[media-credit name=”Photo Illustration by Janna Marnell” align=”alignright” width=”300″][/media-credit]An email scam spread throughout campus on March 27 after the login information of a former employee was obtained using an outside email.
Former Senior Vice President for Administration Richard Ferguson’s email was compromised and used to send various emails to over 4,000 Quinnipiac email accounts, according to Chief Information Security Officer Brian Kelly.
The email stated that students’ emails had been accessed from a different country’s IP address, the string of numbers that identifies each computer.
Students were prompted to click a link to validate their personal details. The eight accounts that clicked on the link were sent to a Google Form where they were asked to enter account details. These details can be used by hackers to access various accounts with the same username and password associated with it.
These accounts can include students’ Netflix, iTunes and even personal bank accounts, according to Kelly. The affected student and faculty accounts were blocked and remediated by the Quinnipiac Information Services department.
Quinnipiac University is not the only place of higher education that has been affected by email scams. Ten Boston University (BU) employees fell victim to internet scammers seeking personal information, according to an article by Rich Barlow of BU Today, in 2014. In this attack, their paychecks were rerouted because of the scam.
Institutions of higher education are targeted in emailing scams because of the valuable resources universities have. Quinnipiac University has various research databases and programs that the university pays for. Students and faculty have free access to these databases. Scammers look to sell stolen databases and software on the dark web.
The Quinnipiac Information Services department constantly monitors and regulates scams like these. Kelly urges students to “stop, think and click” when using the internet on campus and in everyday life.
“Be super skeptical,” Kelly said.
He urged students to investigate the wording, misspellings, bad grammar and the various links throughout the email. Official Quinnipiac emails will always include the signature of the department and will usually include a logo.
The Information Services department will never ask for passwords and recommends students and faculty to change account passwords every year as well as use different passwords for various accounts.
There have been many reports of various scams on campus, according to Kelly. Chris Iverson, a Computer Information Systems major reported this scam to information security along with other students.
“I immediately forwarded to [Kelly],” Iverson said. “Brian Kelly (and the Information Services) does a great job, whenever I get a fake email. I forward it to him and they respond that they are working on it.”
To report suspicious emails, call or visit the help desks located on campus or contact [email protected].
“If in doubt, call and check it out,” Kelly said.
Emails are like leftover food in the refrigerator, be skeptical about what they are opening, according to Kelly.