Phishing for students: UMW should strengthen email security methods to mitigate students falling for scams
5 min read
Mike Townes sends emails on high alert to notify students, faculty and staff of phishing scams. | Norah Walsh, The Weekly Ringer
by RYAN HIGGINS
Staff Writer
Are you a student looking for a low-commitment job that pays well? Think twice before you answer, as you could become the victim of a phishing scam.
For students at Mary Washington, these email scams are a regular occurrence throughout the school year. College students looking to enter the working world are prime targets for scammers who attempt to take advantage of their initiative. While UMW has some security measures in place to reduce the amount of harm caused by scams, the volume of phishing scams that fill students’ inboxes indicates that the University could be doing much more.
I’m concerned about the harmful potential of scam emails, as I have been targeted myself. My freshman year, I responded to a scam email in hopes of securing a work-from-home position, but the offer was a scam.
Job offer scams, which I see most often in our emails, commonly send students a large sum of money using a fake check. After buying specific products—usually gift cards—the victim is asked to send the codes and the remainder of the check back to the scammer. When the fake check is rejected by the bank weeks later, victims find they have sent gift card codes and money to the scammer, receiving nothing in return. Having heard about these scams before, I ceased contact immediately, but other students may not be as familiar with these fraudulent emails.
Una Haller, a senior psychology major, has some concerns about how UMW approaches email security.
“I think they should probably be a little bit more transparent in what their process is,” she said. “Because obviously we still get phishing emails.”
She continued, “I personally just find it annoying, but for people who are susceptible to scams, then it’s dangerous.”
According to Haller, the emails from Director of Information Technology Security Mike Townes that alert students to phishing scams are useful as they help students avoid falling victim to them.
“I do like how there’s an email after you get a phishing email that comes from someone from the University who is like, ‘Hey, that email was a scam,’” said Haller.
But while the University’s phishing email alerts are useful security measures, they aren’t entirely effective and point to the larger issue of how scammers gain access to our emails and personal information in the first place.
At other universities, these phishing emails do not have as prominent of a presence in student inboxes.
Luke Cutright, a junior marketing major at VCU, gave some insight into the state of his university’s email security.
“Personally, I don’t think I’ve ever seen any scam email in my school email, it’s seemingly pretty secure,” he said.
When asked about the security measures VCU implements to prevent scams, he said, “VCU uses a two-step authenticator, so whenever I have to log into my school email, it’ll give me a notification on my phone and I have to either approve or deny that login.”
Alongside efforts to educate their students about scams, two-factor authentication seems to be an effective deterrent to malicious emails. This security measure prevents scammers from accessing student emails which would provide them with a complete list of student emails.
VCU puts a focus on scam education as well.
“During orientation, we had a little orientation about scam awareness in general and they just kinda told us what to look out for,” said Cutright. “There’s a lot of educational posters up around the school about awareness in general.”
We should take some cues from Cutright’s experience at VCU and put more effort into spreading information on campus about how students can protect themselves and their personal information. Faculty at UMW are required to complete educational courses related to web safety, and it would benefit UMW to require that students take these courses as well.
Another factor that makes scam prevention a crucial issue for students is the development of AI that can assist scammers. I took a class focusing on generative AI systems last semester, and my final project centered around these AI-assisted scams.
With the personal information that scammers can access through compromised student accounts, they can craft personalized job offers that reference people and places in and around Fredericksburg, thus making it hard to distinguish which emails are genuine. Not only does the proliferation of these emails raise the risk of students becoming victims, but it can also lead students to disregard authentic job offers. One of the goals of any university is to help their students to find jobs and the lack of attention being given to securing our email accounts is in direct conflict with this goal.
According to UMW Information Security Analyst James Ashmore, there are mitigation tools in use to prevent these email scams, however, “there really isn’t that much there to be honest, infrastructure-wise.”
Ashmore also said that students can contact the UMW Help Desk to turn on two-factor verification for their email accounts to better protect themselves against these fraudulent emails. He recommends that students seeking better email security consider this option, especially if their account has been compromised.
However, while offering two-factor authentication is a great move towards improved security, this service should be implemented university-wide to ensure that scammers don’t have access to our electronic mailing list. Ashmore said they “have been looking at just enabling that for all students and faculty, and they haven’t quite allowed us to do that just yet.”
UMW has a responsibility to keep its students safe from malicious emails, especially considering that we must use our UMW emails for important updates throughout the school year. The frequency in which we receive these scams in contrast to other schools in the state like VCU points to a necessity for better email security measures, and UMW’s security safeguards could improve soon if our the University approved a school-wide transition to an overarching two-factor authentication system—but it’s unclear if that will happen anytime soon.
