By Ryn Williams, Layout Editor
As a new semester begins, Saint Leo University students return back to Outlook, only to find that their email has been completely spammed by fake employment opportunities.
The Department of Information Technology (DoIT) can’t seem to combat these bots fast enough.
One email, written Dec. 7, 2022, reads, “A spam message has been detected on our network and is being sent to many individuals within the university by email…If you have received this email (even if it is from someone you know), please delete the message immediately.”
They encourage students who inadvertently opened the link to open a Help Desk ticket by sending an email to helpdesk@saintleo.edu.
Many students are fed up with the spam.
Cole Washko, a junior majoring in English with a specialization in professional writing and a minor in marketing, always deletes the emails, but agrees that the frequency is irritating.
“It’s concerning that my school email – which is meant to be for work – is being leaked to anonymous sources,” said Washko. “The school needs to take more accountability because it’s ridiculous.”
Lizzie Zacharias, a senior majoring in medical humanities on the pre-med track, also finds them annoying.
“I never respond to them,” said Zacharias.
Zacharias wants to know who is sending these emails. She’s even received some from freshmen.
Not even alumni are safe.
Ryn Christoff graduated with a degree in digital communications in the fall semester of 2021.
“I still use my Saint Leo email,” said Christoff. “It’s one I use for important emails I can retrieve easily.”
However, the important emails are being buried under the spam.
“They are very annoying. It worries me that, because of the frequency and the fact that they come directly from Saint Leo emails, people may be vulnerable from falling for these spam emails,” said Christoff. “It also makes me question the privacy and safety [of]the Saint Leo email system. I really think that something should be done about them.”
It’s possible that Saint Leo community members – whether they are students, faculty, or staff – can have their accounts compromised by these scam emails.
This is called “phishing.”
Merriam-Webster defines phishing as “the practice of tricking Internet users (as through the use of deceptive email messages or websites) into revealing personal or confidential information which can then be used illicitly.”
So far, it seems like these spam emails are being sent to hook more Outlook users into giving away their passwords which, in turn, continues the spread of scam messages.
Even faculty and staff are tired of the spam.
Dr. Lee Hobbs, an associate professor in the department of language studies and the arts, feels as though the emails are a “nuisance” and a waste of time.
“If I had to sort through less spam every morning, I could spend more time writing quality replies to my actual students’ email messages, instead of these artificial non-students,” said Hobbs.
It’s likely that, if one were to click the links being sent out, their Outlook account would be put at risk.
“Since it’s such a problem, I feel like [DoIT] needs one full-time officer that does nothing but root out the spam messages before they even hit our inboxes…It would be nice if a larger filtration system was handling and pre-sorting the bulk of the junk before it all comes into our inboxes,” said Hobbs. “All my students are complaining about it this term.”
Interestingly, multiple links that were sent out to Outlook users were crafted in Frankfurt am Main, Germany. The source was found by using a URL scanning tool, which allows internet users to inspect suspicious links without having to click on them.
DoIT was reached out for comment.
Dennis Gonzalez, the assistant director of user support and helpdesk services for DoIT, wants to make students aware of possible scams.
“The only thing we can do is educate. You know, this is what it looks like, this is what you should be looking for,” said Gonzalez. “And there’s no problem reaching out to the helpdesk to question something.”
Gonzalez stresses that students should not forward suspicious emails, and should instead include a screenshot of the email in their ticket to the helpdesk.
There are more types of scams other than job offers that seem too good to be true.
During Hurricane Ian, hundreds of emails went out to the Saint Leo community seeking hurricane relief with links promising to help those in need. However, the links led to “hacktivist” groups. “Hacktivism” is derived from “hack” and “activism,” which is defined as breaking into a computer system for social or political reasons.
Other forms of email scams include impersonation. For example, a scammer might gain access to a compromised account and ask victims to do favors, including purchasing gift cards with the promise of reimbursement.
Darius Lewis, information security officer for Saint Leo, is dedicated to defending community members.
“If I remember correctly, we’re stopping about 800,000 pieces of spam a month,” said Lewis. “So when that one or two or maybe three get through, well, that’s three versus 800,000 a month.”
There has been an initiation to include students and alumni in security awareness training. Currently, only faculty and staff undergo security awareness training.
“The only problem with that is everything comes with the costs…Alumni have email boxes, so we need to protect it. So the costs start to go up. But in the same token, what is the cost loss?” said Lewis. “If you’re a student, you don’t have elevated rights to the critical systems. So do I put the money into protecting the people that have access to the critical systems?”
In an environment riddled with scams, what is the best way to stay safe?
It’s important to never click any links from an untrustworthy source. Even if it’s a Saint Leo email address, look carefully at the email contents and question it.
Does it sound too good to be true? If so, it probably is.
Have you received the same email copy from multiple sources? That means there’s a chance that multiple people have fallen victim to the scheme.
It’s important to never share your password with anyone claiming to be from the university. Additionally, do not share financial information with anyone other than a verified representative of the financial aid department.
Finally, when there is an email that looks “phishy,” let DoIT know. One way to do this would be by sending an email to helpdesk.saintleo.edu and opening a ticket, making sure to include a screenshot of the offending email. Then, after the ticket has been created, delete the suspicious email.