When freshman biomedical sciences major Daniel Knapp enrolled at UB, he received more than a typical acceptance email.
“The moment I became a UB student, like the moment I got the email, on the second day, I got a phishing email,” he said.
Phishing is a form of cybercrime found everywhere in which fraudulent actors prey on victims’ technological weaknesses to obtain personal information, data or money. These scams, especially on data-rich campuses like UB, occur more often than one would expect. But UB was unable to provide an exact figure for the amount of phishing that affects the campus community when asked by The Spectrum.
“Since I started three years ago, it’s [phishing solicitations] definitely picked up more recently,” Sarah Siddiqi, a junior political science and psychology major, said. “So a lot more this semester than last.”
Other students, like junior biology major Kelsey Boardman, say they experience these “cryptic messages” on a different timeline.
“I would say I got a lot [of emails] last semester in the fall. As of spring, I haven’t gotten as many and UB has started marking them as their spam,” she said. “I’ll look at my junk [mail] and they have shown up there more now. But sometimes they’ll still end up in my normal inbox and I just completely delete them if they come in.”
Kevin Cleary, UB’s Information Security Officer, says the school is only aware of phishing schemes “anecdotally.” “Cybercrime typically goes underreported and so to put a specific pin on the numbers, the data, that’s not something that’s easily trackable — there’s not even a unified spot with which to report that,” Cleary said in an interview with The Spectrum.
The most common way scammers get ahold of student information is through third-party websites, according to UB’s Information Security Office. These websites, many of which claim to offer enticing, useful and free services, require students to forgo their data rights. Without reading the fine print, one may have no idea who has access to their UB email address, which only increases the possibility of unwanted circulation and cybercrimes like phishing. UB officials advise students to be cautious of untrusted QR codes/shortened links, create unique passwords for UB-related accounts and to opt for credit cards, rather than debit cards, as they have greater consumer protections.
While every state defines cybercrime differently, New York has a host of laws stipulating what is legal on the internet, from identity theft and “computer trespassing” to unlawful disclosure of an intimate image and forgery. Under New York Penal Law section 156.35, unlawful possession of computer information could lead to a class E misdemeanor and up to four years in prison.
Nationally, the Federal Trade Commission received 4.8 million identity theft and fraud reports in 2020, which was up 45% from 2019. Consumers reported losing more than $3.3 billion related to fraud complaints, more than double that of 2019, according to the commission.
Investigating and solving reports of cybercrime are not always straightforward.
“It’s a different dynamic than most of the crime reports we get, which is a good thing,” Deputy Chief of Police Joshua Sticht said. “The number of reports and the number of victims are not really analogous as they are with other crimes.
“Almost every time we get one of these email phishing attempts, it’s not local,” Sticht said of prosecuting cyber criminals, since they are typically out of local jurisdiction. “It’s not anything that we as a New York State Police Agency could prosecute.”
International students are also a common target for phishing schemes.
“We’ll quite often see that international students are specifically targeted by scams that prey on their worries about their visa status,” Sticht said.
Despite the fact that most UB students know about phishing, many are unaware of the resources UB offers to stay proactive about the constantly-evolving issue. These resources consist of sample phishing emails and detailed instructions on how to recognize a scam. Other online tools include a safe-computing dashboard, where students can download free antivirus software and learn more about “digital hygiene” practices on their student accounts, social media channels and more.
“I didn’t know there was a website for that,” Knapp said when asked about UB’s cybersecurity resources. “I saw one poster about it on the bus: ‘phishing is a thing, be careful.’”
Knapp says the UBReddit is frequently filled with students asking questions like, ‘Hey, I got this email about this job offer. Is this real?’
“Kids are buying it, but you gotta be careful,” Knapp said.
UB has been “constantly” updating its phishing guidance, according to Diana Tuorto, IT Communication Officer for UBIT. The challenge is still ongoing, but UBIT says it will continue to fight it.
“The digital materials we’ve been putting out there have been evolving since cybercrime itself has been evolving,” Cleary said. “This is a continual cat and mouse game where bad actors, the folks that are trying to perpetrate this fraud, are continually trying to circumvent and evade industry-leading AI algorithms that try to identify phishing.”
Jack Porcari is a senior news/features editor and can be reached at email@example.com
Jack Porcari is a senior news/features editor at The Spectrum. He is a political science major with a minor in journalism. Aside from writing and editing, he enjoys playing piano, flow arts, reptiles and activism.