During her third week as a music industry business freshman at Loyola, Patricia Calzadilla opened an email that she thought was legitimate.
She went to the website indicated in the email and filled out her name, address and phone number.
Soon after, she started getting text messages from the phisher. The texts directed her to deposit a check to a specified address, and in return, she would receive $2,700. Calzadilla had fallen into a phishing scam.
According to the U.S. Census Bureau, “Phishing is the criminally fraudulent process of attempting to acquire sensitive information, such as user names, passwords, social security numbers, bank account or credit card details by masquerading as a trustworthy entity in an electronic communication.”
Phishers send emails that resemble the website they are trying to imitate. The emails ask the recipient to validate or confirm sensitive information.
Joseph Locascio, director of Computer and Network Services, said Loyola Information Technology tries to stop scammers by putting up a Firewall and a spam checker. The IT department notifies Loyola webmail account holders when a spam scam slips through.
Though these tools are constantly updated on phishing scams, Locascio said, the most recent phishing scam directed email recipients to a website built using Google Documents, which was particularly deceptive, because most people trust Google Documents.
This phishing attack happened before Easter break, and at least 20 Loyola webmail users fell into this scam, Locascio said. He said the problem was that those who logged in to the website gave the scammers their email password. To fix this problem, Loyola IT had the users change their webmail passwords.
Phishers can obtain an email address by using it anywhere the email address is listed on the Internet, Locascio said. Students can go to a search engine and enter enter “your email address” and “@the email domain where you received the phishing email” to see where their email address is listed.
To avoid phishing scams, email users should not respond to an email that asks for sensitive information because legitimate organizations do not ask for this information over email.
Locascio said the best way to report a scam or phishing incident is to call the IT help desk at 504-865-2255. All emails that are suspected to be phishing should be reported to [email protected].
After the Loyola Tulane Credit Union told her the check she deposited from the phisher bounced, Calzadilla asked her supervisor in Student Finance what to do. Calzadilla said that if it weren’t for her supervisor at Student Finance, she would not have made it out of this incident with such minimal damages. After explaining the situation to the bank, she was only charged $25 for the deposit.
Calzadilla thinks Loyola needs to do more to stop phishing scams.
“I think I fell for this mainly because I thought since it came from my school email, it was safe,” she said. “Things like this make you feel unsafe in your own school.”
Aaren Gordon can be reached at [email protected]
