Over the past couple of weeks, Wheaton’s community has been ravaged by scam emails. These malicious emails range from false job offers to ominous threats stating that student accounts will be deleted if they do not verify their password. The senders of these emails appear to be Wheaton College faculty and staff, with the telltale @wheatoncollege.edu at the end. However, the senders’ names are falsified and disguised, not those of actual, current people at Wheaton.
In an anonymous survey polling 315 people, roughly 146 students reported receiving 2-3 scam emails per week. 120 students reported receiving more than 3 scam emails in a given week. According to Brian Gibson ’95, who works in Wheaton’s IT department, the department has never “seen anything of this magnitude” in Gibson’s 25 years of email administration.
A certain technological development is fueling this outbreak: the rapid growth and usage of artificial intelligence (AI). This recent outbreak, understandably, has greatly concerned Wheaton’s cybersecurity team. According to Gibson, “scammers have started using AI to automate every aspect of these phishing campaigns”.
Gibson explained that in the past, scammers’ efforts were analog, and it was much easier to contain and catch phishing emails before they became a larger issue. “Back then, this was all done manually. So before the hackers even had time to set up shop, we could clean up the end user’s account and kick the hackers out.” But now, with AI becoming ever more prevalent, scammers can use it to send thousands of emails in a matter of seconds.
Once recipients of these emails mistakenly provide their information, the scammer’s AI can access their data and use it to send even more emails from that legitimate Wheaton address, thereby continuing the scam. According to Gibson, in a recent case, after these scam artists gained acces to an account, they were “sending hundreds, sometimes thousands, of phishing emails out within minutes of their gaining access to the account.”
Gibson claims that since the phishing emails are coming from disguised Wheaton email addresses, the attacks become “more potent.” Even more alarming, a large number of Wheaton College alumni have also fallen victim to these cyber attacks. “Since the class of 2016, we have allowed graduates to keep their email accounts for life, so with each new year, the potential number of targets has increased, making this tougher,” said Gibson. “Whit these recent phishing campaigns, we probably had to track down and clean up current student accounts.” The number of people with Wheaton email addresses grows each year. This only adds to the number of people susceptible to this wave of phishing attacks.
These scam emails operate in one of two formats. The first format: a stern message threatening to shut down all email addresses with unverified passwords. This email contains a Google Form that asks for the recipient’s email password. Wheaton has issued a statement stating that no one will ever ask for the password of a Wheaton email through this method. If a password is requested on a form, it is likely a scam.
The second format: false job offers. These jobs are being advertised as being “part-time” or offering the fabulous option of “remote work from campus”. These ‘offers’ often pay an exorbitant rate for a student intern, such as $550 per week or $35 per hour. Likewise, these messages are followed by a link to a Google Form. As with all phishing emails, each message seems to be sent from Wheaton Student Employment. The real Wheaton Student Employment sent an email on Feb. 23, addressing these fraudulent job postings and directing students to contact them with any questions or concerns about emails they may have received.
Wheaton’s IT department has taken several precautions to stop phishing emails and prevent further, future attacks. These measures include a new software that Gibson says will be rolled out “sooner, rather than later.” This software includes the work of “vendors that tie into our Google Workspace infrastructure, whose products use AI to help combat these phishing attacks,” as stated by Gibson. Steps are being taken to help people whose email has been compromised when they fall victim to these scams. “When we find that someone’s account has been compromised, we reset their password, and we use tools on the Google back end to kill any logged-in sessions into the account. Just to be safe, we then replace the person’s 10 Google 2-step backup codes and contact them via text or an alternate email address to let them know what happened. They usually already suspect that something is up before we contact them, and we help them reset their password.” This ensures that the account is reset and all personal information is inaccessible to the scammer. Beyond simply resetting the password, the email of the person who was scammed has many Google backup codes that IT also replaces in order to further protect them from scams. For now, IT has published a banner at the top of students’ Canvas pages that warns against providing passwords or verification codes to anyone. Until the attacks are stopped by Wheaton’s IT Department, all students should be wary of all suspicious emails sent to their Wheaton accounts.