Before you click on that unm.edu email...

Phishing scams target UNM-Taos students

By John Miller
jmiller@taosnews.com
Posted 4/11/19

As a newly enrolled student at the University of New Mexico –Taos campus, Delaney Galligan was hungry to land a part-time job to help cover her costs.

You have exceeded your story limit for this 30-day period.

Please log in to continue

Log in

Before you click on that unm.edu email...

Phishing scams target UNM-Taos students

Posted

As a newly enrolled student at the University of New Mexico in Taos, Delaney Galligan was hungry to land a part-time job to help cover her costs. So when an email answered a work-wanted flyer she had posted around town, she jumped at the chance.

A few weeks later, though, she realized she had been roped into a costly and elaborate hoax, one of many now originating from email addresses ending with “unm.edu,” a domain that university members are quickly learning they cannot always trust.

For Galligan, it began with an email from a “Brittney Elizabeth Trujillo,” who wrote from an address ending with the familiar domain. The sender claimed to be a UNM staff member whose aunt and uncle were moving to Taos and would need a dog sitter once they arrived.

The message ended with an email address where the aunt could be reached and a reminder: “Since this is a private job you can message her with your personal email and don’t forget to give her your number. Thank you,” the email ends.

Assured by an email address that appeared to be tied to her school and a message that was personalized and read in earnest, Galligan quickly fired off a message explaining why she would be the perfect fit for the job.

“I got a message from your niece about your need of a dog walker and bather! I'm so glad I heard from you, because I'm your gal!” Galligan wrote, eager to land a job she thought might be swept up by someone else.

A reply came from someone claiming to be an “Elena Chesterfield,” a 47-year-old professor at the Alberta School for the Deaf whose husband, she wrote, would be transferring from a college in Canada to the UNM campus in Taos on March 9. They would be bringing with them their 7-year-old German Shepherd, “Sherry,” which Galligan would walk, bathe, brush and feed for $350 a week.

“I will instruct my financial clerk to pay for the first week before our arrival so as to secure your service in advance,” it read, and noted she would send Galligan a check for a few hundred dollars to buy supplies for the dog.

On March 4, Galligan received a check from SunTrust Bank in Atlanta, Georgia for $2,780.

She contacted the respondent via text message to express her concern. She was told there had been an error, which, according to the respondent, could be remedied if she kept $350 and sent back $2,500.

Galligan wrote back that she was concerned she was being scammed, but after being reassured with another convincing message and still eager for work, she complied.

Two days later, the check she received bounced and the phone number she had been contacting disconnected.

Since then, she has filed a report with police and another with the Internet Crime Complaint Center.

While she waits for a response, she’s resumed her courses at UNM while she works to pay down a hefty loan with her bank to cover the cost of the scam.

According to Anita Bringas, strategic support manager at UNM Taos, Galligan is not the only one to be targeted by or to fall victim to a “series of phishing scams” coming from unm.edu addresses that lure people to release personal information or send money to dubious sources.

Bringas said UNM email addresses are housed on servers at the main campus in Albuquerque. She said the information technology department is constantly working to shore up their defenses to prevent scammers from accessing their IT infrastructure, but criminals are always looking for – and often finding – news ways to gain access.

While once relatively easy to spot and send to the virtual trash can where all malicious emails ought to go, phishing scams have matured alongside the technologies they exploit to become increasingly sophisticated shams.

Galligan’s father, Rick Galligan, said the one that targeted her daughter didn’t appear to be a random attack. He said it would have required someone to be “on the ground” to see the work-wanted flyers she had posted around Taos that included her email.

“I told her that it sounded suspicious,” he said. “But she was seeing the job and the opportunity and so she followed the instructions that were given to her.”

Comments


Private mode detected!

In order to read our site, please exit private/incognito mode or log in to continue.