Phishing scam spams campus student and faculty emails

Category:  News
Wednesday, March 8th, 2017 at 6:55 PM

It’s a warning we’ve all heard growing up from parents or teachers, one that’s arguably just as pertinent as, “Don’t open the door for strangers.”

It’s that saying: “Don’t open any suspicious email.”

In our technologically advanced world, many of us have grown up alongside the internet and computers. We know full well at this point not to open up mail that seems off in any way, shape or form. We know to not click on links from mysterious sources, or to give people our usernames and passwords to websites or social media accounts.

With all this information, one would assume that phishing, a process where someone attempts to steal information by posing as members or representatives of otherwise completely credible sources, would be a thing of the past. Unfortunately, it’s been taking campuses by storm in the past few weeks.

“Phishing campaigns are often built around major events. For instance, at this time of year when we are in tax filing season, they often gear up their correspondence with the intent to secure information to help them file fraudulent tax returns,” said Karen Murdzak, acting chief information technology officer at Edinboro University. “Cybercriminals are becoming more sophisticated and clever with their messages and they often look legitimate.”

She continued: “Criminals have had high success rates with phishing attempts and that success leads to even more attempts.”

With offers for help with taxes, or even offers for free gift cards or enticing amounts of money, students can easily be misled to click on something they shouldn’t — retroactively opening up their entire world of information to cybercriminals.

Just this semester students were bombarded with emails asking to confirm information for PASSHE accounts from illegitimate sources, while cybercriminals disguised themselves as Microsoft-sponsored “Outlook Web Access,” a service granted to all students during their time at Edinboro.

With students that have email forwarded to other accounts, much of this spam isn’t seen. Others aren’t so lucky.

Following a string of compromised identities on and off campus over break, many students are becoming increasingly more aware of their cybersecurity, especially regarding a recent attempt by a new app, “Friendsy” to get information in unusual ways.

With “Friendsy,” students were told either via text message or email, “Someone from Edinboro University wants you on Friendsy! The new app exclusively for EU students, brought here from Penn State by popular demand. Whether you’re looking for someone to tailgate with before a football game, a partner to dance the night away in a frat basement, or a date to enjoy the scenic view from Mount Pleasant, Friendsy puts the college scene in the palm of your hands. Join the 100,000+ students already on Friendsy, and sign up to find out who invited you.”

While the app is legitimate, the ways it went viral on campus made students particularly wary.

When asked generally about applications, Murzdak said, “Many apps capture personal information from your phone, particularly by accessing your address book, thereby putting consumers at higher risk for privacy violation than they realize.”

“Resist oversharing of information,” she continued. “One reason phishing persists is because people reveal personal information on the internet. Attackers can use this information to profile potential victims and create email and social media messages that appear to come from a trusted source.”

Despite the somewhat lighthearted purpose of apps like “Friendsy,” Murzdak wants students to keep in mind that information can always be put at risk with the click of the wrong button.

“Avoid clicking on links. Be aware that ‘spoofers’ can send emails from what look like legitimate email addresses. When in doubt, contact the sender,” Murzdak said.

“Be suspicious of email or communications that ask you to confirm or provide personal information such as credit card, bank account, social security numbers, passwords, etc.,” she said. “Legitimate companies don’t ask for this information via email or text.”

While the university does employ the industry standard in protection for students, there are some situations in which information can be stolen if a student provides the wrong person with the right information.

If you’re a student who believes that you’ve already fallen victim to one of these scams, all is not lost. Murzdak advises students who may have had their accounts compromised to follow the steps outlined by the FTC, especially if credit card or bank account information was lost. That list can be found here.

Britton Rozzelle is the executive editor for The Spectator. He can be reached at

Tags: phishing, news

View Our YouTube Channel
Edinboro TV
Find Us on Instagram