Email phishing scams intense at YSU

By Christopher Gillett

Youngstown State University emails have received increasing amounts of attempted phishing scams. Especially over winter break, Information Technology Security Services dealt with more scam attempts than usual.

Phishing scams are a type of cyberattack in which victims are baited into giving personal information such as passwords or Social Security numbers. These scams can appear as fake job offers or fake messages from official institutions.

Justin Bettura, the deputy chief information and security officer for IT Security Services, said the best thing to do when unsure about an email is to call the organization it purports to be from.

“The number one thing I always tell [people] is that, ‘If you aren’t sure [about an email], then pick up the phone and verify.’ That’s the number one way to protect yourself,” Bettura said. “Call them and say ‘Hey did you send me this email asking for this information?’ Nine times out of 10 they’re going to say no and then they’re going to tell us, and that gives [Security Services] an opportunity to see what happened.”

IT Security Services have dealt with many kinds of fake emails in the past, including a fake dog-walking job offer that claimed to pay $500 a week. Beturra said phishing emails will use extraordinary job offers to lure victims.

“If it sounds too good to be true then it’s probably too good to be true. You’re not going to get emails about dog-walking campaigns that are gonna pay you $500 a week,” Bettura said.

Brandon Scott, a freshman integrated social studies major, received a scam email claiming to be the World Health Organization looking to pay $500 a week for work. Scott caught the issue before he lost money, as he changed his passwords and informed his bank. Scott said people should watch for emails making idealed offers without communicating reasonably.

“If they’re asking you for all this information via email and stuff, odds are it’s probably not [truthful],” Scott said. “Places of employment that care — that want to get you [to work] — they’ll follow up with more realistic means to get your information.”

Alongside that, students will never be asked for personal information, like passwords, Social Security numbers or birth dates, over email by departments such as financial aid or the Bursar’s Office. Suspicious emails can be reported on Outlook.

If accessing Outlook through a search engine, click the fish-hook symbol in the top-right corner of the suspicious email. It is the third symbol from the top center. This can also be done by clicking the three dots in the right corner, clicking “Report” and then clicking “Report Phish.” 

If accessing the Outlook app, click the three dots in the home bar and “Report Phish” will be at the bottom. The “Report Phish” button can also be found by expanding the home ribbon.

The email will be sent to Proofpoint, a private company, which runs an automated service used by YSU and many other companies to analyze emails for potential danger. If it finds an email to be suspicious, the email will be pulled from all YSU email accounts by the company. If Proofpoint finds the email to be fine, IT Security Services will still manually look at the email.

IT Security Services will release an educational series in a few weeks on how to stay safe online.