Many people are unaware scams can come through one’s very personal emails, profiles and accounts. Social engineering scams are geared toward receiving confidential information by manipulating people through email or by phone, according to the Department Of Homeland Security. What these scams seek vary from passwords to bank information and can even go as far as hacking into someone’s computer.
Chico State and various other colleges around the nation have battled with such social engineering scams coming through college accounts and emails.
In the past several weeks Chico State has discovered numerous students and faculty members experiencing such email and phone scams, claiming to be IT Support Services and others in order to gain personal information from anyone who falls for them.
“It’s getting worse and worse,” said Scott Kodai, manager of ITSS. “And it’s because people keep falling for them.”
Amber Campbell, junior music major at Chico State, was a victim of this email scam. Campbell received an email coming through the Chico State portal account claiming to be ITSS. The email states that her account may have been hacked and that she must follow a link to update the account and protect it from future hackers. However, this was not ITSS.
“I don’t ever respond to these things but since it had all the logos it looked like it was from Chico State,” Campbell said. “So it seemed legit. I fell for it and I’m sure other students would too.”
Campbell hesitated at first to open the email, however, she then followed the instructions on the email. This link took Campbell to a non-Chico State website and it asked for very personal and guarded information about Campbell’s birthday, email, Google account information and Chico State account information. Campbell was shocked to find a few days later that her Google account was hacked and used by a Google Chrome user in India and her email box blew up with over 400 spam emails.
“I don’t use Google Chrome and I’m definitely not in India right now,” she said.
Campbell knew then that the email she responded to was a scam. She had no idea a scam could come through a college campus’ account. Later, Campbell posted the email on social media to inform other Chico State students about the scam. She soon found many old and new Chico State students claiming to have dealt with the same problem.
“It’s pretty scary. I gave out a lot of information,” she said. “They pretty much know everything about me. They probably have my identity, too.”
Although Campbell seemed shocked a serious scam attack could come through the Chico State system, Kodai is all too familiar with these scams.
He said that these scams happen too often and he is not surprised that hackers and scammers come up with new ways to get around a website’s security.
“We have a whole page of phishing emails,” he said. “They keep coming out with new ones. We just keep adding them as they come.”
Kodai and the rest of the team calls them phishing scams and said this new scam gets through to at least 15 to 20 students a day at Chico State.
ITSS has taken action to stop these attacks from happening. It informs students and faculty by posting about how to be alert and avoid suspicious emails and phones calls that are coming through Chico State accounts. Kodai said that plenty of teachers, staff and students have been fooled into believing these scams, ultimately giving out the most personal information an individual could have.
Social engineering is a widespread problem that effects the majority of IT professionals and Kodai has been dealing with them ever since he’s worked for ITSS. There are many ways to help people avoid them, however there is no guaranteed way to completely be protected by email and other online scams.
The Chico State website has many steps, tips and information to help inform people on how to carefully avoid and spot these ongoing email scams.
Bridget Comito can be reached at [email protected] or @bcineg1992 on Twitter.