Many SHU students received fake phishing emails the week of Oct. 13 as a part of a security awareness campaign directed by IT Security in honor of Cybersecurity Awareness Month.
The emails varied from student to student, but the most common one appeared to come from a fake SHU student account asking recipients to proofread an essay on “economic comparisons.”
The email greeted recipients by name and read, “Can you proofread my paper draft? It’s due in 2 days and I’m not sure it’s good enough yet.”
Students who clicked the attached link were redirected to an IT Security page notifying them that SHU had blocked the email.
Genesis Batista, a junior psychology major, was taken aback by the email she received because it “seemed legit.”
“I was really confused…because it seemed legit when you were looking at it at face value,” Batista said. “But then you would notice, the sender at the top didn’t match up with the email signature. I mean, I thought that was really weird.”
Batista said she knew something was off when the student in the email was requesting she proofread an essay.
“I’m not a part of the ARC center or the Writing Center,” Batista said. “I’m a psych major and…it was an economics paper. I was just really confused about all that.”
Only two days before receiving the suspicious message, Batista had participated in a Cybersecurity Awareness Month quiz tabling organized by the IT department that tested students’ ability to recognize phishing emails. Because of this, she initially thought the message was part of that exercise.
“At first, [I] thought it must have been a test from the IT department about the game,” she said.
Batista, who has never been affected by a phishing scam before, added that she typically ignores suspicious emails.
“I think I’ve gotten some emails, but I’ve never opened them,” she said. “A lot of times, when something does come up that’s actually phishing, it’ll just get deleted by the system or IT will handle it themselves.”
She suggested the IT department continue using interactive activities to spread awareness. After participating in the phishing recognition game, Batista said she found it to be an effective way to engage students.
“I feel like that game they played the other day was really good, because it catches you, and in the moment you can really see it and sit with it and they explain to you the signs of phishing,” she said.
Ryan Fox, a junior communications major, received the scam email as well. Fox believes there needs to be more awareness on campus about email phishing scams.
“I think the emails from the IT Department aren’t necessarily enough,” he said.
Fox added that social media may be a better place to reach students and create more awareness about email phishing scams.
“I think a lot of people get their updates from social media,” he said. “And I think maybe if the university posted about it on social media as well as emailing, it could be a more effective route to kind of bring more awareness to the subject.”
Echoing Fox’s sentiment, Shya Coello, a sophomore nursing major, said that social media is an effective way for students to be more aware about the dangers of email phishing.
“A lot of people don’t check their emails often,” she said.
Director of IT Security Eric Lopez explained that the recent phishing scam was a training exercise to raise awareness about the dangers of scams.
“The email campaign…was part of a social engineering awareness campaign that my team performed to raise security awareness among the community,” he said. “It was a training exercise.”
Lopez explained that many scams can affect college students, which SHU students need to be aware of.
“Students should watch out for phishing emails, fake job offers, housing scams and tech support fraud,” he said. “Phishing messages often pretend to come from university departments, trusted companies and even accounts claiming to be university students asking you to click a link or share personal information.”
Lopez also mentioned that students should be aware of suspicious emails with links, specifically to Google Forms asking for personal information, including usernames and passwords. He said students can grow aware of these scams and how to protect themselves by staying up to date with the weekly IT newsletters.
“Students can also take short online training modules in Canvas (look for the “Security Awareness Training” course),” he said. “IT Security also sends regular simulated phishing messages to train users and raise awareness.”
Despite these resources, Lopez emphasized that students still need to remain vigilant, since even a single successful scam can have serious consequences such as “financial loss, stolen personal information, or compromised university accounts.” He added that scams can cause students stress and “disrupt academic life.”
To address these risks, the university’s IT Security team actively monitors for scams and takes steps to protect the campus community.
“When the university becomes aware of a scam or social engineering attack that was somehow delivered or released from quarantine by the user, the IT Security team investigates and takes action to protect the community,” Lopez said.
In the event of a scam or social engineering attack on campus, students can contact the IT Security team by email or phone for assistance.
Michela DiLorenzo is a writer for The Setonian’s News section. She can be reached at michela.dilorenzo@student.shu.edu.
