Campus vulnerable to online phishing scams

Courtesy of the I.T. Department The graph illustrates the college’s daily email intake and how the I.T. department handles it. Allowed: regular mail that gets delivered Allowed; Tagged: mail that looks a little sketchy, so we add “possible scam—don’t give out your credentials” to the subject line Rate Controlled: lots of mail coming from/to the same person, so our system automatically slows down the delivery of these messages just in case they are spam Blocked; : messages that are blocked, either because they are spam, have viruses attached to them or are sent to invalid addresses.
Courtesy of the I.T. Department
The graph illustrates the college’s daily email intake and how the I.T. department handles it.
Allowed: regular mail that gets delivered
Allowed; Tagged: mail that looks a little sketchy, so we add
“possible scam—don’t give out your credentials” to the subject line
Rate Controlled: lots of mail coming from/to the same person, so our system automatically slows down the delivery of these messages just in case they are spam
Blocked; : messages that are blocked, either because they are spam, have viruses attached to them or are sent to invalid addresses.

By Madeline Clark

Mac Robson, ’18, logged onto his school email just like any other day. He skimmed through the headers as per routine, and opened those of the most immediate importance. What was not usual was the enticing job offer to work for an art collector and earn $250 a week, working only one hour per day. Tempted by the prospect of generous pay and short hours, Robson began corresponding with the St. Michael’s “alum” turned art curator. Inadvertently, Robson fell prey to a phishing scam.

“They tricked me by putting the SMC logo on it.” Robson said. “I figured it was fake when they started asking for banking info after they promised to pay in cash.”

Each day at St. Michael’s College thousands of spam emails assail the @smcvt.edu domain. In fact, according to the office of Information Technology, 70 percent of the mail that enters the system is spam. For the most part, firewalls keep junk mail out of inboxes for the college community – February 5 alone, the server for faculty accounts blocked some 15,000 unwelcome emails – However, from time to time, malicious messages slip through the cracks and make their way into the accounts of the college’s faculty and students.

March 28, Erik Lightbody, the assistant director of technology services, and Douglas Babcock, the director of public safety, held the third Digital Danger information session of the academic year. The presentation covered the top ten online and identity theft phishing cons. The swindles ranged from fake job scams, to bogus tech support pop-ups, persuasive banking and debt collection messages to phone number spoofing. However, it seemed the real problem, was awareness and promotion of Internet safety.

“I don’t go two weeks without having some student with a compromised account,” Lightbody told The Defender. “We held two of these events in October and have only had yourself and one other student join us.”

The faculty and students’ low attendance at the event frustrated Lightbody. “It’s frustrating because it’s difficult to get the word out and to get the students to be receptive to these threats. I don’t know if the kids don’t care or if they don’t understand.”

Since The Defender attended the Digital Danger information session three more students and one faculty member became victims of another email scam. Each time a member of the college community is caught in the snare of a scammer Lightbody must email them to inform them of the severity of compromised accounts.

“I explain to them that it’s not just your email account they want,” he informs them, “how they [scammers] take that information and try to access your other accounts.” Lightbody noted that students are always shocked by the gravity of these scams.

Babcock chimed in, commenting that, ironically, the very screens on which phishers’ lures snag students and faculty prevent these members of our college community from having meaningful face-to-face conversations about safe practices on the web.

“We can make students and faculty change their passwords, or hold events like this, but the weakest link is you. It only takes one time, one click, to hand over personal accounts,” Lightbody said. “Education, then, is the best solution.”

While the Digital Danger information session was the last of its kind for the semester, the office of Information and Technology is open Monday-Thursday, 7:30 a.m. – 7:30 p.m. and Friday 7:30 a.m. – 3:30 p.m.

As Lightbody said, “if people feel more comfortable to come and talk to IT about this issue on an individual basis, than at an information session, they can come to the office with questions during normal business hours.”