USF IT tests students with fake email scam: ‘Humbling experience’

 

USF students were greeted with this image after clicking on IT’s Security Team  fake scam email, created in order to help prevent students from falling for future phishing attempts. GRAPHIC SCREENSHOT FROM USF’S IT PAGE .

If you are a USF student, you may have noticed an email in your Microsoft Outlook inbox on Monday from a non “usf.edu” address, asking you to update your password. 

When students clicked on the red button in the email, they were asked to enter their USF email and password. They were then redirected to USF’s IT webpage, where it was revealed they had fallen into a “phishing” test created by the university’s IT Security Team.

“Instead of stealing your data or injecting your system with a virus, we’ve directed you to this educational page and assigned some training courses that will provide a few helpful tips on how to spot and prevent phishing attempts,” according to IT’s webpage.

Tiffany Hoang, sophomore biomedical science major, said she found it funny that “they” put their energy into creating a mockup scam.

“It was a humbling experience,” Hoang said. “I guess it was important for me to know not to click on real scams next time.”

IT didn’t respond to The Oracle’s request for comment at the time of publication, and it is unclear if they will conduct other tests in the future.

Freshman biology major Cayla Moore said she clicked on the email’s red button even though she feared it could be a scam. Once she did, Moore said she thought she “immediately got hacked,” but was relieved when she realized it was just a test.

Those who fell for the fake scam were sent emails inviting them to two online Microsoft courses, “Mass Market Phishing” and “Web Phishing.” They were designed to help protect students from real threats in the future, according to the emails sent by USF IT.

Moore said she is usually “pretty good” about not falling for scams, but this time, she thought the email was real because it was USF-related.

“I learned from now on not to click on every email I get, even if they’re from school,” Moore said.

Even though some students fell for the fake scam, junior criminology major Evelyn Harris said she ignored the email because she updated her password a week before. 

If a password change were actually necessary, she would get a follow-up email from USF soon, according to Harris.

USF will never ask students to provide their passwords or multi-factor authentication (MFA) codes outside of official login pages, according to IT’s webpage.

“Scam emails can be masterfully written and do a great job of impersonating official organizations,” the IT email read. “It is important to pay attention to the full context of emails you’re not sure about so that you can stay safe and vigilant online”

Harris said she realized the email was a scam when she saw the“attemplate.com” address attached to it, instead of a “usf.edu” one.

“I figured if it wasn’t sent by USF directly, then I probably shouldn’t click on it,” Harris said. “Also, if there’s a big red button, don’t press it.”

Clara Rokita Garcia, Correspondent

Clara Rokita Garcia is the news editor for The Oracle. She's an integrated public relations and advertising student double majoring in English with literary studies concentration. She grew up in Brazil and moved to the U.S in fall 2022. She started at The Oracle in fall 2023 as a news correspondent intern. She is highly motivated to write creative and helpful stories for USF students. Reach her at clararokitagarcia@usf.edu.

Profile