Students at the University of Indianapolis have been recipients of fraudulent emails from people pretending to be faculty or staff members and offering tempting job or internship opportunities since this past summer, according to an email sent by UIndy IT. These emails use an online scam tactic known as phishing. In an email statement, UIndy IT said, “Phishing is an attempt to steal people’s identities by tricking the victims into giving up their personal information including username and password, or other sensitive information (e.g. credit card number, gift card info, social security number and date of birth). Many phishing campaigns exploit our heightened sensitivity to current events, our personal finances, and even the familiarity of our colleagues in an attempt to gain access to our personal and university data or for financial gain.”
Interim Chief Technology Officer Mathew Wilson said phishers are likely to pretend to be someone you know in order to get the victims to give up sensitive personal information. He said these threats usually come from countries with less-defined hacking laws or countries with no extradition treaties with the United States. He said the easiest way to identify phishing emails is through errors in grammar and misspellings.
“We’re seeing a number of phishing attacks lately that are pretending to be employers and they’re offering things like internships or research assistant positions and they’re offering attractive dollar amounts,” Wilson said. “… They want you to apply for the position and try to engage with them, and ultimately they’re trying to steal money out of your bank account.”
According to Wilson, if anyone receives an email that seems like it is using phishing tactics, they can report it for phishing by clicking the three dots on Google. He stated that these reports are then sent to UIndy IT where they can then open an investigation. Wilson said that if students do fall victim to phishing, they should open a ticket with the IT Help Desk in order to file a report.
“Anytime that we get a report about a phishing email we investigate it,” Wilson said. “If it’s gone to more than one person then we’ll proactively block that email and make sure that no emails are going outbound to that email account and we’re not going to receive any further emails inbound from that account. Then we also make sure that students or employees aren’t engaging with that person, and if they have then we instruct them to stop. If they’ve already been asked to wire money to the phishing attackers then we’ll refer you back over to your bank and to university police.”
Wilson said students interested in employment or internship opportunities should reach out to either the Pro Edge Center or search via Handshake. If students need to schedule an appointment or submit a support ticket they can do so via the UIndy IT Help Desk.
“If you have a question or if you’re not sure if it’s real, the Help Desk would be happy to take a look at it,” Wilson said. “But a lot of times if you think that it might be phishing, we’re going to look at it, and it’s probably phishing, so mark it as phishing and report it as phishing on Google. That’s the easiest way to do it.”