The UMass Phishing Scam

On August 21st, 2020 a security warning had the entire student and faculty bodies of the University of Massachusetts Amherst in a panic: they were being targeted by a new phishing scam. The scammer impersonated a professor at the university by the name of Clair E. Hamilton, starting email conversations with their victims by asking if “[they] have free time now.” Although the purpose of this scam hasn’t been revealed, administrators of UMass Amherst believe that the scammer was targeting the students’ NetID password in order to gain personal information like one’s Social Security Number (SSN). 

The specific structure of this phishing scam is no different from other ones: scammers assume false identities and manipulate victims into doing what they want them to do, whether it be transferring money or completing an illegal task.

What is quite unique about this scam is that the victims were not the relatively gullible elderly population who are often deemed to be more vulnerable targets. Instead, it was the faculty members and the students of a respected university: people who most likely have been frequenting the internet and undoubtedly using online technology. While the target of the scammers might have been questionable, this incident still goes to show how seemingly less vulnerable groups can also easily fall victim to the most basic form of phishing scams. 

Data Suggests Phishing Scams are on the rise

Various sources also support the notion that scammers are widening their target range from solely elders all the way to college students. According to Retruster, a famous cybersecurity provider, between 2018 and 2019, there’s been a 65% increase in phishing attempts. This inevitably leads to other demographic groups becoming targets, hence the UMass scammer’s attempt to attack college students. Although an increase in phishing attempts doesn’t necessarily mean an increase in the number of victims, it is still important to make the effort to prevent these cases as such phishing as data breaches from scams like phishing cost around “$3.92 million on average”. 

University of Massachusetts Efforts in Preventing Scams

To avoid such financial loss, UMass Amherst shared with students and faculties the most effective way to avoid these phishing scams: always verifying the identity of the sender WITHOUT having to open the email or respond to it. This method works best if one communicates under a specific domain (ex: @umass.edu). If the person is out of one’s domain, potential victims must be cautious. Following this guideline can save potential victims millions of dollars. 

If you were personally effected by the UMass phishing scam or know someone who was, or if you’d like to report a new phishing scam or any other type of scam contact us here.