Quinnipiac University’s Information Security Department has increased vigilance against phishing scam emails over the recent months.
“Phishing” refers to an attempt to steal sensitive information, typically in the form of usernames, passwords, credit card numbers, bank account information or any other important data to utilize or sell the stolen information, according to Cloudflare, a cybersecurity website.
In a Feb. 12 email to The Chronicle, Thomas Spencer, a university information security officer, wrote that IT’s goal is to heighten the community’s awareness of scams and deceitful emails.
“The more informed you are the better you can protect yourself and the wider Quinnipiac community,” Spencer wrote.
Robert Jasek, chief information security officer, has sent seven emails warning students about phishing scams since Aug. 28. For perspective, he sent five emails over the course of the entire 2022-2023 academic year.
Spencer added that no single event prompted the decision to send out warning emails, but rather just the increased need for awareness.
Phishing statistics suggest that nearly 1.2% of all emails sent are malicious, which translates to 3.4 billion phishing emails daily, according to Astra Security, a cybersecurity software designed to help businesses protect and recover hacked websites. Phishing scams account for nearly 22% of all data breaches, which made it the most prevalent cybercrime listed in the FBI’s 2021 internet crime report.
“Most of the spam and phishing emails sent to Quinnipiac email addresses actually never make it to the recipient,” Spencer wrote. “Around 80,000 spam, phishing, or other malicious emails are blocked every day.”
Additionally, in a Jan. 4 email, Jasek announced the Cybersecurity Awareness Plan for 2024, which was designed to “keep our community informed, safe, and engaged in today’s digital world.”
The plan consists of email phishing and awareness simulation and training, a phishing campaign with in-person training presentations, community outreach and engagement and a new Information Security website: infosec.quinnipiac.edu.
“If anyone from Quinnipiac falls victim to a phishing or scam email, the best thing they can do is reach out to the Information Security office,” Spencer wrote. “We can secure the account and remediate any adverse actions that might have taken place.”
If someone does fall victim to a phishing scheme, the first thing should be to change any compromised passwords and disconnect the device from the network, per the Federal Trade Commission website. If the scam involves any credit card numbers, the faster one calls their bank to cancel or freeze them, the better.
Alerting others about the scams will also serve in increasing alertness against these emails, as it is never just one person that is targeted.
“We typically encounter several types of scam email, each with its own tactics,” Spencer wrote. “Some aim to harvest personal information by directly asking questions such as, ‘Do you have a cell phone number I can call?’ Others lure recipients into clicking on malicious links.”
A particularly prevalent scam, Spencer said, involves an offer for a “free piano” — or another large, moderately valuable item.
“The scammers promise to deliver the item at no cost, except for a shipping fee that seems small in comparison to the item’s value — usually between $200 and $500,” Spencer wrote. “Once the payment is made, the scam concludes, as the promised item never actually existed.”
Jasek sent such an email on Oct. 9, where he broke down a scam email that promised a free piano if they just replied from their private email address.
Jasek used this example email to identify seven different “red flags” one should be on the lookout for when receiving a suspicious email.
These “red flags” include: a mismatched email address and name; a yellow banner marking emails sent from an external address; general addressing to students and faculty rather than a direct name; too-good-to-be-true deals; private email addresses; vague details; and incorrect grammar or phrasing.
“If the message is claiming to be someone from Quinnipiac and you see this banner, it’s a strong indicator that you should scrutinize the email’s authenticity,” Spencer wrote.
Spencer also included that one should always be skeptical of unsolicited messages or offers and should not click any link, open any attachments or scan any QR codes from unknown or suspicious emails.
In 2022, Connecticut ranked 22nd among the states in the Forbes Advisor Internet Crimes Report. With a score of 55.12 out of 100, this means 4.08 out of every 100,000 residents were victims to phishing scams. The report also states that Connecticut residents who fell for phishing scams lost more than $26,000 altogether.
According to Spencer, no specific groups of people are targeted more than others.
“To a scammer, anyone is fair game,” Spencer wrote.
And yet on Jan. 23, Jasek sent out another example email — this one specifically targeted at Chinese students — to warn against impersonators from the Chinese embassy or police force.
International students studying in the U.S. are no strangers to various scams and phishing attempts. This demographic is particularly vulnerable against scammers impersonating government agency personnel that threaten their immigration status, according to Homeland Security.