“I actually was scammed over the summer,” Jaynie Halterman, philosophy and intercultural studies sophomore at Taylor, said. “It was my email that got hacked, and it was interesting, because I was at camp, and so I wasn't allowed to have my phone except for 23 hours a week.”
Halterman received a link supposedly from Taylor claiming if she didn’t log into her account and provide her information, her account would be deleted.
Feeling rushed, she clicked on the link. The scammer hacked into her account, sending a flood of scams in her name out to everyone she knew at school while she was at camp, she said.
“I had to turn my phone off and put it away and wait, wait a week to worry about it,” Halterman said. “That was terrible.”
Eventually, Taylor’s help desk aided Halterman in resetting her account.
Halterman’s not the only student whose account was compromised after clicking on a convincing scam, she said.
Steve Elwood, director of infrastructure and chief information security officer at Taylor, said these emails are increasingly common. Elwood and his coworkers work nights and even weekends to secure student accounts and prevent students from falling for these scams, he said.
Phishing emails have become a widespread phenomenon, impacting more places than just the university.
“This isn't a Taylor-unique thing by any stretch,” Elwood said. “Colleges and universities across the country are all reporting the same stuff. There’s been a big uptick in this stuff.”
Many of these scams are AI driven because AI quickly composes convincing emails when prompted.
Phishing emails don’t just impact the person whose account was compromised. The hacked accounts become launching points to blast out messages to everyone in the victim’s contact list, he said.
“They’re just hopping from email address to email address trying to scam everybody that they can that's in the person's address book,” Elwood said. “They’re just trying to spread as wide as possible.”
These fraudulent emails are dangerous. In the past, students who fall for scams provide money, personal information and passwords to the cyberpunk. Hackers are more persistent because of the constantly evolving technology they have, Gail Williams, infrastructure security analyst at Taylor, said.
Impersonations within scams are also more advanced. Williams catches many scams claiming to be from Taylor faculty or other students.
“They are getting a lot better,” Williams said. “Even their English is a lot better. It seems like they are actually talking to somebody legitimately from IT.”
Scams are made even easier as people’s information is displayed on their LinkedIn and social media accounts. These are easy tools for hacking into accounts, as they provide user’s personal information, as they provide access to users’ personal information, she said.
In the past, scammers intentionally used bad grammar to identify susceptible victims for their scams. They didn’t want to waste time interacting with people who wouldn’t fall for their scam in the first place, Elwood said.
However, with the advance of AI technology and more convincing strategies, hackers have switched to more believable sounding messages. This is because AI bots are able to craft emails more convincing to a wider spread of people.
Combatting scams has become a cat-and-mouse game of scammers versus the IT department, Elwood said.
Williams said the department figures out what method scammers use, then puts in guardrails to prevent them from continuing. The department figures out what method scammers use, then puts in guardrails to prevent them from continuing.
“As they progress, we progress,” she said.
Williams’ and Elwood’s department blocks malicious links, educates students on how to recognize scams and hosts annual cybersecurity training for faculty.
Elwood recommended several strategies for students to prevent them from falling for any scams.
First, he warned that odd-looking First, he warned that if links attached to emails are suspicious, he said. For example, if a link supposedly sent from Taylor’s IT department doesn’t have “taylor” somewhere in the URL, it’s probably not from Taylor.
Links that ask for private information are scams. Taylor has students’ information and doesn’t need to ask for it, he said.
“Remember, if you're here at Taylor, Taylor has that information as part of the application process. We really shouldn't need much of [students’ personal information],” he said. “We're not going to ask for crazy amounts of sensitive information from you, just because we have that in the system.”
Emails that prompt students to take immediate action, unexpected emails that seem random and emails that offer free items are suspicious.
Last year, circulating emails offered students free couches, guitars, pianos and a photography set, provided they pay for shipping or similar added costs. Buyers quickly discovered they’d wasted several hundred dollars on items they’d never receive, he said.
Links flagged as suspicious are also almost certainly scams, and students shouldn’t click on them, he said.
Students who suspect they’ve been sent a phishing email should flag the email, as that enables Elwood’s department to more quickly find suspicious content and prevent other students from receiving it, he said.
Students who do fall for these scams shouldn’t feel embarrassed or ashamed to come to the Helpdesk, Williams said.
Elwood said Taylor IT isn’t annoyed when students reach out about scams. They’re happy they can help fix the problem.
If the IT department is aware of a potentially hacked account, they can disable the account, reset the password and remove the hacker.
“If you have done any of these things and you think that a scammer might have your information, then definitely change your password and let us know,” Elwood said. “We'll work with you to secure your account.”
Halterman echoed Elwood’s words.
She encouraged students who felt inept at technology to ask for help.
“Always ask questions if you're unsure,” she said. “Be skeptical.”
Elwood encouraged anyone with questions to reach out to Taylor’s IT helpdesk at helpdesk@Taylor.edu.
