Phishing Scams Often Target Stanford Students
Before we get too far into the quarter, here is a quick—yet vital—reminder about avoiding the newest phishing scams.
So, what’s phishing again?
Phishing is when someone tries to fool you into giving away sensitive information like your login details or financial information. They do this by pretending to be trustworthy, using emails, texts, or fake websites to lure you in. Phishing is one of the most common forms of social engineering attacks.
And phishing scams are getting more sophisticated.
For example, take the recent phishing scam that posed to be from Stanford’s Office of the Registrar presenting a paid internship program with the Bill Gates Foundation:
This is a growing trend that has affected Stanford students: phishing scams with the lure of a job opportunity.
Explore more examples of phishing scams that have been spotted at Stanford to learn what to avoid. You’ll find examples spanning more than ten years of logged phishing attacks.
3 Reasons Stanford students are vulnerable right now
The fact is that phishing affects everyone—staff, faculty, and students. However, it’s also true that Stanford students are especially vulnerable at the beginning of the academic year. Let’s look at why:
- Fresh Start Frenzy: The excitement of a new academic year can make students a tad hasty. Out of eagerness to connect and discover, university students might not scrutinize things as closely as usual.
- Data Goldmine: As you grow your digital footprint while a student, your information is often becoming easier to find and more valuable to mine. This makes university students a target for cyber criminals.
- Primed for Opportunity: Stanford students are naturally interested in evaluating and pursuing opportunities. Scammers take advantage of this by offering credit cards, jobs, scholarships, grants, research opportunities, and similar desirable opportunities.
With all of these factors combined, it’s easy to see why Stanford students are targeted and at risk for phishing scams.
But you can be the hero in this story. There are ways to stay safe and to help protect your community.
6 Ways to stay safe
Be sure you take these precautions to stay safe from phishing, and review the Protect Yourself and Stanford with Secure Computing Practices guide by Stanford University IT (UIT).
Think Before You Click: Always check the sender's email and analyze what they're saying carefully. Be suspicious of surprise requests for personal info or any "urgent" messages. Do not click links in emails if the sender cannot be verified.
Double-Check Requests: If someone asks for your personal information or to take action, find a way to verify the requestor and the request. Find the sender’s official contact info and check with them directly.
Always Use Strong Passwords: Make your passwords long and unique for each account. Need help? Try a password manager to keep them safe, like the free Dashlane Premium account available from UIT.
Use Two-Factor: Wherever you can, turn on two-factor authentication. Stanford systems are protected by two-step authentication using Duo. Other accounts like your financial accounts and personal email accounts can usually have two-step login enabled also.
Update Everything: Keep your software, browsers, and security tools up to date. Cyber crooks sneak through unguarded doors and unpatched systems.
Block Credit Inquiries: Proactively freeze your credit to block credit inquiries by contacting each of the major credit reporting bureaus.
First, be ready to report any suspected phishing emails using the Phish Reporter Button or by forwarding them to email@example.com. Reporting a phishing attempt actually can save others from getting scammed.
And, of course, share phishing safety info with your friends and peers. Together, we're stronger.
Remember, staying safe online is critical to keeping your focus on your studies and your future.