Tips on detecting phishing scams, as Columbia students are targeted

By Camryn Cutinello, Staff Reporter

Ryan Brumback

For sophomore theatre directing major Magdalena Pogue, an internship opportunity from UNICEF seemed like the perfect part-time job. Pogue received an email about the job to her student Office 365 email over winter break.

The description stated that Pogue would be buying products off of Amazon for local mutual aid programs. The job seemed like easy money, and Pogue answered the email, expressing her interest.

“I used to work in a UNICEF club at my high school, and I was like, ‘Oh, maybe they still have my name’ and … ‘maybe they do have this internship,’” Pogue said. “It was the only phishing email where the work involved seemed like [something] UNICEF could do.”

To Pogue, the job initially seemed legit, but as she got further along in their communication, she began to grow suspicious. She said she was only in contact with one person, who was not affiliated with UNICEF. Pogue also became aware she was being scammed after receiving a check in the mail with which to buy Amazon products that was just a picture printed on normal printer paper. 

After she received the fake check, Pogue stopped replying to the emails from the contact with whom she had been talking.

This scam is one of many that has made its way to Columbia students’ emails. Although the college sends out warnings to students when it learns about scams, it is sometimes too late.

Associate Vice President and Chief Information Officer Kathie Koch said students who are suspicious of an email can first send it to itphishing@colum.edu or ITSecurity@colum.edu. From there, she said employees will review the email and determine if it is a phishing attempt and then proceed to block accounts sending the scams.

In the past, students have received emails about a dog walking job, various internship opportunities and recently the Federal Trade Commission warned that students from various schools were receiving emails that looked like they were from the IRS but were not.

Koch said she urges students to stay vigilant when receiving emails.

“If it looks too good to be true, it is too good to be true,” Koch said.

In November, Aaron Ortega, a junior acting major, had his bank account locked after cashing a faulty check from one of the scams. Ortega said the job came from a Columbia email address, and it advertised a personal assistant job for part-time students. The job was said to entail buying groceries for people who couldn’t leave their house due to the pandemic.

Ortega received a check for $1,600 and was told $1,000 was for the client’s purchases and $600 was for him. The check bounced, and Ortega was locked out of his account.

“I got fooled by some pretty good people,” Ortega said. “I don’t want to say ‘smart [people]’ because people who scam people are not smart, … but they at least had a pretty good front. They had a pretty good ring going on until I eventually caught on to what they were doing, but they got pretty far.”

Ortega called Campus Security who then went with him to file a report with the Chicago Police Department. He said the people responsible have not been caught.

The college started using DUO Cybersecurity in 2020 as a way to protect passwords and combat phishing attempts. All faculty and staff members were put into the system at the end of the fall semester. By May 17, all students will be enrolled.

Information Technology‘s Cyber Security page on the Columbia website lists 10 common traits of phishing attempts that can help determine whether an email is suspicious. Phishers will typically ask for personal information, give generic greetings, have a sense of urgency, ask you to send money and have poor grammar.

The site also states there can be inconsistencies in the links, such as the URL not matching the company. Some include unrealistic threats, saying an account is overdue or has been hacked. Government agencies also do not typically communicate important messages, like information regarding tax refunds, over email.

“Education is really key when it comes to phishing so [students] are more careful about what to respond to,” Koch said.