Rutgers students sent phishing emails claiming to be from associate vice president, University says

Thousands of Rutgers students were sent malicious emails on Oct 31. from an administrator's email, asking students for personal information in exchange for grants.

The email, which was sent to approximately 3,200 students, only appeared in 40 student inboxes. The rest were discarded as junk, said Dory Devlin, a University spokesperson. 

“After the phishing messages were detected by automated alert systems and individuals reporting them, the compromised account was blocked, and other steps were taken to mitigate the situation,” Devlin said. “These steps include notifying affected ScarletMail users about the incident and directing them to reset their passwords.”

The email appeared to be sent from Bill Welsh, the University's associate vice president of Rutgers Access and Disability Resources. The subject line, titled “Approval Notice,” told students they were approved for a $9,250 Federal Supplemental Educational Opportunity Grant. Students were asked to log in using their school credentials to receive documents. 

The grant, which is real, only offers a maximum of $4,000 a year, according to the Free Application for Federal Student Aid (FAFSA) website.

“While Rutgers blocks hundreds of thousands of phishing, malware and unauthorized access attempts daily, attacks do sometimes get through,” Devlin said.

The University will never ask students for passwords or personal credentials in an email. It is unknown how the account was infiltrated.

Welsh did not respond to requests for comment. The University claims it is investigating the incident.