Boston College discovered over 3,000 potential scam emails sent over Winter Break that targeted students, according to David Escalante, BC’s director of computer policy and security.
“The concern on these phishing scams is that they’re now multistage things,” he said. “The initial [email] doesn’t look like it’s fake, and it doesn’t look like it’s asking for money, and they sort of suck you in and you’re halfway down the pipe before you realize there’s an issue.”
Escalante and Dean of Students Corey Kelly sent an email on Tuesday warning students about potential scammers who ask for personal information and images or videos and then extort victims who respond.
“The messages can appear to come from a casting company or an educational institution,” the email reads. “They pretend they are looking for participants to be background actors in a party scene, or volunteers in research studies related to sensitive topics.”
According to the University’s email, students should be cautious when receiving emails with headlines such as “[ACTION REQUIRED] Brief Survey Public Health & Education Policies” and “Casting PAID Background Actresses for Movie!”
“Once the sender has gained compromising information, photos, or videos, they threaten to share it with all your contacts or post it publicly if payment is not made,” the email reads.
Escalante said the phishing emails were sent in late December, and the University became aware of them when it reopened on Jan. 3.
Although Escalante said no BC students reported the scam, the University took precautionary measures and searched for similar headlines in BC emails after being notified by other universities of scams targeting their students.
“While we were able to see the email subject lines, BC tries to give as much privacy as possible so we’re not going to try to figure out who might have looked at or responded to an email unless there’s an emergency,” Escalante said.
Escalante said he and Kelly then decided to warn the student body about the potential scams.
“Based on the fact that we know this is a problem at other schools, we figured that we better tell our students about it,” Escalante said.
Escalante said the survey emails target male students while the actress casting emails target female students. The danger with the emails is that they are not obvious scams, according to Escalente.
“The problem, honestly, is that these things are getting much more subtle and non-obvious in terms of how they initially approached you,” he said.
One phishing scam last year was similar in subtlety, Escalante said. Scammers pretended to be BC faculty members “hiring” students for on-campus jobs, later asking students to buy gift cards as part of a work assignment.
“It doesn’t seem like a scam because they don’t want you to give them money, they want to give you money,” he said. “And similarly, … they want to pay you to be in the background of a movie or … they want to pay you to do a survey, but it’s all innocuous and there’s no overt monetary transaction or gift card requests or weird things which might tip you off as a problem at first.”
According to Escalante, the University already has filtering software set up for BC emails.
“We’ve been working hard on [fighting these phishing scams] and continue to work on it,” he said. “And it is getting better.”
Escalante said the phishing scams that target BC email addresses are so realistic that some messages initially get through the software.
“The filtering software doesn’t want to cut off anything that isn’t obviously worded spam and might conceivably be a legitimate thing about business,” he said. “However, none of the emails were past the three-hundred or four-hundreds range before getting cut off.”
Students should be cautious and patient before responding to emails sent from personal Google accounts, Escalante said.
“If you get these types of things, the best thing to do is wait,” he said. “The issues we’ve run into with people who have fallen for these types of things are people who are busy and interested in the subject and they respond quickly and they don’t really pay a lot of attention … So if you see something even remotely suspicious or you’re getting involved in some dialogue, slow down.”
This story is being updated.