Community loses funds to cyber crime
Cindy FolefackMercury Staff
POSTEDDecember 4, 2017
Scammers are targeting university population through online impersonations, fake phone calls
Editor’s note: Vicky’s name was changed to protect her identity
UTD victims lost nearly $50,000 to online and telephone scams this year. When students and faculty become more aware of the warning signs, scammers adapt to this consciousness and continue to victimize the UTD community.
Telephone scams are the most common type reported to UTD Police, but Lt. Ken Mackenzie said students are now looking for misspellings, wire transfer requests and other warning signs, thanks to an email he sends out once per semester.
“Scams are getting reported less because they’re happening less,” Mackenzie said. “We started sending out the emails three years ago, and now a lot the messages we receive are from students who didn’t fall for it.”
Historical studies freshman Vicky* fell victim to a scam and ended up losing about $2,300. Vicky received an offer through her student email for a personal assistant job in October, cashed two checks and tried to cash a third, when her bank realized the checks were fraudulent. At this point, Vicky realized she was the victim of an employment scam.
“I’m always on top of my finances because I’m a first-generation college student, and I worked through summer to raise money to put myself through college,” Vicky said. “After my bank told me the last check she sent didn’t go through, I checked my account and all my money was gone.”
Vicky had over $2,000 in her account before the scam, and was down to $700 after her bank determined the checks were fraudulent and deducted the sum of the first check from her account. Vicky removed the remaining $700 and closed her bank accounts to protect the rest of her money. Two days later, Vicky’s bank contacted her and said she still owed the sum of the second check, $1,250.
“The money that was stolen was meant to pay for my rent and put me through college,” Vicky said. “These last couple of weeks I’ve been worried because I don’t know how I’m going to afford my next semester.”
Employment scams are common among college students looking for a source of income. The scammer draws students in by offering a high salary, then sends fraudulent checks to their victim, resulting in an out-of-pocket payment that is lost forever. Vicky said she hopes her story will motivate other victims to come forward.
“I think other victims should alert their friends, family and anyone at UTD that could be affected by this type of scam, because this isn’t fair or right,” Vicky said. “If this message had come to my personal email, I wouldn’t have given it a second look.”
Scammers can gain access to victims such as Vicky by using the online directory to obtain student emails. They target international students by pretending to be with immigration, and threaten their victims with deportation due to a nonexistent unpaid fee, Mackenzie said. UT Arlington’s Information Security Office stopped publishing student emails in their directory to deter scammers. Mackenzie said if UTD were to implement this change, students would be less likely to become victims.
“By taking down any links to student emails, we can make it harder for the scammers to target individual students,” Mackenzie said.
Director of Information Security Nate Howe said 85 percent of all messages sent to UTD emails are rejected by the school’s security system or Microsoft’s own filters, which screen out key words that indicate scams. However, scammers have become aware of this and are constantly changing their wording to avoid the filters, he said.
“Sometimes there are typos because the person who created the scam might not have a strong grasp of English writing,” Howe said. “Other times, typos or terminology that seems out of place are used on purpose to get around our filters.”
Scammers use phishing scams as a method to get personal information from their victims, including their social security number and date of birth. These scams are usually carried out by making a web page almost identical to an official page that the student is familiar with, such as the Galaxy portal. Once students put in their information, scammers use it to purchase houses or cars using their victim’s identity and credit score.
“Scam artists want their potential victims to feel like they’re under pressure because we don’t make good decisions when we’re in a rush,” Howe said. “That sense of urgency is something the criminal uses to draw victims in.”
When students report scams, the Information Security Office can block the website on the university’s firewall, so that it’s no longer accessible on CometNet. ISO can also contact the hosting companies for fraudulent websites to get the sites taken down. Students and faculty can also submit screenshots of attempted scams to Phish Bowl, a section of the Information Security website, to make others aware of how to spot potential scams.
“When one person reports a scam, that then turns into intelligence our office can use to protect other people, because that scam may have gone to more than one person,” Howe said. “The sooner we hear about it, the sooner we block those links and protect other students who may not have even opened the message yet.”
Howe said these scams could be prevented through training. Faculty members are required to complete an hour-long training module on cyber scams, but students aren’t, so they’re more vulnerable.
“I want students to be protected, not just because of UTD, but also for the years to come after UTD,” he said.
The advisory committee for ISO, comprising student and faculty representatives, is currently testing a system known as two-factor authentication. This provides an extra layer of security by asking for both the user’s password and a code that’s sent to an external device only the user has access to, such as a mobile phone. This technology is used by companies such as Apple and Twitter, and ISO is considering implementing the system across UTD.
“We could do two-factor authentication today on our campus email, PeopleSoft or eLearning, so stolen passwords would become worthless,” Howe said, “But we need feedback from students and faculty to make sure this extra security doesn’t make logging in so difficult, that people just abandon it altogether.”
Howe said phishing scams increase during the holiday season because of a rise in online shopping. Scammers copy the logo and colors of popular shipping companies in their emails because most people are expecting a package near Christmas, so they won’t hesitate to provide personal information. Because of this, students should be careful to protect their information and be aware of who is on the other end of the email.
“We have to be alert and aware,” Howe said. “Unfortunately, we have to realize that when there’s money to be made, criminals are going to get organized and motivated.”