News, Trinity

Don’t Take the Bait: Phishing Emails Target Trinity Students and Prompt New Security Changes

by trinitytimes Views: 57
A Trinity Washington University student views a computer screen that indicates a hacked system in a Main Hall classroom April 27, 2026. (Trinity Times photo/Anette Perez)

By Anette Perez
Trinity Times Correspondent

When Trinity Washington University freshman and radiography major Genesis Sanchez received an email that appeared to come from another Trinity account, nothing about it seemed unusual at first.  

“Everything seemed so legit, until it asked me for my bank information,” she said. 

Sanchez had nearly fallen victim to a phishing scam that had compromised the accounts of dozens of Trinity students. Trinity student email accounts have faced numerous phishing attacks in recent months, most beginning in November 2025, with some attempts detected as early as August.

After clicking the link, Sanchez entered basic personal information, including her phone number. Soon after submitting the information, she began receiving text messages asking for sensitive financial information. 

Kevin Eade, a staff member in Trinity’s Technology Services department, said not much is known about where the emails are coming from, except that the person or group is most likely located in Romania, “a notorious area for hacking.” 

An “Open” sign hangs on the entry to Trinity Washington University’s campus Technology Services office in the Payden Academic Center March 4, 2026. (Trinity Times photo/Anette Perez)

Eade explained that Technology Services “automated rules to keep track of both internal and incoming emails that had certain similar characteristics to the phishing emails, such as the subject.”

This strategy allowed for the supervision of large volumes of suspicious email traffic across student accounts. 

“Multiple different VPNs (virtual private networks) were used and appeared to log in from multiple different states and countries,” Eade said. “Seattle, Denver, and Paris were some of the most commonly used locations, but there are many other spoofed locations that also appeared in our logs.”

After checking IP addresses, it was revealed that VPN connections, virtual private networks that create an encrypted tunnel between a device and the internet, were originating from somewhere in Romania. 

The U.S. Federal Trade Commission defines phishing as an online scam where attackers send messages that appear to come from trusted sources in order to steal personal information. The information gathered by the scammer is then used to open new accounts or invade the consumer’s existing accounts.  

Eade told Trinity Times the problem was detected after receiving reports from Technology Services’ ticketing system and from students forwarding suspicious emails to Technology Services asking for verification.  

Kevin Eade, a Trinity Washington University IT professional, diligently works in the campus Technology Services office in the Payden Academic Center March 4, 2026. (Trinity Times photo/Anette Perez)

When a student’s account gets compromised, the hacker uses the account to send emails to other students, ranging from fake job ads to threats of account deletion if the requested information is not provided, he said.  

The hacker, once they have access to a student’s account, will send out a thousand emails. When an account sends that amount of emails at one time, it prompts Google to flag and then ban the account, causing students to lose access to their email. 

“Every time an attack would happen, it sort of spreads like a virus,” Eade said. “Off the top of my head, I would guess 40 to 50 [accounts were compromised], but all the accounts are restored.” 

Some cases were especially concerning, including a student who clicked a phishing link more than 10 times, he said. In this instance the student did not respond to repeated warnings, and within hours their account was compromised and used to send mass emails.

In another case, a student regained access to their account only to unknowingly share their credentials again, resulting in two breaches in a single day, Eade said.

A Feb. 4, 2026 email from Trinity President Patricia McGuire announced the enforcement of two-step verification for all student accounts maintained through Google services. The enforcement began on March 8, and its purpose is for students to have an extra layer of security added to their accounts.  

Some universities have suffered greatly from phishing cyber-attacks to the point of being shut down for days or having to pay millions to fix the problem, McGuire said in the campus-wide email.  

“These are fake messages designed to get you to click on links that then wreak havoc not only on your email but on our systems,” she said. “These are very dangerous, and Trinity cannot afford to have our systems down.” 

Students at Trinity, like Sanchez, told Trinity Times that they believe two-step verification is helpful even if it means they are required to take an extra step to access their email.  

“I see it as helpful because that way, it prevents people from getting into your email,” Sanchez said. “It helps me feel more secure.” 

According to Eade, mandating the two-step verification was not the initial solution. When the issue first arose, Technology Services believed a campus warning would inform students and help prevent any more accounts from being compromised.

The first email to go out was on Dec. 2, 2025, which announced the issue and shared tips on how to safeguard accounts. Similar emails followed in the weeks after. 

But Eade said the warnings were not enough, and student accounts continued to be compromised. He suggested that many students may not prioritize email security. He also senses younger users often rely on easy-to-use applications rather than understanding the depths of systems.  

“I think it’s mainly like iPhones and iPads just being so easy to use that this generation doesn’t have to dig deep into and learn the systems,” he said.  

He also mentioned that phishing emails are typically distinct and often include various grammatical errors or slight differences in sender addresses. However, the errors are intentional. He explained that hackers are hoping for individuals who are gullible and include grammatical errors to “weed out the people who won’t fall for the scam.” 

This is a screenshot taken of a Trinity Washington University student’s email messages Dec. 30, 2025. (Trinity Times photo/Anette Perez)

If a student falls for the scam and clicks the link, Technology Services recommends immediately changing their password and reaching out and calling their department at 202-884-9811 or emailing them at HelpDesk@trinitydc.edu. After contacting the office, students can expect to have their accounts restored within twenty minutes.

Since enforcing mandatory two-step verification, Eade said no additional accounts have been compromised, but advises everyone to still remain vigilant as some hackers have resorted to texting a student’s cell phone number under a Trinity alias asking for the two-step verification code. 

“Trinity’s Technology Services department will never contact any student via text, and no Trinity employee will ever ask for your two-step verification code,” said Eade. 

Eade also recommends that students visit https://haveibeenpwned.com/. The site compiles known data breaches and allows users to check whether their information has been exposed.  

Strong passwords alone are no longer enough, Eade said, and poor digital security habits can make it easy for hackers to gain access to accounts.  

“If you’ve been hacked, and you don’t have access to your email, you can use a personal email to contact us,” he said. “We’ll still help you.” 

Trinity officials encourage students to remain cautious when opening unexpected emails or clicking unfamiliar links, and for Sanchez, the experience served as a reminder that even messages that appear legitimate can be deceptive.

Leave a Comment

Your email address will not be published. Required fields are marked *

*