USC students are often targeted by scam and phishing emails in their school email inboxes. The university has taken steps to try and limit the number of scam emails reaching students, but students are still vulnerable to falling for the ones they do receive.
Phishing emails are a type of scam email that attempts to get people to provide personal and confidential information. These sometimes include links that will trick a student into revealing information, usually posing as legitimate job offers or accounts. That information can then be used illicitly, such as stealing financial or personal information.
USC is not alone in its influx of scam and phishing emails. Universities all over the United States have seen peaks in job-related phishing emails, a statement published on USC's website in 2019 said.
It is easier for a phishing user to find USC institution emails due to the similar email tag @email.sc.edu being used by many accounts, Eric Robinson, associate professor of media law in the College of Information and Communications, said.
"We're at an institution where it's relatively easy to figure out email addresses and look them up," Robinson said. "That is also an issue because you put a string of letters and add you with sc.edu and eventually, it's somebody's email."
Scam emails will sometimes say a student's email address was obtained from USC, but USC never gives out students' private information such as email, Kaitlyn Antley-Robinson, a career studio peer educator and a third-year psychology student, said.
If you receive a suspicious email do not respond, click links or open attachments, USC's Division of Information Technology said in a statement on their website.
USC’s Division of Information Technology has made efforts to prevent spam and phishing emails from reaching students and faculty in recent years. In 2018, the USC IT department said it began using a new email filter called FireEye Email Threat Prevention to filter scam emails from legitimate ones.
In 2022, USC also implemented several features included in the Microsoft Security Protection Suite program, such as pre-reading any linked websites for possible scams or malware and adding a "report phishing" feature, among other tools.
These programs can make it easier for students and faculty to prevent scams or phishing attempts from being successful. USC also has an email where students can forward any phishing emails at firstname.lastname@example.org, according to a statement by the IT department in 2021. The forwarding of the email will report it to the UofSC information and security office.
Robinson said a person's online habits, such as how and where they share their email address online can also contribute to their likelihood of receiving scam emails.
The original senders of these phishing emails are hard to locate which makes it almost impossible to pursue legal action, Robinson said.
“(Phishing) does kind of fall within a gray area because there are a bunch of different laws that apply to it, but no law that squarely applies," Robinson said. "A lot of these (phishing hubs) operate outside the U.S., so it's hard to even figure out where it's coming from. The federal government only has the power within our borders.”
The availability of email addresses and students' newness to the professional email scene — as most students have only dealt with personal emails and not professional emails — makes students especially prone to email phishing, fourth-year public health student Cassidy Lena said.
“I think students believe (phishing emails) to be legitimate because the underclassmen don't have any prior experience with these types of emails," Lena said. "It seems pretty legit, because usually, the description of the position is pretty accurate and sounds normal, and it gives a professor's name, and a lot of times you just assume it to be true."
Some common signs of a phishing attempt include grammar and tone errors, email address inconsistencies, incorrect logos, lack of signatures and contact information as well as the presence of links or attachments, according to USC’s Division of Technology.
Many of these phishing emails are also posed as job offers and opportunities, usually using a professor's name or a company offering a job that requires very little effort and time for a large pay, Lena said.
Students can avoid this by using USC’s Handshake online recruiting system, Antley-Robinson said. All job listings on USC’s Handshake page are vetted by the Career Center. This not only weeds out scam job listings but also jobs that look to be taking advantage of students, Antley-Robinson said. The Career Center also offers assistance through email at email@example.com or phone at (803) 777-7280.
“You have to be skeptical of most things, especially if it's something that you've never interacted with before, like a website you've never been to, a company that you've never heard of, things like that," Antley-Robinson said. "Unfortunately, there are people out there who are either trying to outright scam people or trying to make students do work and then not pay them adequately."
Any student who receives a legitimate-looking job opportunity email but still has doubts can reach out to the career center for help making sure it is legitimate.
“If it's happened to you, it's probably happening to someone else. You're not the first person to ever fall for a job scam, and there's no reason to be embarrassed because you didn't do anything wrong,” Antley-Robinson said.