Scam emails surge, ITS warns: ‘do not click the link’

Some students and faculty have recently fallen victim to a surge in phishing scams, which can compromise private information stored on their St. Thomas email accounts.

“Phishing” is the term used to describe hackers that mimic reputable sources, like a St. Thomas email address, in order to gain access to information. The university’s Information Technology Services has been unable to pinpoint the exact source that initiated the recent surge in phishing incidents.

“I just woke up one morning and I had 4,500 unread emails that were all fraud,” said sophomore Emmelyn Affeldt. “I didn’t even realize that it had happened.”

Affeldt is not alone.

“Pretty much everyone on campus has received some of these emails,” said Chris Gregg, associate vice president of information security and risk management at ITS.

About 430 accounts have been compromised in some form through phishing, Gregg said. He added that the majority of these accounts belong to students and that two-thirds of the cases have occurred since the start of the school year.

Justin Klassen, a student employee at ITS, said he is not sure whether the phishers gained information from any of the accounts, but he believes chances are very high.

“The sole purpose behind the phishing is to collect information and use it for their own profit,” Klassen said. He added that clicking a link in a phishing email puts any accounts synced to a student email, such as bank information, at risk.

ITS is using IP addresses to trace phishing emails to their origin. Gregg said phishing emails are coming from all over the world, but some recent attacks have come from countries in Africa.

In some cases, the only way for ITS to combat this issue is to shut down entire email accounts. This leaves students without their account and resources, but the phishers no longer have access to the accounts, either.

One sign of a phishing email is a threatening subject line. Examples include: “Verify your information now or you will get logged out of your account,” and “Your password is expiring.”

This fall, ITS is piloting many solutions to address the phishing problem.

One solution is a Microsoft add-on to Office 365.  Gregg said the add-on, called Microsoft Advanced Threat Protection, would provide more security specifically for links and attachments for emails. ITS could implement it this fall, but “for sure this school year,” according to Gregg.

Additionally, multi-factor authentication measures, also called 2-step authentication, are being implemented at the university for faculty and staff considered at high-risk, or those who likely have confidential or student information in their emails.

In these cases, logging into Canvas or Office 365 with a username and password would require also entering a second verification via cell phone number.

The main way ITS works to mitigate these scams is through students forwarding what they might see as a fraudulent email to

Klassen advises that you refrain from attaching your school email account to information involving any bank accounts or private passwords.

“St. Thomas and ITS never ask for your username or ID. They also never send out emails saying your password is about to expire,” Klassen said.

Klassen emphasized that students and faculty should not open links in emails from unknown senders. ITS has been tweeting out examples of the fraudulent email subject lines so people know what to look out for.

“Whatever you do, do not click the link,” Klassen said.

Justine Bowe can be reached at

University Affairs Editor Emily Sweeney also contributed to this report. She can be reached at