The student newspaper of Wellesley College since 1901

The Wellesley News
  • September 16Welcome Green Class of 2029
The student newspaper of Wellesley College since 1901

The Wellesley News
The student newspaper of Wellesley College since 1901

The Wellesley News

Phishing scams continue to target Wellesley students

Maanya Jindal, Amanda Chen, and Sophie Turansky | November 3, 2025 | 116 Views

In an Oct. 29 email, Ravi Ravishanker, Wellesley’s Chief Information Officer and Associate Provost, shared that a phishing test conducted in early October found that 5.6% of employees and 4.5% of students provided their credentials. The email arrives following a wave of phishing scams that has targeted Wellesley students and faculty over the past few months.

The Information Technology department monitors for phishing attempts — fraudulent messages intended to steal money or sensitive information. Ravishanker explained that combatting these scams require significant resources from IT staff, even though the College has not experienced any direct financial losses due to phishing.

“Exactly what financial loss means is a question, because there are always issues that pop up where we in LTS need to invest time and effort to investigate, mitigate and mediate, remediate.That’s an investment in time,” Ravishanker said. “They try to get as much of your information as possible with the end goal of financially benefitting.”

Doug Chenzik, Cloud Services Administrator, described some of the most frequent scams students face. 

“The most common one for the students has been job offer scams where they are offering remote jobs or research jobs or some kind of job that sounds good with a really high value pay that’s kind of unrealistic,” Chenzik said. 

Individuals enticed by the prospect of high pay often are tricked into losing money.

“[Scammers] end up doing a thing where they give you a fake check of $5,000 to start and tell you to send $2,000 to some other scammer. And because of how financial institutions work, the fake check they send to the student bounces. But it bounces a week later, and then the student has already sent money,” Cheznik said.

One recent phishing scam happened on Oct. 7, in which scammers asked students to submit their passwords through a fraudulent Google Form. Students were prompted to provide their Duo two-factor authentication codes. The phishing email itself relied heavily on urgency and fear to pressure students into responding. It warned that unless “verification” was completed within a few hours, students’ email accounts and all associated data would be “permanently deleted.” 

The message also impersonated an official office, “Department of Technology Systems” and was sent from a compromised Wellesley account, making it appear to come from within the community.

In a student wide email, Cheznik advised students to act with caution after one such incident: “Please do not click on any links or fill out any forms related to these emails. Instead mark them as Phishing emails (when you are on the email, click on the three dots in the top right corner and choose Report Phishing).”

While no students are currently known to have fallen victim to this particular scheme, the scam is a reminder that scammers continually evolve their tactics to appear more convincing. They use official-sounding language, familiar tools like Google Forms, impersonate official offices (such as IT or Technology Services), send messages from compromised Wellesley email accounts to make their requests seem authentic, or scare tactics such as account suspension or data loss to pressure individuals into compliance.

“Scammers are generally looking to benefit financially,” Ravishanker said. “They may also want to use one compromised account to target others, increasing the number of vulnerable users on campus.”

Wellesley’s IT team encourages students to stay cautious and follow clear steps when encountering suspicious emails: to pause before reacting, verify the sender, and always forward the message to the Help Desk. In an email on Oct. 7, Nephellie Dobie, Assistant Chief Information Officer, reminded students that Wellesley will never ask one to share a password, Duo codes, or other sensitive information via email, text, or form. 

In addition, students are strongly recommended to complete the campus security education module

“Even if it feels repetitive, the module is valuable,” Ravishanker said. “It helps students understand what to do and what not to do, so they are better prepared to avoid falling for scams.”

 

Contact the editor responsible for this story: Lyanne Wang

View Story Comments
Print this Story
More to Discover
More in News
The Wellesley students who helped Mamdani win
The Wellesley students who helped Mamdani win
Photo of Eric S. Maskin
Nobel laureate Eric Maskin and leading scholars attend Wellesley’s mathematics and democracy conference
President Johnson delivering speech at Wellesley 150 State of the College address
President Johnson says Wellesley is fulfilling founders’ mission at the Wellesley 150 State of the College address
More in News & Investigation
Arkansas State Senators Breanna Davis (R) and Jamie Scott (D) speak about working across state lines at the Clinton Summit.
Is civility still possible in politics? These three lawmakers think so
Beth Israel Lahey Health - Clinton Summit - We the People: Finding Common Purpose
HRCC Summit Calls For Collective Action Across Differences
KPop Demon Hunters Wiki
‘K-pop Demon Hunters’ singer Andrew Choi reflects on the Netflix hit movie and Korean culture