Over the past two weeks, students and faculty have faced concerns about phishing scams circulating via email across the Saint Mary’s College campus. Although few have been affected, the threat was significant enough to raise awareness from ResNet IT Security, the student IT services department. Students were put on high alert starting Jan. 26 via an email from ResNet.
“Over the last week, Saint Mary’s accounts have received numerous phishing scams with subject lines such as: ‘Reminder: Complete with DocuSign: Saint Mary's College Proposal e-Signature Required and Unread Vehicle Document Available,’” the email wrote. “The messages are not coming from legitimate docusign.com addresses, and often the scammers are using legitimate Saint Mary’s email accounts.”
Due to the subtle nature of the scam emails, some recipients paid no mind to the seemingly normal day-to-day messages. One account affected was that of professor Andrew Pierce, whose account was compromised while working with students in class.
“I received a message from a student that I work closely with, referencing a ‘proposal.’ It seemed not unexpected that I would receive a proposal from her, given our work together, and so I opened it,“ Pierce stated. “The rest, as they say, is history. Luckily, our help desk noticed the abnormal behavior from my account and shut it down pretty quickly.”
He continued: “I reached out to our IT help desk, and they were able to get me logged back in and get the account back under my control. That process was pretty straightforward and efficient for me.”
For hacked accounts, any email addresses that they had had contact with at any time were then forwarded the messages that the IT department later warned against. This resulted in dozens of emails and URLs being sent out from compromised accounts. Freshman Lauren Matthews experienced this firsthand, receiving an email from a professor with a message asking to participate in a survey.
“I wanted to be supportive, so I’m going to do the survey. I go on there, I try to verify my email, and it doesn’t go through. So I was like, hold on, let me do it again, just to make sure it wasn’t something on my end. I did it again, got a message and it said I was hacked ... But then a couple of days went by, so I think I’m all good ... Now I’m a little more cautious on the things that I open up.”
As they work to combat the scam, ResNet chief information officer Katie Rose provided a statement to The Observer via email, describing phishing as one of the most common security risks for colleges and universities.
“Our Saint Mary’s IT team frequently adjusts the email security settings to prevent phishing attempts from making it to our community while also ensuring that legitimate email messages get delivered,” she said. “The scammers evolve their tactics continually to try to make it past those protections. With the latest phishing attempts, we have been updating our settings multiple times a day. The best steps you can take to protect your account are to remain suspicious of links and requests that you weren't expecting — even if the sender appears to be someone you know. Whenever you aren’t sure, contact the sender through another known reliable channel before ever clicking a link.”
