Phishing on the Rise

Illustration by Nusrah Chowdhury

Incoming college students have a number of new responsibilities to handle, including learning to communicate with professors and faculty over email. Unfortunately, attackers often use RIT’s email service to prey on unsuspecting students, so it is important to learn to stay protected.

WHAT SCAMS LOOK LIKE

According to Anthony Yazback, the Assistant Director for Operations and Investigations at RIT Public Safety, fake job postings and apartment rentals are the most common phishing schemes directed against students. Scammers frequently trick victims into paying them with gift cards, since there is often no way to refund the purchase.

Recent years have also brought an uptick in immigration scams targeting international students; the attacker will impersonate an ICE officer or another government official, threatening to revoke a student’s right to study in the country if they do not make a payment.

Ben Woelk, the Governance, Awareness, and Training Manager at the RIT Information Security Office (ISO), believes that reporting scams quickly and staying informed about current schemes are the most important things a student can do.

“The other thing is the threats evolve,” Woelk said. “Two years ago I don’t think we saw much of immigration-related scams at all.”

PREVENTATIVE RESOURCES AT RIT

Students can protect both themselves and their fellow Tigers by reporting any suspicious emails or communication. To that end, the ISO always sends a detailed email to students whenever a new scam email is discovered, as familiarity with the latest scam tactics makes it easier to spot suspicious communication. Additionally, the Phish Bowl, a compiled summary of scams targeting the RIT community since February 2021, is available online.

“Threats evolve. Two years ago I don’t think we saw much of immigration-related scams at all."

Moreover, incoming freshmen must complete an online Cybersecurity Fundamentals class that is updated every year. It is crucial that students take this course because, according to Woelk, many students receive scam emails shortly after the semester starts. International Student Services also offers specialized training to international students regarding potential immigration scams.

“The education piece and the notifications are both keys to protecting our community,” Yazback said. However, Yazback adds that an abundance of warnings can also be counterproductive. “If you send out too much information, people ignore it.”

“The education piece and the notifications are both keys to protecting our community.”

While RIT has plenty of resources and responses to phishing attacks, there are still cases where students fall for scams. For example, several variations of a World Health Organization (WHO) job scam have been reported since July 2022. The scammers contacted students while pretending to be recruiters from WHO, asking victims to provide a non-RIT email address if interested in the opportunity. As implausible as it seems, approximately 70 students responded to the initial scam offer alone.

If students believe they have been scammed, they should contact Public Safety immediately. From there, Public Safety will help victims file a police report and conduct an investigation. In some cases, students can also work with their bank to potentially recover financial losses.