Winthrop students have faced a slew of scam calls and fake emails, resulting in the loss of a large chunk of money.
Scams are nothing new. Chief of Winthrop Police Ken Scoggins has worked with the university for 17 years. Scams aimed specifically at students have been prevalent since he started.
“It seems like this semester has been more problematic than in times past. But it’s an ongoing thing and again, as I said earlier, it’s not just Winthrop University. Some scammers look at universities as a target-rich environment,” Scoggins said.
Students have been targeted with these calls because they are considered easy targets and have “got other things on their mind.”
“[Students are] interested in socializing and going to school, and many of them are intimidated when they get that call. These scammers hit a lot of different schools,” Scoggins said.
The calls and spam emails students received claimed to be from campus police. The calls said the student’s name had come up in an investigation with WUPO and were prompted to wire money in order to remove their name from the investigation.
“The scammers in this semester said that they were actually Winthrop campus police, that your name had come up in some type of investigation, a drug investigation or another investigation, and that we either have a warrant for you or we are going to do a warrant for you. But if you send us $500, if you send us $1,000, if you send us $1,500, then your name will be out of it,” Scoggins said.
According to Scoggins, those affected by the scam calls lost anywhere between twelve to fifteen thousand dollars.
After a parent of a student received one of the calls, it was determined that scammers were getting students’ information from the public student directory found on Winthrop’s website.
“We figured that it was because the student had actually listed her mother’s phone number in the directory. As a result, we’re thinking that it would be the logical thing that somebody saw the number, dialed it, got the parent as opposed to getting the student,” Patrice Bruneau, assistant vice president for computing, said. “It was posted on the public internet, so we thought that they, either they used tools to kind of harvest the information or they randomly just picked people.”
Once it was determined the student directory was the source of these scams, it was taken down.
“Up until a month ago, if you go to the main Winthrop webpage, in the top right hand corner, there’s a search function. You can either search for the site or for people. If you typed in a name, the system would query both the employee database and currently active student database and return that information in one group,” Bruneau said.
Information that was available to the public included a student’s full name, phone number, major, hometown and email. Now, if you search a name on the website, faculty results still come up. However, you are prompted to enter in a username and password in order to access the student results.
“When you search for a name, you will get the results from the employee database, and then there will be a link at the bottom that says ‘if you want the student directory information, you click here,’ but then it prompts you for your credentials, your username and password. Then you are able to get that information. It’s no longer public accessible but it’s still accessible to the people who need that access,” Bruneau said.
Scoggins said creating this sort of firewall will help protect students’ information and decrease the chances of scam calls.
“That was a suggestion we made very early on because we’re trying, first we’re trying to think where the scammers are getting the information to make the calls from to start with, and then once we identify where we think that they may be getting the information, we immediately started working on ways to try to fix that. Now, if they put that information behind a username and password, then the scammers are far less likely to be able to get in there and get that information,” Scoggins said.
Students can use their user@winthrop.edu username and password, the same one they would use to log into Wingspan, to access the directory.