By: Aisha Marilyn Abdulbary-Knotts | Staff Writer
In the days leading up to spring break and continuing throughout the week, students at the University of Lynchburg experienced a noticeable increase in suspicious emails flooding their inboxes. What may have seemed like a poorly timed inconvenience is part of a larger national trend targeting college campuses.
Rishona Protzman ’27 said she was locked out of her school email after falling for what appeared to be a legitimate message.
“I got locked out of my school email account on Tuesday the 3rd after getting an email on Monday, supposedly from the counseling department, requesting that a form be filled out,” Protzman said. “After that, the entirety of my spring break was spent trying to contact IT to fix the issue. It took two hours on Monday to ultimately resolve the issue, but I’m still frustrated that it happened, given that this isn’t the first time someone has dealt with identity theft through their school email.”
“We are currently seeing a significant rise in sophisticated phishing campaigns targeting universities nationwide,” said Brian Hudson and Bryson Childress, the university’s chief information officer and deputy CIO, manager of user support. “According to the Kymatio 2026 Phishing Benchmarks report, which analyzed data from late 2025 through early 2026, the education sector has experienced a 224% surge in targeted scams.”
The timing is not a coincidence. Break periods, when students are traveling or less likely to closely review emails, are prime opportunities for cybercriminals. Many phishing attempts are designed to look like legitimate university communications, making them increasingly difficult to recognize.
In response, the University of Lynchburg IT team has taken steps to protect the campus community. “The University of Lynchburg IT team is working diligently to counter this wave by using the enhanced phishing and spam filters provided within our Google Workspace domain to identify and block malicious links as they appear,” Hudson and Childress said.
Still, even advanced filters cannot catch every threat. That is why student involvement plays a critical role in campus cybersecurity.
“Another helpful defense is student reporting of suspicious messages,” they said. “When phishing is reported to the IT Helpdesk, it helps the IT team block that specific link for the entire campus within minutes.”
As phishing tactics become more advanced, the university is strengthening its defenses. All students, faculty and staff are required to enable two-step verification on their university Google accounts by May 31, 2026.
“This is the single most effective way to ensure that even if a password is stolen, your account remains secure,” Hudson and Childress said.
Some students may experience temporary account lockouts if suspicious activity is detected, but university officials say this is a precautionary measure to protect personal data. Anyone who encounters issues accessing email, Moodle or MyHive is encouraged to contact the IT Helpdesk for assistance.
As students return from spring break, officials urge everyone to remain vigilant. Avoid clicking unfamiliar links, verify senders and report anything suspicious.
With phishing attacks on the rise, awareness remains key, and staying alert can make a difference.
