The college has seen an increase in gift card scam emails that mostly target employees, according to Chris Norris, Middlebury’s director of information security, risk and compliance, in his scam alert on Sept. 21. The alert was in response to 28 messages sent the same day from an icloud.com address with no subject line, with five delivered and 23 filtered by standard email security controls or sent to the “quarantine” or “junk mail” folders, according to Norris.
The gift card scam emails are designed to trick people into purchasing gift cards and disclosing the number and PIN of the cards so that scammers may gain access to the amount available in the gift cards.
“This particular variant seems to be focused on our employees, using external email addresses (mostly gmail), first inquiring about a person's availability to perform a task and eventually leading to a request to purchase gift cards for others,” Norris wrote in the scam alert sent out from the Middlebury Information Technology Services (ITS) email.
The Campus reached out to seven employees who are managers or supervisors across different departments to ask if they or their colleagues had received said emails. Jodie Keith, manager of support services, said she has not received any phishing emails.
“Fortunately, I do not believe I have received any of the email scams we have been warned about. I don’t know of any of our staff in Facilities that has received those emails,” she wrote in an email to The Campus.
Norris’ Sept. 21 message is the third email that the college community has received regarding scam emails in a short period of time. The other two scam alerts were sent out on Aug. 18 and Sept. 17, warning users about fake internship and job offer emails and feigned legitimate shared documents.
There were 1,113 emails titled “MIDDLEBURY:JOB DESCRIPTION” sent from a gmail.com address with 24 delivered, according to Norris.
“ITS blocked the sender, then sent the community alert as a reminder to be alert for these scams. This is a good example of why we all need to remain vigilant, as any of us might have been recipients of the two dozen that snuck in,” Norris said.
Students noted that they have received internship and employment scam emails. In scam emails sent to Ryan Yin ’23 on July 15, July 22 and July 31, the email sender claimed to be Dr. Leonard Girandi, who is looking for a personal assistant to help students with disabilities. “This employment only takes an hour a day, three days a week, for $350 weekly. I cannot meet up for an interview because I am currently away, helping disabled students in Australia,” the email-sender wrote. Yin disregarded the emails.
A Sept. 17 community alert about document share scams was in response to 30 phishing emails, of which 24 were delivered, via a Google Drive invitation for “Faculty Evaluation 2022,” according to Norris. “This was a smaller email phishing attempt sent to members to try to collect usernames and passwords,” Norris said.
ITS reminded students in their scam alert email to be vigilant against emails from external senders and to report any scam emails to firstname.lastname@example.org in order for the office to block the sender.
According to Vijay Menta, chief information officer of ITS, there is an increase in phishing attacks at the beginning of every semester because hackers prey on new students and employees. “We have had one or two incidents where users fell victim to phishing scams, but my team has been able to mitigate the risk immediately,” Menta wrote in an email to The Campus.
Middlebury users are not especially vulnerable to scam emails, according to Norris. “On average, more than 97% of larger scams are prevented from ever reaching our inboxes, and ITS responds swiftly to block bad senders based on security alerts,” Norris said.
Menta added that his department continues to invest in information security to protect users’ identities and data. This week, his team introduced multi-factor authentication (MFA) for users who access the college systems on campus in addition to continuing to require MFA when off-campus.
“We are continuing to build security controls in layers and building depth in defense mechanisms to keep our community members and their data safe,” Menta wrote.
Rain Ji '23 is a managing editor of The Campus. She previously served as an Arts & Culture editor.
She is majoring in International and Global Studies with a concentration in the Middle East and North Africa. Previously, she studied abroad in Amman at the University of Jordan. Outside of academics, she enjoys watching Criminal Minds and skiing.