Scam Emails Target Tarleton Students
Arynn Tomson– Art Director
Tarleton State University students have been receiving scam emails offering compensation for jobs such as modeling or pet sitting. The emails urge students to apply for the job by clicking a fraudulent link that will give the scammers access to personal information and control over students’ emails. Tarleton Chief Information Security Officer Rick Woodson is warning students not to fall for the scam.
Woodson says the people behind the emails are “threat actors” who need just one person to click the scam link in order to take control over their email, and then that account will send out more scam emails to other students. Because the fake job offer is coming from a Tarleton student email account, it is easier to trick others into believing the email is safe.
“At some point in the past, the student fell for a credential-gathering phish email, and the student revealed their email credentials. Sometimes they come from random email accounts that are not associated with Tarleton,” Woodson said.
Woodson says that the university is working on getting these emails under control.
“We are proactively engaged in email monitoring and filtering for student, faculty and staff email accounts. Most scam and phish email attempts are filtered out before they reach our mailboxes,” Woodson said. “However, threat actors are always evolving their techniques, and we need to be reactive to those scams that do get through to protect the university. We are continually evaluating innovative, progressive products to help us stay one step ahead in an ever-evolving threat landscape.”
Most of the time after a scam email is sent out, Woodson and his department send out an email following it. However, sometimes Woodson’s department is not alerted to all the scam emails that come through. Woodson says anytime students or faculty receive an email that seems out of the ordinary, they should report it to email@example.com or firstname.lastname@example.org.
“We ask them to report any questionable email that they receive,” Woodson said. “If they have already communicated with the threat actor and believe they may have shared personal, identifiable information, or they are the victim of a scam, they should contact the University Police Department.”