In an email sent Dec. 9, Jennifer Wagner Davis, executive vice president and chief operating officer, warned community members that the University has been experiencing increased levels of fraudulent emails being sent to students, faculty and staff. Davis and other administrators provided guidance on how University community members can protect themselves from email scams, which includes reporting suspicious emails to University IT Services. Her email to the community also offered context on the broader trend impacting universities during the holiday season.
“We want to make you aware of an uptick in fraudulent emails (phishing attempts) being sent to faculty, staff and students alike,” Davis wrote in her email. “Like others in higher education across the nation, we are seeing an increase in this activity as the holiday season approaches and urge everyone to exercise additional caution.”
Davis’s email also outlined a variety of strategies individuals can use to identify fraudulent emails, including watching for unfamiliar senders, urgent requests, and suspicious hyperlinks. She also recommended that anyone who receives a suspicious email report it to University IT Services.
“Forward suspicious emails to abuse@virginia.edu for review.” Davis said. “Report unexpected Duo authentication prompts as fraudulent, such as phone calls, SMS codes or push requests as well.”
In a written statement to The Cavalier Daily, Davis noted that most schools, including the University, have been targeted with a common strategy employed by cybercriminals, often casting a wide net rather than targeting specific groups or departments. Additionally, some of these phishing attempts come from @virginia.edu email addresses, making it more challenging for University Outlook users to differentiate fraudulent emails.
By sending large volumes of fraudulent emails, attackers increase their chances of tricking recipients into sharing sensitive information, according to Davis. This approach allows them to exploit any vulnerabilities they encounter across a diverse range of potential victims.
According to Davis, the fact that no one department or group at the University has been attacked more intensely than any other makes it difficult to track or locate the senders of fraudulent emails.
Furthermore, Davis outlined how the size and complexity of the internet alongside the increased creativity of hackers makes it practically impossible to trace the identities and locations of these individuals without more information.
“We cannot confirm where these threats originate from or what actor or actors are behind these threats,” Davis said. “Unfortunately, the internet provides numerous ways for bad actors to hide or obfuscate their true nature and geographic location.”
According to the written statement from Davis, because it is challenging to pinpoint the source of these phishing attempts, IT administrators have had to rely on those impacted to prevent them. IT services cannot prevent these emails, so students, faculty, and other community members are responsible for protecting themselves against possible attacks — particularly by reporting suspicious emails and avoiding hyperlinks.
Targeted individuals have witnessed the spontaneous and confusing nature of these emails. One such attempt impacted first-year College student Grant Supancich, who received a message from a @virginia.edu email address that was trying to redirect him to an unknown website.
“At first I assumed it was real, but I realized quickly that it didn’t make much sense.” Supancich said. “The email then disappeared and a very similar one came in from a different sender. I found U.Va.’s Security Alerts & Warnings website and saw the email was listed as something that had been sent in the past.”
After realizing the strange nature of the email and the threat it could pose, Supancich reported the issue to IT Services, explaining the situation in detail and confirming that he had not provided any personal or sensitive information in response to the email.
In a written statement, Chief Information Security Officer Brad Sanford outlined the different ways students can use the University’s existing resources and expertise to protect themselves and their private information from internet hackers.
“Reporting fraudulent emails lets [Information Technology Services] know which senders to flag as phishing attempts or scams, and gives us situational awareness of the phishing landscape and current strategies used by senders.” Sanford said.
For more information about information security, University community members can visit the Information Security awareness site.
Read More
Faculty Senate discusses proposal to separate faculty position renewal from promotion
By Lexie Stadler | YesterdayAGF are non-tenure-track professors who hold roles primarily focused on teaching, research, academic librarianship and clinical service.
Board of Visitors approves increased tuition and other rates for 2025-26 school year
By Brandon Kile | December 11, 2024Increases for tuition at the graduate schools ranged from a 0.6 percent increase on the lower end at the Graduate School of Engineering to a 4.1 percent increase on the higher end at the Graduate School of Data Science.
Committee on the College at Wise discuss successes despite worries about enrollment
By Ford McCracken | December 10, 2024Henry said while the College at Wise is certainly susceptible to the enrollment cliff, it has taken steps to avoid a dropoff in applicants and students.
