USF IT tests students with fake email scam: ‘Humbling experience’
If you are a USF student, you may have noticed an email in your Microsoft Outlook inbox on Monday from a non “usf.edu” address, asking you to update your password.
When students clicked on the red button in the email, they were asked to enter their USF email and password. They were then redirected to USF’s IT webpage, where it was revealed they had fallen into a “phishing” test created by the university’s IT Security Team.
“Instead of stealing your data or injecting your system with a virus, we’ve directed you to this educational page and assigned some training courses that will provide a few helpful tips on how to spot and prevent phishing attempts,” according to IT’s webpage.
Tiffany Hoang, sophomore biomedical science major, said she found it funny that “they” put their energy into creating a mockup scam.
“It was a humbling experience,” Hoang said. “I guess it was important for me to know not to click on real scams next time.”
IT didn’t respond to The Oracle’s request for comment at the time of publication, and it is unclear if they will conduct other tests in the future.
Freshman biology major Cayla Moore said she clicked on the email’s red button even though she feared it could be a scam. Once she did, Moore said she thought she “immediately got hacked,” but was relieved when she realized it was just a test.
Those who fell for the fake scam were sent emails inviting them to two online Microsoft courses, “Mass Market Phishing” and “Web Phishing.” They were designed to help protect students from real threats in the future, according to the emails sent by USF IT.
Moore said she is usually “pretty good” about not falling for scams, but this time, she thought the email was real because it was USF-related.
“I learned from now on not to click on every email I get, even if they’re from school,” Moore said.
Even though some students fell for the fake scam, junior criminology major Evelyn Harris said she ignored the email because she updated her password a week before.
If a password change were actually necessary, she would get a follow-up email from USF soon, according to Harris.
USF will never ask students to provide their passwords or multi-factor authentication (MFA) codes outside of official login pages, according to IT’s webpage.
“Scam emails can be masterfully written and do a great job of impersonating official organizations,” the IT email read. “It is important to pay attention to the full context of emails you’re not sure about so that you can stay safe and vigilant online”
Harris said she realized the email was a scam when she saw the“attemplate.com” address attached to it, instead of a “usf.edu” one.
“I figured if it wasn’t sent by USF directly, then I probably shouldn’t click on it,” Harris said. “Also, if there’s a big red button, don’t press it.”