I have a twin sister. Normally, she’s a mechanical engineering student at U of T. But a few months ago, for a couple of days, she went from being a U of T student to a hiring agent for a steel manufacturing company.
From her U of T Outlook email address, a message was sent out to hundreds of other U of T students: “Can you handle the position of account receivables agent for Tarwada International Steel Manufacturing LLC, who can handle its account from its customers in Canada / USA?”
What happened? And why was she sending emails on behalf of Tarwada? It’s because U of T has done a pathetic job in preventing and raising awareness about scam emails.
The way the vast majority of these email scams work is simple: scammers send an email that appears to be from a reputable source — for example, some company, or even U of T itself — and entice users to click on a link that steals sensitive information. This stolen information is used to open new accounts and invade a victim’s current accounts. Scammers are capable of doing so by exploiting the technical, social, and psychological vulnerabilities of their victims.
My sister’s unwitting employment began when she received an email in her U of T mailbox. It alerted her that U of T’s email system had been updated and that she had to change her login information through a provided link.
My sister — tired from exams and schoolwork — clicked on the suspicious link and entered her information. She fell prey to the scam. Then, in a matter of hours, she was locked out of her account and unknowingly became a recruiter for a steel company, which was obviously another scam.
My sister is somewhat at fault for her gullibility, but the real onus falls on U of T. Week by week, a constant stream of these scams funnel into U of T mailboxes — and the vast majority of students can testify to this. It isn’t just my sister that’s been on the receiving end: a recent Varsity article talked about how 40,000 U of T students were targeted by phishing emails.
U of T’s efforts to address this problem have been mediocre. Its plan consists mainly of issuing warnings, posting on social media, and sharing educational information. For example, in response to the aforementioned phishing campaign, the university released a notice warning students and giving them information on what to do if they were a victim. However, this notice was published in a blog in some cobweb-filled corner of U of T’s website — it wasn’t even sent to students’ Outlook emails.
Moreover, the fact that so many scams still flood inboxes is evidence of U of T’s inadequate scam email prevention. Of course, it’s necessary to note that completely blocking out scam emails is impossible. Some emails inevitably slip through the cracks: even the strongest firewalls and security systems have blind spots. Asking U of T to completely eradicate scam emails is unrealistic. However, it’s a different story when so many scam and phishing emails are slipping through the cracks.
While it’s a step in the right direction that U of T is doing something at all, awareness remains inadequate and scam emails continue to flood inboxes. Essentially, the measures taken by U of T have been far from impactful.
According to cybersecurity experts, prevention of these phishing scams comes in the form of a two-step action plan: implementing better technical solutions — including detection and protection technology — and improving cyber security awareness. U of T needs to engage in this plan. The only way to decrease victim numbers is to consolidate the university’s online network security and commit to meaningful scam awareness measures.
Right now, however, U of T’s efforts are disappointing. While the university sits back and twiddles its thumbs — and as U of T Student Life greedily promotes that special U of T Bookstore sale — it is forgetting to protect its students. While the university sends out completely useless “9 new things that you might not know” emails to students, a mass of scam emails are also being sent out. While U of T remains apathetic, there are mentally exhausted and over-trusting students like my twin sister frustratedly trying to regain access to their Outlook emails.
Students’ Outlook emails shouldn’t constantly be blitzed by scams. U of T must take action to address the root problem of inadequate cyber security and start taking these scam emails seriously. No U of T student should ever need to worry about unknowingly becoming a recruiter for an obscure steel manufacturing company.
James Jiang is a second-year political science and writing & rhetoric student at Trinity College.