MOORHEAD – On Nov. 4, many Concordia College students received a fraudulent email, advertising items that were allegedly being given away for free.
The email seemed to be sent from Concordia staff and faculty members, including a wide range of professors.
“Bad actors hijack accounts and send out [emails] on behalf of them,” says Tony Pietrzak, Director of IT Infrastructure.
The email claimed expensive musical instruments, tech such as an iPad, a camera and a gaming chair were all up for grabs.
Elias Hegland, a first-year student at Concordia, says his roommate almost fell for the scam.
“My roommate and I both got [an email]. Luckily I called them out for it,” says Hegland.
He says that he was confused seeing the email come from an official Concordia email.
“But I figured it was a scam right away because the email didn’t match the name provided in the message,” says Hegland.
Students should always check the address of the person who is emailing them to make sure it is a real email address before reading and interacting with it.
“Stop, review, and click with caution,” says Pietrzak.
The campus is not new to fraudulent messages online.
So far in 2024, there have been around 6,100 reports of suspicious emails reported by faculty and students. There were roughly 6,200 reports last year.
“This can include mailing lists and other things that are not true phishing or scams, just people reporting all the email they don’t like to see in an inbox,” says Pietrzak.
Despite the seemingly large volume of these messages, Pietrzak says that the frequency of scam messages is less than previous years.
He says that adding the requirement of MFA (multi-factor authentication) has helped reduce numbers. MFA simply means that users will have to prove that they are the owner of the account they are accessing in more than one way.
Staff and students both use the Microsoft Authenticator app that periodically makes users sign in to their email with their password as well as a code given to you by the app.
Concordia also has an email filter called Barracuda.
The service catches suspicious-looking emails in “quarantine,” and gives users the option to deliver the message, allow the sender to send you emails or block the sender of the email entirely.
The ITS (Information Technology Services) department will begin sending out training for online safety to students later this year, on the service “KnowBe4.”
These methods are not foolproof, however. Pietrzak says that reporting suspicious emails like this one is important to campus security.
“Our community ‘human firewall’ is our best defense,” says Pietrzak.
When in Microsoft Outlook, the email service used by the school, users have the ability to press a button on the top right of an email, labeled with an opened envelope and an image of a red fishing hook.
Clicking this will alert the ITS department to what is known as a “phishing” attempt, or an attempt to trick people into giving away sensitive information or money.
When the ITS department receives a phishing report, they review and then delete emails with harmful intent and also stop the suspicious address from being replied to.
“After notification, we reel back the messages with the content as well as report and block the address from receiving email,” says Pietrzak.
According to the Federal Trade Commission (FTC), online fraud is on the rise in the United States.
2022 showed a recent jump in the effectiveness in phishing scams, with consumers reporting losing an estimated $330 million dollars to text message scams. This amount more than doubled the amount logged in 2021.
The most common of these texting scams involve scammers posing as banks. They ask victims to verify transactions and impersonate bank representatives to obtain personal information.
“These texts are designed to create a sense of urgency,” says the FTC.
Another of the most popular phishing scams are ones offering free gifts, similar to the email received by Concordia students.
Pietrzak urges students and staff alike to never trust calls, emails or texts from unsolicited sources. He also advises using MFA as well as unique and complex passwords for every place you log into.
Be First to Comment