NU Information Technology tackles high volumes of phishing emails


Illustration by Emily Lichty

Phishing emails are often denoted by odd email addresses and fonts, poor grammar and an urgent tone, according to Cofense, an email security company.

Lexi Goldstein, Assistant Campus Editor

Prof. Sara Broaders probably did not recruit you for a position as a student assistant in the Northwestern Department of Psychology. That was likely a phishing email. 

On Jan. 17, Undergraduate Program Assistant Jillian Sifuentes sent an email to students affiliated with the Psychology Department warning of a message which claimed to offer employment opportunities. The phishing emails were sent with Broaders’ name, but were not from her. 

Odd email addresses, poor grammar and an urgent tone are all warning signs that an email is deceptive, according to Cofense, an email security company.

Due to public University directories, the community is far from immune to phishing messages, said Nowell Arnold, deputy chief information security officer at NU.

“(Scammers) will craft that phishing attempt and pretty much blast it to anybody and everybody or to get, you know, some cross section of people who are gonna respond,” Arnold said. “Whether they’re in the philosophy or psychology or chemistry or whatever department, someone’s going to respond.”

Students are encouraged to ignore phishing emails and report them to the Information Technology department, he added.

IT is notified about new phishing attempts daily, Arnold said. A record of phishing attempts, along with other web security resources, can be found in The Phish Dish, a section of the IT website. 

Weinberg senior Camila Hirani said she receives about five phishing emails a month, once getting 20 in one month. She said some emails list other recipients who are often other NU students named Camila.

“It feels like, to me, that someone has access to a Northwestern directory and they’re just copying and pasting chunks of names and putting them in,” Hirani said. 

Students like Hirani, who are involved in on-campus research, may be more susceptible to receiving phishing emails. 

According to Arnold, the majority of phishing emails sent to the NU community are a “research assistant needed” scam or a secret shopper scam, in which scammers try to convince recipients they will be paid to shop for someone else.

“When the fraudsters are somewhat successful, they’ll just keep doing it,” Arnold said. “They’re gonna go where the money’s at, unfortunately.”

Arnold said some students do get roped into scams and are advised by IT to file reports with University police and through Google’s reporting system. 

But some students, like Weinberg junior Rakin Hussain, know a scam when they see one.

Hussain said he responded to a phishing email in Summer 2021 for a week as a joke, before halting the bit after the phisher assigned him to retrieve Bitcoin from an ATM machine. He said he was motivated by curiosity at the time but now ignores phishing attempts.

“I don’t even like, entertain them,” Hussain said. “I just see them, and I’m like, ‘they’re still doing that?’”

Phishing is, however, one of IT’s biggest issues, partially because the department does not  have much control over the messages, according to Arnold. 

He added that fraudsters sometimes continue their scams on other email addresses, over text or via WhatsApp, which makes it more difficult for IT to intervene.

“(Students) should follow the old adage: if it’s too good to be true, it probably is,” Arnold said.

Email: [email protected]

Twitter: @lexipgoldstein

Related Stories: 

Northwestern emails hacked by Google doc phishing attack

Majority of Northwestern web systems not vulnerable to Heartbleed bug

Officials respond to scams