Last Tuesday morning, Sasha Brown ’18 reported feeling “highly doubtful” about the authenticity of an email entitled MIDDLEBURY COLLEGE INVOICE AVAILABLE. Friends standing nearby Brown at the time reported seeing her swipe the email, as if to delete it, but then hesitate with her thumb over the screen. The witnesses also heard Brown mutter to herself, “Wait, is this real?”
The email, which boasts many trademark phishing red flags, such as references to Middlebury and prominent hyperlinks, also included enough strings of numbers to make Brown at least semi-believe it. To gain clarity, Sasha reportedly turned to an email from earlier in the summer, entitled Information Security Alert, which the college had supposedly sent to warn against phishing attempts.
To Brown’s disappointment, she found “almost nothing helpful in it. Like, why did they even send this?” Midway through her rant, Brown also apparently switched gears and asked, “How do I know this security email is even real?” After some hours of deliberation, Brown decided to delete both the invoice email and the security email.
Now, a week later, Sasha has begun deleting each email immediately as they are delivered, without even scanning the subject line. With this new habit Brown has unknowingly deleted more than 20 Nelnet Business Solutions emails, desperately trying to get her tuition payment.