was important for other universities to be informed of the threat and spread awareness of the issue.
Some scams have been successful in attacking Delaware students, however.
After President Trump’s first travel ban was announced, international students were targeted with scams asking for money and threatened with deportation if they did not comply. One student was defrauded, but the university sent out warnings to the Office for International Students and Scholars and Gordon stated the situation is now under control.
“This is something unusual,” Gordon said. “This is a scam that had not been seen at other universities before. It shows how these scammers are always looking for ways to try and hit students.”
In collaboration with UD IT, Alex Keen, assistant director of Registered Student Organizations (RSOs) in the university’s Student Involvement Office, sent out an email to RSO executives as a warning about potential variations on the current phishing scam, which is especially relevant during spring fundraising season. He warned students and advisors to look out for suspicious requests for wire transfers, gift cards or other forms of “fraudulent requests.”
He stated via email that those who may be impacted by the scam should “use their common sense and always check with us when receiving suspect e-mails.”
“RSOs should never provide any account information without checking with Student Involvement first,” he said.
Gordon and UD IT want students to be aware that there are ways to be proactive against online threats.
“[We are] teaching people what to look for and how to use technical tools to protect themselves,” he said.
One way students can decrease their risk of being scammed is to sign up for Two-Factor Authentication (2FA). By requiring a second form of identification, the tool decreases hackers ability to access accounts.
“If the account information is stolen, then someone can get into your account,” Gordon said. “But, if you have Two-Factor Authentication on, then they can’t because you need not just a password but also the extra security code that is generated one time. [It is] an extra security piece.”
Gordon specified that in the case of a potential scam or suspicious email, students and advisors should let university personnel know.
Even though this particular scam has not occurred at the university, Gordon stressed the importance of being vigilant about online security.
“I think that student life has pretty good controls, [so] I don’t think that particular scam could’ve happened here but everyone should be forewarned,” he said.
“Students will often say ‘I don’t have anything, I don’t care if anybody steals my account,’ but just even having an account on our networks is valuable to a hacker, especially if it has access to what an RSO has access to.”