Phishing emails, texts and group messages have been distributed en masse to Fordham University students over the course of the last year. These scams have arrived by various means, including text or GroupMe messages. However, in recent semesters, they have achieved significant reach through vulnerable Fordham University email accounts. In 2023, Fordham IT sent four emails warning students about phishing messages, each of which came from a compromised institutional email account. The phishing emails ranged from offers for free musical instruments to job opportunities for Fordham students. In response to these attacks, Fordham’s Department of Information Technology often reinstitutes protections for the compromised accounts, deletes the phishing emails from Fordham accounts and follows up with a general advisory on scam emails.
Compromised emails seem to be the most prominent source of phishing attacks. Several Fordham emails have been used to distribute misleading messages, in a variety of ways. In response to discovering the phishing attacks, Fordham IT “scramble[s] the account password and close[s] any active sessions.” However, the accounts themselves are not disabled, and it remains unclear if the emails used are still susceptible for phishing and whether there are plans to protect and maintain the integrity of stray, unused or otherwise vulnerable email accounts.
Students often respond to the attacks in different ways. Therese Burgo, FCRH ’26, says that she often responds to phishing emails with skepticism. “I feel like if I get a phishing email, I can tell it’s fake because the format is off or it’s asking for personal information I know Fordham would really ask for,” she said. “I’m a suspicious person anyway.” Moreover, she generally doesn’t trust information she doesn’t recognize: “If someone calls me or texts me and I don’t know the number, I’m never answering.”
Hannah Valencia, FCRH ’26, on the other hand says that while the emails had telltale signs of phishing, the fact that they came from a Fordham email might leave many inclined to believe the information within. “I was confused by the legitimacy of these emails. There are some indicators that tell me they were spam, like the informal language used or spelling and grammar mistakes, but ultimately, if I see a Fordham account being used to send emails, I’m inclined to trust it,” she said.
To some students, the phishing presents a significant breach of privacy and institutional security. When asked if she was personally concerned about the frequent phishing emails, Valencia responded, “I do view this as a significant concern. I have personal information on my Fordham account. If the emails of administrators can be compromised, student emails can be too. I’m not exactly sure how Fordham can improve this issue, but I would appreciate more transparency. How can emails be compromised? What can we do when we receive phishing emails, besides merely blocking the sender?” She also noted that email is often a very important avenue for communication: “It’s scary to think that our Fordham emails can be compromised, especially considering that that is the main form of communication for students and professors.”
Fordham IT advises that students protect themselves by not interacting or giving information to accounts they don’t recognize, and urge them to come forward with reports of phishing emails that they receive. Additionally, they have online guides offering tips on identifying and reporting phishing on the Fordham IT blog. In the meantime, Fordham students and faculty should stay vigilant, monitoring their inboxes for phishing and only interacting with senders they recognize and trust.
Students are recommended to email Fordham IT at [email protected] if they receive a phishing email.
