Twelve UW students have come forward about being contacted through their UW emails by fraudulent sites offering them various ways of making money since Oct. 4, when Imprint published an article on email scams.
The emails are sent through many accounts going by the names of Wen Han Lui, Kaylee Geiger, and other students who are unaware their accounts are being compromised.
These scam emails mostly aim to make money and some simply wanting to steal student information. A common one is UWATERLOOweb-services. Their emails tell students their documents and emails have been placed on hold due to recent spam activities. They then ask students visit a link and verify their account.
“I was genuinely surprised to receive the mail,” Aaline Thayani, a student recently contacted by Keilee Speigle to fill out fraudulent surveys, said.
“I thought my Waterloo email was super secure,” she said.
Recently another scam tactic has gained popularity. An email from firstname.lastname@example.org claims they have installed a RAT software into the student’s device, hacking both their personal and professional emails. They claim they have videos of the student masturbating and ask for USD$600 in cryptocurrency within 48 hours.
This is a new variation of sextortion, a type of online phishing that tries to frighten people into believing they have been hacked and recorded. Frauds then threaten to leak these videos to victims’ family and friends unless they pay a sum of money.
Students are not always aware of these scams. At the time this article was written, the bitcoin account used by the aforementioned fraud email has seven money transfers and a total of $3,511.64 received.
The UW Office of the President sent information provided by Imprint to the UW Information Security Services (ISS).
“Fraud attempts and scams are unfortunately a frequent occurrence against all members of the University of Waterloo community. Jason Tesart, director of ISS, said.
“In my view, the best way we can be resilient against these kinds of attacks are for all members of the University of Waterloo community to enroll in two-factor authentication (2FA)…2FA should result in our accounts being extremely resistant to phishing. It will force the scam emails to truly be external, which will be easier for email users and security systems to detect,” he said.
Imprint contacted Waterloo Regional Police (WRPS), UW’s local bank, CIBC and neither of the offices claimed they were actively combating the issue.