Some students on campus look for on-campus jobs all the time, whether it’s for the experience or the money. Some people are trying to take advantage of that with phishing emails.
According to the National Institute of Standards and Technology, phishing is a way people try to “acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a website, in which the perpetrator masquerades as a legitimate business or reputable person.”
“A phishing email is an email that a bad actor sends out, usually a mass email, to try and get somebody to take some action that’s going to benefit them,” said Scott Swarzentruber, the Chief Information and Privacy Officer.
Phishing happens a lot on campus, with people posing as faculty or staff of WCU and trying to get a student to apply to a job.
One phishing email used the name Irma Miramontes and sent the email to over 170 people on WCU’s campus.
The email posed as a job opportunity on campus, offering almost $500 for 9 hours of work a week.
Even though some of these emails get to students, there are multiple different systems that are used to filter out phishing emails at WCU.
“Microsoft is our email provider, and they have a number of different systems in place that filter out a lot of stuff before it ever gets to the faculty, staff, and students,” Swarzentruber said.
WCU has control over these filters, but they mainly prohibit these emails after they are sent to people in the WCU system.
“We are also very reactive on emails,” Swarzentruber said. “If somebody reports a phishing email, that triggers a lot of activities going on, then our help desk sees that and says, ‘oh yeah, thats a phishing email, let’s go purge it from everybody’s inbox so that nobody falls for it.’”
According to Swarzentruber, phishing emails don’t only disguise themselves as job opportunities either.
“They’ll do things like send an email looking like a staff member offering an internship, or for people to come house sit for a week, or all kinds of stuff that I’ve seen,” Swarzentruber said.
According to the Federal Trade Commission, there are many tactics to figure out a phishing email. Looking up people and not trusting outside email accounts are easy ways to filter out phishing emails.
“I would look for telltale signs, like if they ask for information you have already given them, or recognizing little hiccups, like if you get an email from Wells Fargo Bank, but you don’t even bank at Wells Fargo,” Swarzentruber said.
