On Sep. 4, a mass alert email sent out by the Los Rios Community College District Information Technology department said it had detected verified reports of fraudulent emails targeting students and staff.
In a series of mass emails sent across students and staff’s email addresses, scammers used the (@apps.losrios.edu) domain name to further portray the realism, according to Los Rios’s Chief Strategy and Communications Officer, Gabe Ross.
The emails encouraged users to apply for employment through the financial aid office, asking for personal information such as home address, student or staff IDs and, concerningly, bank information, according to Ross.
Within the emails, scammers strictly emphasized that it was a ‘work from home’ position, which only aroused suspicions with the district’s IT staff.
The email included an application to what would have been the job opportunity, asking to provide personal information.
Valid job opportunities and applications, establishments and institutions never ask for such information, via email which only confirmed the invalidity of the opportunity, according to Ross.
Not only did the phishing campaign impact American River College, it reached across the entire LRCCD.
Students and staff sent an influx of reports that helped the IT department pinpoint the issue, according to Ross.
“These reports were essential in identifying the phishing attempts and enabling a timely response,” Ross said.
Upon confirming the emails are fraudulent, the IT department directly approached the issue by warning students and staff, providing insight and recommendations, and shutting down the campaign behind the scenes.
“We also addressed the security breach by suspending compromised accounts and conducting identity verification and password resets before restoring access,” Ross said.
The IT team further implemented security measures by reviewing the district’s Google platform and applying additional security enhancements to safeguard accounts from harm, according to Ross.
As of recently however, a sudden increase in fraudulent activity was reported, according to the Los Rios Beaver Bites newsletter. This is meant to explain the broad phishing campaign that impacted students and staff across the Los Rios district.
Ross said it is highly recommended that students do not engage or participate in this campaign. Further adding that if you have done so, to contact your financial institution as soon as possible to resolve any issues, report it, and consistently take the necessary steps to verify the validity of the email itself and the sender.