Loyola students are targets of phishing attacks appearing “too good to be true.”
Mass Email Scams Sent to Loyola Faculty and Students
Some Loyola students and faculty have reported receiving a variety of emails promising questionably high paying jobs or asking people to click a link and give up their usernames and passwords.
Some of the phishing emails sent out are trying to trick people to address urgent problems. While some students are aware of the tricks used by phishers, Loyola urges students to be cautious.
Information Technology (IT) Services sent an email to warn students of the possible scams, most recently on Oct. 20.
“Students began receiving two phishing emails disguised as a means to make easy money with the intent of stealing personal information including name, address, cell phone number and passwords,” according to ITs website.
According to IT Service’s website, phishing is tricking the email receiver into giving up very sensitive information sometimes containing a link.
Last year, Loyola students were also being targeted in similar phishing scams, The Phoenix reported.
“Email scams offering nonexistent job offerings and saying your account has been compromised are in the inboxes of Loyola students and faculty,” IT Services’s website said. “These emails appear to be from Loyola email accounts, adding to their credibility and believability.”
Alex Kniss, a computer science major, said he isn’t worried about the phishing emails he receives.
“I feel like I know better and can tell when an email is fake,” Kniss said. “I’m a little worried for some other people, especially since they’re coming from official Loyola emails.”
James Pardonek, the associate director and chief information security officer for Loyola, wrote in an email to The Phoenix that “several hundred emails have been reported to the IT Service Desk.”
Sophomore Annol Patel said she is not worried about the phishing scams.
“If I’m unsure, I just won’t click on the link for anything,” Patel said. “It’s better to not click on it than to risk them getting your information.”
IT Services wrote on their blog they work with their mascot, Phinn, in the Phinn Video Series to educate Loyola staff and students on cyber safety and raise awareness.
Students are urged to check the validity of the email if it contains a sense of urgency or an unusually large amount of money is offered, according to Pardonek.
Pardonek said if the email has a link, Loyola will try to block the link if it’s opened on campus. If the link can’t be blocked, Loyola will contact the provider and submit a takedown request.
Sophomore secondary education major Angelina Caruso believes teens are more prepared and used to phishing scams.
“I feel like in our age group there’s been so much cyber security education,” Caruso said. “If you don’t engage with it, there isn’t too much that can happen. It sounded fake. The money is always too good to be true.”
The hackers use the victim’s username and password in hopes that the victim will not pay attention to push notifications from their authenticator app and press “accept.” This is called multi-factor authentication fatigue, according to Pardonek.
Students are able to report incidents related to cyber attacks online, according to IT Services.
October is National Cyber Security Awareness Month, according to the Cybersecurity and Infrastructure Security Agency. The IT department had weekly themes, including “If You Connect It, Protect It and Fishing and Phishing” from Week 1, to raise awareness in protecting students online.
Loyola Information Security has a blog with updates on the latest reported phishing scams which reported “The University Information Security Office has identified a recent substantial increase in phishing attempts for students.”
“Don’t click on links in emails unless you know they are legitimate,” Pardonek said. “Never give your information on a website, especially personal information like usernames, passwords, banking info, etc.”
IT Services said having a strong password is a student’s first line of defense in protecting their accounts and offers parameters of making strong passwords on their website.