It’s never the right time to lose money to a phishing scam– but especially not during the holiday season.
Email phishing is defined by Oxford Languages as, “the fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.”
Rowan students and employees have seen these fraudulent messages in their inboxes, which usually claim to be from a person of power within the university. These emails take on the form of job offer scams, personal account scams, disinformation scams, and gift card scams.
Assistant Director of Communications for Information Resources and Technology at Rowan, Erin O’Neill, explained these four types of common scams students and staff may see in their emails.
Job offer scams will typically guarantee good pay for a short time of work, and will tell the person on the receiving end to deposit a check into their bank account, to then withdraw the funds in order to buy gift cards or wire money to other accounts.
Personal account scams will state that a person’s email or payroll information has been changed or jeopardized in some way, encouraging them to click on a link that will take them to an external website. The website will take their username and password, and then steal their information.
“When in doubt, always check with the company or person sending the email before taking action,” O’Neill said.
Disinformation scams include false information about current events to urge people to donate money or submit their personal information.
“If an attachment you open asks you to [enable content] when you open it or make some other security downgrade, don’t do it – it’s a trick,” O’Neill said.
Gift card scams are usually sent from someone posing to be in a leadership position, asking the recipient to purchase a gift card for them in the promise that they will be reimbursed later.
Rowan students and staff have seen these types of emails specifically focused on scholarships, grants, and student loans.
Kira Aguilar, an employee of the Financial Aid department at Rowan, gave insight into the situation.
“There are agencies that offer to help people pay back loans, but you have to pay the agency. In reality, there are ways you can do that for free on your own. They are not trying to steal your identity, but trying to take your money,” Aguilar said.
When trying to decipher if an email is a scam or not Aguilar said that the Department of Education is, “Only going to communicate with you through your student account. They will direct you to login to your secure account, important information will not be included in the body of the email. Scammers will include personal details, where the Department of Education doesn’t do that.”
As for what Rowan can do to stop these emails before they reach students, O’Neill explained the practices that are currently in place.
“Over the last year, roughly 22 million emails were sent to Rowan email addresses but just 30 percent of those messages actually reached the inboxes of students and employees. The rest of those emails were flagged and blocked because of security concerns,” O’Neill said.
In order to keep students and staff safe from these messages, the IRT department blocks the sender and posts a notice of the scam to go.rowan.edu/scams, where a list of known phishing scams can be found.
The university also provides annual security awareness training, which can be accessed by visiting go.rowan.edu/securitytraining.
Two things O’Neill suggests to look for when unsure if an email is a phishing scam is to check the sender name and email, and to look for an [EXTERNAL] label in the subject line. Emails may closely resemble those from within the university, but the [EXTERNAL] label will show that it was sent from a non-Rowan email address.
If students or staff remain unsure about the validity of an email, they can call IRT at 856-256-4400, or forward the email to firstname.lastname@example.org.
“It is not possible for any organization to block every potential scam attempt without interrupting legitimate business activity, but we are always evaluating ways we can more quickly identify fraudulent email and stop it from reaching students and employees,” O’Neill said.
For comments/questions about this story DM us on Instagram @thewhitatrowan or email email@example.com.