Paige Sandy ended her first semester at Miami University with two phishing scams under her belt. One convinced her to enter two credit cards and two debit cards to receive a lost package. The other offered her $300 a week to do neuropsychology research in a lab at Miami.
Sandy, a biology major and now sophomore, was looking for research opportunities at the time, and, even though she thought it was suspicious, she kept emailing with the supposed Miami professor for an hour before collecting an outside source’s opinion: her parents.
“I was like, ‘Hey, this kind of seems a little bit too good to be true,’” she said.
She said the professor never asked for any credit card information, only her year and major.
The first red flag came when the professor asked her if she could start immediately, even before her information was processed and in the middle of finals week.
“I looked up the email again, and then I looked up the professor's name through the faculty page,” Sandy said. “I went to his Miami email, because this was a copy of his email, but it looked more like a personal email. “I emailed him, and I was like, ‘Hey, just checking to make sure this is you,’ and he emailed back, ‘I'm so sorry, that's not me. That's a scam.’”
Enjoy what you're reading?
Signup for our newsletter
Phishing is a type of online scam that targets consumers by sending them an email that appears to be from a well-known source – an internet service provider, a bank or a mortgage company, according to the Federal Trade Commission. It asks the consumer to provide personal identifying information. A scammer then uses the information to open new accounts or invade the consumer’s existing accounts.
“They want to try to get the unsuspecting person to think there's an emergency that they need to respond to and react to,” said John Virden, Miami’s assistant vice president for security compliance and risk management and the chief information security officer.
He added that, by creating an environment of urgency or fear, scammers work to coerce people into sending money.
Phishing on the rise
Universities are targets of millions of cyberattacks each week, according to Science Direct. Oftentimes, fake internships, jobs or research opportunities are used to draw students in.
One of the most common scams is related to job searching.
“We’re seeing this more now, mostly because the job market is slowing and people are feeling the pressure,” Matt Schemmel, the senior director of trust for Indeed, said in a New York Times article. “Scammers know how to take advantage of that distress.”
Scammers use these same tactics on Miami students.
“They're usually looking for a research partner or job placement services, and they usually range in the salary of about $385 to about $600 and some dollars, or $800 sometimes, and those are always job scams here,” Virden said.
How students can protect themselves from scams
A new platform started last April amid an increase in phishing scams. “The Phish Bowl” works to spread awareness about recent phishing attempts to keep students and faculty safe.
The website lists recent phishing attempts and messages to watch out for, including Google Calendar invites, Microsoft 365 account verification and emails about MUnet ID.
Jake Harrison, a security analyst at Miami, said there was a huge increase in phishing attacks starting last April, which is about when the Phish Bowl was launched.
Though there are specific schemes related to university students, Harrison said everyone is always at risk for phishing, and that different scams come in at different periods of time.
“There really is no predicting the high and low points of the phishing season,” he said.
Harrison said Miami continues to get bombarded with emails and attacks, with upwards of 4,000 attacks a day.
“[With the Phish Bowl], we have reduced the number of successful attacks in the last six months,” Harrison said.
By providing a resource for students to become aware of potential threats, Harrison said he hopes his office sees fewer reports.
Virden’s biggest piece of advice to not get scammed is to “stop, validate and delete.” He said if an email looks like it could be a potential phishing attempt, it is important to avoid clicking any links that could be suspicious. If students are unsure, the suspected email can be sent to infosec@miamioh.edu.
Read More
ASG discusses Rec Center classes, university dining locations at meeting
By Shannon Mahoney | 2 hours agoAssociated Student Government (ASG) discussed the cost of workout classes at the Rec, issues with broken sidewalks and items removed from Miami University dining locations.
University Senate acknowledges higher education concerns with Trump College Compact
By Evelyn Dugan | 3 hours agoOn Monday, Provost Chris Makaroff spoke briefly to the University Senate about The Compact for Academic Excellence in Higher Education. This is a Trump administration proposal to United States universities which would confer preferential access to federal funds in exchange for agreeing to certain demands. The offer was extended to any U.S. higher education institution.
'We smelled blood': Miami football remains undefeated in MAC play after downing Western Michigan
By Kethan Babu and Graham Young | 15 hours agoThe Miami RedHawks football team became the only 4-0 team left in the MAC after defeating Western Michigan at home on Oct. 25. The RedHawks have won their last five games.