With students getting hundreds of emails a day for school, it’s hard to sort through all of them to figure out which are real and which are scammers.
According to the National Institute of Standards and Technology, phishing is a way people try to “trick us into opening harmful links or downloading malicious software.”
“These messages are often disguised as a trusted source, such as your bank, credit card company, or even a leader within your own business,” as stated on the NIST website.
“A phishing email is an email that a bad actor sends out, usually a mass email, to try and get somebody to take some action that’s going to benefit them,” said Scott Swarzentruber, the Chief Information and Privacy Officer at WCU.
Phishing happens a lot on campus, with people posing as faculty or staff of WCU and trying to get a student to apply for a job.
One phishing email used the name Irma Miramontes and sent the email to over 170 people on WCU’s campus.
The email posed as a job opportunity on campus, offering almost $500 for 9 hours of work a week.
Even though some of these emails get to students, there are multiple different systems that are used to filter out phishing emails at WCU.
“Microsoft is our email provider, and they have a number of different systems in place that filter out a lot of stuff before it ever gets to the faculty, staff, and students,” Swarzentruber said.
WCU has controls over these filters, but they mainly prohibit these emails after they are sent to people in the WCU system.
“We are also very reactive on emails,” Swarzentruber said. “If somebody reports a phishing email, that triggers a lot of activities going on, then our help desk sees that and says ‘oh yeah, thats a phishing email, let’s go purge it from everybody’s inbox so that nobody falls for it.’”
According to Swarzentruber, phishing emails don’t only disguise themselves as job opportunities either.
“They’ll do things like send an email looking like a staff member offering an internship, or for people to come house sit for a week, or all kinds of stuff that I’ve seen,” Swarzentruber said.
Alexander Hoffman, a graduate student at WCU, has received many different versions of phishing emails and text messages.
“They’re a lot from tolls, debt collectors, and even Spectrum Mobile,” Hoffman said. “They’re pretty obviously scams.”
Michelle Marion, a sophomore student at WCU, gets a lot of scammers who disguise themselves in other ways.
“Spectrum is a very common one, but they are always trying to figure out new ways,” Marion said. “I almost fell for one, and they almost locked me out of my Outlook email and other things.”
Marion was able to get a hold of her accounts and things, but it was still a scary moment, since she almost lost big parts of her schooling.
“I was stressed out of my mind, I couldn’t access any of my student accounts, not Outlook, not MyWCU, not even Canvas,” Marion said. “It was a terrible two hours.”
With all of these scammers trying to take students’ information in multiple different ways, it’s imperative to be able to point these things out.
According to the Federal Trade Commission, there are many tactics to figure out a phishing email. Looking up people and not trusting outside Gmail accounts are easy ways to filter out phishing emails.
“I would look for telltale signs, like if they ask for information you have already given them, or recognizing little hiccups, like if you get an email from Wells Fargo Bank, but you don’t even bank at Wells Fargo,” Swarzentruber said.
