October 22, 2020

Scam emails infiltrate student inboxes, bank accounts

Recently, many students have been receiving scam emails lately through their Capital emails. So, what kind of scam emails are students receiving exactly?

“I received one specific email about a dog sitting job in Bexley from Nancy Swails that ended up being a scam,” Catherine Hooper, junior Psychology and Pre-Law major, said. “Apparently, the professor / school email was hacked. I never received a follow up with this information.”

There have been multiple emails sent out similar to what Hooper received, all of which seem to revolve around job offerings and positions for students. 

“This specific one [the scam email] came from Nancy Swails,” said Hooper. “But as I said, her Capital email was hacked so it didn’t come from her technically.”

All screenshots were taken by Melissa Blackford

It appears that most of the scam emails being received are sent under Capital University staff members, so that could easily have students fooled into inputting information without thinking twice.

“We talked for a few days. They tell me that they are ‘moving to Bexley’ so [they] may need some things for their ‘dogs,’” Hooper said. “On the third day, they told me they were sending me a check and a portion of that would go to me and a portion of it would go to supplies for the dog. I say ok and give my address. I end up with a ‘check’ for $2450…”  

Hooper went on to say that the user asked her to wire transfer thousands of dollars for what was claimed to be house supplies. She blocked the user, and called her bank, to which she was informed that it was a scam. 

“I almost got my bank account frozen and removed for cashing a fake check,” Hooper said. “I was also charged for filing a false check.”

It’s a phishing scam, and CapIT warns students not to send money or purchase gift cards through the scam, and not to click on the hyperlink provided. 

Another scam email was sent out by Keith Rucker on Oct. 1, 2020, claiming to have a job position available for part-time work. The job offering is very undescriptive, and it does not even give the recipient enough information to even know what type of job was actually being offered. 

A few hours after that scam email was sent out, Jennifer Vrobel sent students an email regarding the scam email. The message claimed that the job offering email was a scam, and students should report it to abuse@capital.edu.

When university email accounts are compromised, they are used to send scam and phishing emails to everyone else on the school’s email server.

“The most common way emails get hacked is through phishing schemes,” Annette Short, Associate Director of IT, said. “Phishing is usually done by sending out an email that looks legitimate and sends the recipient to a fake website and has them enter credentials to ‘verify’ information, which is then stolen.”

 “Most phishing e-mail messages will look authentic and appear to be coming from IT or someone you know,” Short said. “However, please pay close attention to the details of the email heading such as the ‘from’ and/or ‘subject’ field and be aware of any instructions asking for you to ‘run or execute a program’ or enter any personal information.”

CapIT is using an application called Barracuda to automatically catch most exploits, but it’s not foolproof. CapIT stresses the importance of looking at the legitimacy of several different things. 

Firstly, IT will never ask for personal information, nor will they have a “click here” link to verify anything. 

“Bulk and/or automated emails from IT will follow certain formatting protocols and will always encourage you to contact the Capital University IT Service Desk via a disclaimer to verify the message, Short said. “Bulk and/or automated messages from IT will not have generic phrases such as, ‘Dear Customer.’  Bulk and/or automated messages from IT will often include a web hyperlink that is linked to the ‘capital.edu’ domain.”

According to an article on CapIT’s System Status, there are a handful of things one can look out for to avoid scam emails. 

Being wary of unknown email attachments, contacting the sender directly via phone, paying attention to generic greetings in email, googling email signature text, and checking the sender’s email address are important ways to keep yourself safe from becoming a victim of scam emails, as per the article. 

Visit CapIT’s System Status page on phishing for a more descriptive perspective on how to protect yourself from falling victim to phony Capital emails. 

Students should report any suspected scam emails to abuse@capital.edu so that Capital’s IT team is informed. 

Students can also contact the CapIT help desk at helpdesk@capital.edu for help, or contact the service desk at x6508 to verify if a message has come from Capital’s IT department or not. 

Leave a Reply