Elon officials warn students about ‘phishing’ cyber-scams

A new survey from the Pew Research Center found that 73% of U.S. adults have experienced some kind of online scam or attack. On college campuses like Elon University, the threat of these scams, often called phishing, is increasingly prevalent, especially when it comes to targeting student emails.

Gary Sheehan, director of Elon Information Security, said scammers have grown more convincing by using artificial intelligence to craft realistic-looking messages. 

“Phishing scams are fake messages designed to trick you into giving away personal information, like your password, bank details, or student ID,” Sheehan wrote. “These attacks have become more common at Elon, and AI has made these attacks more dangerous.”

Sheehan wrote that his team has noticed an increase in fake job offers and emails impersonating faculty members or university leaders, including Elon President Connie Book. He also said that there have been messages impersonating department chairs, some even including QR codes leading to fake login pages. 

“Pause and think before clicking,” Sheehan wrote, “Elon won’t email you for login credentials, account verification, or job offers.”

Freshman Josh Hertz said he became a victim of a phishing scam in October after receiving a deceptive message that appeared legitimate.

“I didn’t really know what phishing scams were, and I learned from that to ignore it after that,” Hertz said. 

Following the incident, Hertz said he faced brief technological challenges, such as being locked out of his account by the university.

“I got locked out and had to call to reset my password. It took me two minutes. I’d rather that than have my information stolen,” Hertz said. 

Hertz said what made the scam believable was how realistic it looked. He said he looked up the sender and found that they had a relation to Elon, making him believe the link was credible. 

John Wimmer, assistant teaching professor of Management Information Systems, said students should take ample time to inspect emails before clicking any links. 

“Never open an attachment that you aren’t 1,000% positive that you would trust the source. If you’re not positive that it’s coming from where they say it comes, it’s always a good idea to reach out via phone,” Wimmer said. 

Wimmer said that in the past decade, there have been many changes in the world of cybersecurity with the advent of technology and AI. 

“Probably 10 to 12 years ago, really the only targets for what I like calling ‘bad guys’, the ones who are trying to steal your data, was really more geared towards those high-end companies,” Wimmer said. “But I think that as the use of online tools that proliferated use of credit cards, the use of all this data has become more common, even in the noncommercial, non-corporate world.”

Vice President for Student Life Jon Dooley said phishing emails can circulate quickly across campus if students don’t take a moment to verify suspicious messages. 

“I guarantee you nothing will get something fixed slower than complaining about it on Fizz because they’re not quick enough for the Wi-Fi here,” Dooley said.

Instead, he encouraged students to call the IT Help Desk at (336) 278-5200, which allows staff to identify and fix issues in real time. 

Dooley advised that anytime students receive an email that looks questionable, they should forward it to infosec@elon.edu or confirm directly with the sender before clicking on links or providing information.