Skip to main content

Phishing Threats to Students

October 11, 2023


A thief emerging from one laptop screen uses a fishing pole to catch mail from another laptop screen.

Article at a Glance

  • Recently, attackers have fraudulently impersonated university departments to trick students into paying them.
  • Learn how to spot phishing attacks and verify email credibility.
  • Social engineers use urgency, curiosity, and fear to make students fall for phishing attacks.
  • Review other common scams targeting students.

In June of 2023, students at one of our sister schools were sent a malicious phishing email with a fake student bill. Unfortunately, at least one of their students fell for the attack, and paid $4500 to the attackers.

The numbers don’t lie. Phishing attacks against Education institutions increased 576% last year alone, and they are continuing to increase. We still see phishing attempts at Biola every day, and all of us are susceptible to online scams.


Student Job Scams

In recent phishing attempts, an attacker poses as a Biola professor and emails students offering a job or internship. The attacker's goal is to enter into an ongoing conversation until you trust them enough to send them money in some form. They tell you to reply to a particular email address that includes a Biola professor’s name.

Don’t be enticed by job postings that claim to pay good money for simple tasks. If it’s too good to be true, it probably isn’t true.

All Biola jobs are posted on biola.joinhandshake.com. If you are ever unsure, contact the Biola department office directly at their phone extension or email.

Don’t send personal information to a non-Biola email address, even if it includes your professor’s name.


Red Flags to Watch For

Social engineering is a technique that attackers use to manipulate people into performing actions or divulging confidential information. Here are some social engineering red flags to watch out for in your email inbox:

  1. Unexpected Messages: Were you expecting this email? Do you know exactly why the sender is contacting you, or did it come out of nowhere? You should default to not trusting unexpected messages until you can prove its validity.

  2. Sender email domain: Is the email coming from an @biola.edu address? If not, is it someone who has emailed you before?

  3. Similar URLs: Be on the lookout for emails with similar (but incorrect) URLs. Addresses like “students@biola-accounts.com” or “student.accounts@bola.edu” are major red flags!

  4. Personalization: Is the email addressing you by name? Or is it using a generic greeting?

  5. Urgency: Is the message trying to get you to do something immediately, without thinking? Or is it promising some great benefit to you? Don’t trust messages that make you feel nervous, or try to make you take thoughtless action, especially by clicking on a link or attachment.

  6. Vagueness: Don’t trust messages that lack specific detail. Attackers use vagueness to make a message seem familiar or expected. And if the message mentions “your account” make sure you know exactly which account they’re talking about.

  7. Links: Does the message contain links or attachments? Did you hover over them and scrutinize the URLs? Does the link point to the address you would expect? Since phishing links are so nefarious, many legitimate companies don’t include links in their emails.

Verify credibility. If something is unfamiliar or seems too good to be true, take the time to verify what’s going on. For example:

  • Always log in to your MyAccount portal directly (myaccount.biola.edu) to verify details about your account.

  • If you get an email from a different organization that seems phishy, visit their website directly (rather than clicking on a link) or call them back at a known number.

​​Think before you click. Attackers want you to respond to their phishing attempts without thinking. Slow down, take a deep breath, and review the list of red flags above.

Report phishing. If you receive a suspicious message and you need help identifying if it’s phishing, you can always contact the IT Helpdesk (it.helpdesk@biola.edu) to ask for a second opinion.


Other Scams Targeting Students

Besides phishing emails, there are many common attacks and scams targeting students. Here are a few to watch out for:

  • Billing Notices: Some student-focused phishing attacks include a bill with an upcoming deadline and a link to a payment portal, often from a strange email address (Example: @student-billing.net). Don’t be fooled! Here is how Biola sends billing notices to students:

    1. Emails about student billing will always come from student.accounts@biola.edu and the email will be signed by “Student Account Services.”

    2. Biola Student Account Services will never include a link directly to a payment page.

    3. Biola emails will always provide a list of steps for logging in to MyAccount (https://myaccount.biola.edu) where you can view your statement securely.

    If you are ever unsure if a billing email is legitimate, you can log in to the Student Financials page on MyAccount to view your bill directly.

  • Student Loan Relief Scams: Loan forgivenes programs that charge fees are a scam. Many fraudulent services exist offering false promises to pay down student loan debt — Students or grads only need to pay a small application fee. The U.S. Department of Education offers several legitimate forgiveness programs. However, federal programs never ask for a fee to complete any forgiveness paperwork.

  • False Housing Offers: Housing scams are increasingly common, especially in the current rental market. Beware posts that offer suspiciously low rents or only give a direct contact number. Always see a property in-person before signing a lease, and importantly—You should never pay a security deposit or first month’s rent before seeing a property and signing a lease.

These attacks all have the same thing in common. They elicit a strong sense of urgency, curiosity, or fear, in hopes that you'll act without thinking.