Sophomore Jane Towery signed on to her Binghamton University Gmail account this summer only to see that emails were being sent out under her name and her own emails were being forwarded to another user.
Earlier that week, Towery had fallen victim to a phishing scam. According to the website of Information Technology Services (ITS) at BU, phishing is a technique in which users are directed by an official-looking email to provide personal information under false pretenses. These phishing scams, which typically claim that the user’s mailbox has reached its full capacity, can cause the user’s B-mail account to become compromised.
According to Towery, who is majoring in mechanical engineering, she received an email that told her she needed to give them her B-mail username and password so that her email wouldn’t be terminated.
“The email looked official so I gave them my Pods login,” Towery said. “I realized a week later when friends contacted me asking why I was sending them suspicious emails that I had fallen for a scam.”
ITS will never ask students for personal information via email, according to Erik Langert, a junior majoring in computer science and the senior Residential Consultant (ResCon) for Hinman. A ResCon is a student technician who lives in the dorms, providing Internet and tech help for fellow students.
“If they ever did need that information for some reason, they would make them give that information in person,” Langert wrote in an email. “If someone ever feels iffy about an email they got, tell them to email the department they got [it] from.”
According to Towery, when she realized her email had been compromised, ITS told her to change her password and the settings on her B-mail so her emails would no longer be forwarded to the scammer. The ITS desk urges all people who responded to phishing scams to change the passwords on their accounts to a stronger password that is a minimum of eight characters.
Students like Rebecca Wolf, a sophomore majoring in human development, said that she has learned the warning signs, as the phishing scam emails often have spelling errors that lead her to believe they aren’t legitimate.
“Over the course of the summer, I got a lot of emails for users from Birmingham University,” Wolf said. “I knew this was weird and unusual, so I deleted the message. Some of the other messages looked more promising, but if they weren’t regarding my coursework or anything that seemed important to me, I simply deleted it.”
Since the problem has heightened this past summer due to the increase of emails being sent, ITS implemented safety precautions to stop students from giving into these scams. On August 6, ITS began tagging possible phishing emails with a warning in front of the subject field.
According to Langert, a proper domain name for an email is one that comes from “binghamton.edu,” and if the email is from something different, it is probably a scam. Students are asked to forward suspicious emails to the ITS help desk, and these fraudulent email addresses are then blocked on the B-mail network.
Ultimately, students must continue to take precautions and be aware of scams, said Rick Shumaker, ITS staff member and director of the ResCon program.
“I know that the message is out there about some of the ways that people steal from people electronically,” Rick wrote in an email. “However, there will always be new ways. I think that the long-term message is to ‘B-AWARE’ of our digital surroundings.”