Recently, New School students have been the target of “phishing” emails. These scam emails have offered them job opportunities, financial aid, free musical instruments, or notifications of delivered mail, resulting in some students being scammed out of thousands of dollars.
Though phishing scams are nothing new, Clinton Mixon, the information security lead at The New School’s Information Security and Privacy Office (ISPO), wants students to be wary of receiving such emails.
The exact definition of phishing, according to the National Institute of Standards and Technology, is the act of “attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a website, in which the perpetrator masquerades as a legitimate business or reputable person.”
According to Mixon, one indicator that an email may be a scam is if you are asked to share any of your passwords, verify your bank account information, or provide your social security number.
Charlotte Cooper, a first-year film major at Eugene Lang College of Liberal Arts, received one such email: “The phisher asked me to verify my bank details since I am an international student,” Cooper said. After confirming her information, Cooper had around three thousand dollars stolen from her.
Checking for spelling and grammatical errors, or a sense of urgency in emails can also help determine if they are authentic. Many phishing emails will ask for a response within a certain amount of time.
According to Mixon, the most common type of phishing email that TNS students have received has been specifically targeting Mannes School of Music students. The email offers a Yamaha piano, stating all that is necessary to receive this piano is to provide your banking information to pay for someone to deliver the piano to you.
Another common phishing scam at TNS is emails offering job opportunities that promise a large salary or hourly wage. This email specifically lists a phone number to text to inquire about the job. This is a common practice by scammers to encourage victims to move communication off email to avoid scam detection technologies.
If a student wants to verify the legitimacy of a job offer from TNS, Mixon recommends that students contact Career Services, where they can confirm whether the job is real or not.
There have been cases where a phishing email blast has been sent via a New School student’s email, that has been logged in, to other students and members of the New School community. IT is quick to catch when this happens, as they are alerted when mass emails are sent. While this happens occasionally, the majority of phishing emails are sent from non-TNS email addresses.
The New School is currently using Google’s anti-phishing rules to help prevent these scam emails from making their way to students. Every week, ISPO sends emails to all New School students to notify them about the potential risk of phishing scams and to remind them to stay alert. The university also recently launched the Phish Bowl, which contains a list of recent phishing emails that have been sent to TNS community members.
Along with this, using additional security measures like multi-factor authentication, which is mandatory for all TNS students and employees through the Duo Security app, ensures that there are multiple layers of security when accessing your email. The Office of Information Technology is also actively working to catch new phishing attacks.“We do learn, and we do change our practices based on the attacks that we see so that we don’t keep getting hit by the same things,” Mixon said.