The second phishing scam of the semester had Montclair State students wary of their email accounts last Friday. A fraudulent email was sent out to students detailing a job opportunity with the subject line “Book Keeper/Payroll Personnel Needed,” to which the students who received the email never applied. On Nov. 20, Jeff Giacobbe, Associate Vice President of Information Technology Services (IT) at Montclair State sent out an email notifying all students of the scam.
According to Giacobbe, fraudulent emails are able to “get through” the anti-spam filter by having a “seemingly normal structure.” Emails such as these don’t contain virus-oriented attachments, but the content of the email is what makes them dangerous for students. Something to remember for all students is that legitimate emails sent out through administration and academics within Montclair State will never ask for personal information in an email.
This particular scam detailed an opportunity for college students to make extra cash by keeping record of payments and funds for a company. The emailer identified himself as “Siyaki Agush” from the “University Employment Bureau” and was contacting students through a personal Gmail account. He asked for students’ information such as bank account numbers, drivers license copies, phone numbers and résumés. The sender explained that he needed these details in order to start the applicant working while he was still “away with manufacturers.”
Jennifer Leon, a Montclair State student, was among the slew of victims who had responded to the email and submitted respective information to “the Bureau.” About a day after she sent it, an email was distributed to the “allstudents” mailing list to alert the community that the email was, in fact, a phishing scam. Students like Leon reacted in a panic, worried about possible identity theft and bank account safety.
She described her first reaction: “I have never felt more hopeless. At first I wanted to cry because I felt like the school was not protecting me. It’s scary the way my email address can be accessed by a hacker.” Leon was advised by Giacobbe to contact University Police and to file a police report. Her initial emails to IT went unanswered.
Alerting all students of the fraudulent email circulating was the first step IT has taken to address the issue. They also blocked the sender address to prevent anymore incoming emails from that particular account. The same goes for the scam that occurred back in October, where some students were also duped by an alleged employment opportunity. However, this email did not originate from the same sender.
Giacobbe explained that students should be aware at all times of the potential of spam. “Even though, to my knowledge, only a handful of students actually replied to the phishing email, almost all of them stopped any further communication after the scammer began asking for personal and banking information. The fact that they were aware that something wasn’t right and notified IT and University Police is a good sign that user awareness of phishing scams is pretty high.”
Any student who feels that he or she may be a risk of identity theft or other criminal activity due to a phishing scam is encouraged to report the incident to University Police. Students can also visit http://www.montclair.edu/career-services/employment/career-directions/scams-and-fraud/ for more information on how to detect when an email is fraudulent and avoid falling victim to scams.