A message that shows users when an email has been sent from an address outside of Chapman has been added as a warning for students, staff and faculty against phishing emails. These emails are typically sent by scammers to collect bank and login information from email users.
In the past month, there have been three phishing emails circulated at Chapman, according to Chapman’s Information Systems & Technology (IS&T) website. One of the emails sent asked the receiver to verify his or her Chapman email address, the other one had a file to download about a purchase order, and another asked, “Are you on campus?”
In October 2018, Chapman was affected by a security breach through phishing emails that affected more than 20 employees. Faculty and staff logged into a website with their Chapman credentials and scammers were able to access university accounts.
“We’ve had people who have had their emails compromised,” said Jose Diaz, an IS&T client services technician.
Hackers have been able to access email accounts associated with Chapman and create emails that mimic the standard layout of Chapman emails, tricking people into thinking the address is associated with the university, Diaz said.
“It creates a lot of problems and is a big security issue,” he said.
The new tool shows a yellow banner when an email is from outside the Chapman email system.
“Now that I get emails from outside sources I am aware, I feel like it is necessary to have something like this,” said Audrianna Liao, a freshman undeclared major.
The new feature comes after previous email hacks, including a scam that involved access to student bank accounts on April 4, Diaz said.
The email targeted students by offering a part-time job, promising $400 a week. Students were asked to send an email to an email address at the bottom of the message about the job. If the student replied, the scammers would ask for basic contact information and later, for bank information, which they used to gain access to student bank accounts.
If students come across phishing emails, they are encouraged to forward the email to firstname.lastname@example.org.
Once the IS&T desk learns of a phishing email, technicians will work to quarantine the threat and prevent the account from sending more phishing emails.
Opening an email does not typically compromise someone’s account on its own, but giving out Chapman credentials, clicking on links and consenting to unwanted downloads can lead to hacking.
“We want to make our staff, faculty and students more aware of phishing emails and prevent it,” Diaz said.