Information Sciences and Technology

Email scammers tailor methods to target universities

Credit: Adobe Stock: terovesalainen. All Rights Reserved.

UNIVERSITY PARK, Pa. — Email-based scams sent to members of a university community are more personalized and compelling and present unique risks, such as providing unauthorized access to university systems, compared to those sent to the general population, according to new research from Penn State. 

Universities are often a target for scam emails because many have massive, open directories of emails and are home to thousands of traditional-aged college students who may lack the knowledge of more experienced email users to spot scams.  

“While universities are attractive to scammers, they're also an attractive environment for us to study scams. University IT departments sometimes publicly post the scams that employees and students are receiving, and through those posts we were able to create one of the largest publicly available email scam corpora,” said Shomir Wilson, assistant professor in the College of Information Sciences and Technology who contributed to the study.  

The researchers used Latent Dirichlet Allocation – a type of artificial intelligence that can model topics in large volumes of text – to compile and categorize more than 5,000 English language email scams targeting various universities between 2014 and 2022.  

Their analysis identified eight common topics in these scams: email accounts, personal requests, documents, passwords, employment opportunities, orders/payments, students with disabilities, and blackmail. They also identified keywords within each topic that scammers use to present more authentic and compelling messages.  

“Regardless of the method, falling for one of these scams can result in significant financial harm to the university, unintentionally reveal personally identifiable information, and provide unauthorized access to university systems,” said Grace Ciambrone, an undergraduate student in the College of Engineering and lead researcher on the project. 

They also found that trends in email scams evolve over time. Document and email account scams, for example, peaked in 2016 and 2017, and personal request scams – such as an email that looks like it’s from a senior administrator asking a personal favor of a faculty member – became more prevalent in 2019. Notably, universities have been increasingly targeted by employment opportunity scams, in part, due to the rise in virtual recruitment activities after COVID-19.  

“While some themes are common to the general population of scam emails, such as blackmail, others are uniquely designed for the university environment, such as scams targeting students with disabilities by offering employment opportunities,” said Ciambrone, who worked on the project as a research intern through the Pennsylvania Space Grant Consortium. “This corpus of emails can help researchers to conduct further analysis on these topics and temporal scams, support university IT departments in updating their education materials, and better prepare user populations to identify and avoid these scams.”  

The pair will present their findings at The International World Wide Web Conference in Austin, Texas, later this month. 

Last Updated April 25, 2023

Contacts