Students Targeted by Phishing Attacks Impersonating President

Up until about two weeks ago, a handful of students and faculty members received text messages soliciting personal information from a sender claiming to be President Michael Elliott. The phishing attempts are part of a nationwide increase in cyber attacks against institutions of higher education.

Students Targeted by Phishing Attacks Impersonating President
The phishing attempts came amid a rise in cyber attacks against colleges and universities across the country. Graphic courtesy of Nina Aagaard. 

On Thursday, Sept. 8, the Department of Information Technology (IT) sent out a schoolwide message via the Daily Mammoth alerting students of an “ongoing phishing attempt,” a cyber scam that was using the name of the college’s newly instated president, Michael Elliott, to solicit personal information from community members.

Up until about two weeks ago, a handful of students and faculty received targeted phishing messages via text from a sender claiming to be Elliott. According to Chief Information Officer David Hamilton, the messages attempted to solicit recipients’ financial information. To IT’s knowledge, no one fell for this particular scam.

“This is a terrible thing to hear, but the college is always contending with a variety of attacks against faculty, staff, students, and the systems that IT manages,” Hamilton said. “In the past, when Biddy [Martin] was president, folks did fall for these kinds of attacks on occasion,” although outcomes for individuals have never been “especially terrible.”

These kinds of attacks via text or SMS messaging are called smishing. According to Hamilton, smishing attacks can come from an automated source, just “knocking on doors and trying to see if somebody answers,” but there have also been attacks that “demonstrate that the attacker has been studying [the Amherst community] and trying to leverage what they’ve discerned about us.”

A handful of community members received texts from numbers fraudulently claiming to be President Elliott. Photo courtesy of David Hamilton.

Usually, the latter type of message makes an urgent call to action on the basis of a supposed relationship with someone in the Amherst community. Hamilton supposes that the only discernible targeting pattern in this most recent case is the deliberate concentration toward senior officers of the college or “employees who have access to a particular system or certain information.”

Because of the lack of uniformity of software at Amherst and other colleges, college students are frequent targets of phishing. “Higher education is a lot more vulnerable to these kinds of attacks than if you were working for a motor company, and everybody was using the same device,” Hamilton said.

While much of the awareness around cybersecurity concerns infrastructure, finance, healthcare and government, higher education is becoming an increasingly frequent target for various types of cyberattacks. According to Inside Higher Ed, almost two-thirds of higher education institutions reported ransomware attacks in 2021, 74 percent of which were successful; In 2020, only half of said institutions reported ransomware attacks.

Just last year, Howard University suspended classes for four days in September as a result of a ransomware attack. Campus Wifi was deactivated to prevent the cybercriminal from accessing sensitive student information until the issue was resolved.

Hamilton said we live in a “particularly precarious” time when it comes to global cybersecurity. The Anti-Phishing Working Group, an international corporation that analyzes and attempts to eliminate phishing, reported each financial quarter by over 1,700 client companies worldwide, observed a total of 1,097,811 phishing attacks globally from April to June — roughly a 7 percent increase from the first quarter of 2022, and quadruple the number observed in early 2020. Smishing, the type of phishing that occurred most recently at Amherst, saw a 70 percent increase in volume since the year’s first quarter.

The most recent cyberattacks at Amherst occurred despite security systems already put in place by the college. As a Google customer, Amherst’s students and faculty are protected by the corporation, which automatically filters out phishing messages via Gmail. Amherst students can also report messages to Google directly from their Gmail accounts, and the Amherst IT Service Desk in Seeley Mudd can help community members determine the legitimacy of the messages they receive on any platform. Additionally, when the college is aware of ongoing phishing messages, IT can filter them out of individuals’ inboxes before they are seen.

As an added protective measure, Amherst IT also works with Boston’s FBI unit, which warns the college of potential phishing threats, specifically when other higher education institutions have been targeted.

“At Amherst College, we’ve got 2,000 students coming from all over the world, some of whom are familiar with this stuff, some of whom are not,” says Hamilton. He urged students to email the IT department if they are unsure of the validity of any message they receive, and download protective software to their personal devices to help filter out phishing messages.