“Phishing” is a form of cybercrime where scammers send people fraudulent emails claiming to be from a respectable company or business. In reality, hackers are attempting to steal personal information, such as credit card information and social security numbers. Since the 1990s, phishing has become a common concern and is said to be the most common form of a cybersecurity attack. The Abnormal Society reports that “the FBI IC3 recorded over 300,000 phishing incidents in 2022—more than five times the second most common type of cybercrime.”
“94% of organizations were victims of phishing attacks and 96% of those were negatively impacted by it,” says software company Egress. Across the nation, cybercrimes like phishing are becoming an overwhelming concern and NC State has been no exception.
Every semester, students are sent phishing emails and documents. The NCSU Office of Information Technology (NCSU IT) put out the statement, “Last year, there were 2,652 phishing reports addressed within the Google Alert Center and the NC State IT Service Portal.” Phishing can occur in various means aside from emails and documents. Scammers can target NC State staff and faculty, not just students.
“There is a trend where phishers send fraudulent invoices to staff and faculty members who typically process invoices in hopes they will approve them before taking a closer look,” said NCSU IT. “The tricky part is that the invoices are sometimes generated by payment handlers like PayPal and Square and spoof specific supply vendors used by campus departments.” By opening the invoice, the phishers gain access to all of your information on that website or the application itself. Scammers can compromise bank accounts, bank statements and information from people who have interacted with you on those websites.
The statement continued “Another scam is targeting faculty members who receive customized emails praising their research articles and urging them to look at shared documents related to it. Doing this not only puts the faculty’s work in jeopardy, but it can tarnish the reputation of the faculty member targeted as well as the institution itself.”
“The most prominent phishing scam on campus last semester and into this new year is the job scam targeting students; the phishers pretend to be faculty members who need to verify personal information to confirm a work opportunity.” Job phishing can be tempting because of how promising the opportunities may seem; however, that’s the point. NC State advises their students, faculty and staff to “Be cautious of campus job scams with subject lines like ‘JOB OFFER: UNDERGRADUATE RESEARCH POSITION.’ If an offer seems too good to be true, it probably is.”
Many phishing scams use these ways to continue to make money off of you, communicating with students long enough to get hundreds of dollars from them. “After they offer you the job, they’ll push for your money and personal information. You’ll get an invoice (it’s fake) for equipment like a computer they’ll order for you, but tell you to pay for… ” the Federal Trade Commission said.
In a blog interview with Avast, college student Bella Mauricio shared a story where she explained her experience with email phishing. Mauricio explained that she received an enticing email about a job offer during her junior year. She was desperate for money and the email looked like a solution to her problems. “The email described how you could earn up to an additional $300 a week by being a secret shopper. I clicked on the link and it took me to a website. It asked me to fill in my: email, first and last name, location, and types of stores I would want to go to, like clothes, electronics, or hardware.” Mauricio followed the phisher’s instructions and when she got to the store an employee informed her that the job offer was a scam. Her story is unique but also a testament to how far a phishing scam could go.
As the issue of phishing increases, students need to stay clear of these emails and protect themselves and their personal information at all costs.