Search UT

How would you feel if you thought you had just submitted your tuition payment, only to find out the money didn’t really go to the University’s Bursar’s Office? You had mistakenly clicked on a look-a-like email and sent a semester’s worth of money to scammers, who immediately transferred it into an offshore bank account.

Probably a little panicked, right?

Students in an interdisciplinary Honors course this week explored this scary, possible scenario and others in a project dubbed “build-a-scam.”

For the project, students worked in groups to present hypothetical but realistic scams that could target an audience they know firsthand: college students.

They first dissected and analyzed, step-by-step, how real scams operate, said Anthony LaRose, one of the three instructors of the class, which encompasses lessons from criminology, communication and cybersecurity. Then, each presentation laid out scams made up by the students, like the tuition grab. Students explained the likely criminal offenses the scammer might face and provided cybersecurity and communication analyses of the evidence and messaging that cultivated trust with the targets.

“It’s a way to show how these crimes operate in the real world,” LaRose, associate professor of criminology and criminal justice, said. “It was important that the students look at them through criminology, cybersecurity and communication lenses, to help them see that these crimes aren’t just about technology — they’re also about communication and opportunity.”

In the “Bursar Bandits” example, the hypothetical scammer set out to steal students’ tuition money by sending a fake email that looked like the ones sent by the real Bursar’s Office, reminding students to make their payments. The fake email used a variation of the letter “A,” making the difference nearly undetectable with the eye alone.

If someone made a payment, a confirmation email would be sent to make the scam look official, and emails from the real Bursar’s Office would be blocked on the victim’s account to avoid derailing the scam.

Tyler Krizman ’29 said he loved the research aspect of the project, as research is something he wants to continue in his future career. He’s a marine biology major and is considering adding a psychology major to his courseload to be able to consider both disciplines in his work.

In another scam example, called “LinkDrink,” the student “scammers” proposed emailing a survey to students during midterms to win a free month of Starbucks. Once the hackers obtained personal information revealed in the survey, they would make small banking transactions into a crypto storage device, to go undetected. Ultimately, no one wins the raffle.

The scam, they said, would exploit trust in the University, as the contest would come from an email like the ones the University sends, and the scam would target students at a high-stress time.

Leo Surrillo ’29, who was part of the “Bursar Bandits” group, said that he thinks classes such as this interdisciplinary one are important.

“The combination of all three disciplines offers unique perspectives, and they all really bring a lot to the table. The opportunity to research them and see how they all connect with one another, it really helps you think critically,” he said.

“Especially now, in today’s current age where cybercrime and scams are so ubiquitous … I think that it’s a great opportunity for us to share what we’ve learned and how to educate other people in the different ways you can protect yourselves from these crimes.”