New phishing scam reported

By The Elm - Feb 14,2019@12:00 am

By Cassy Sottile

News Editor

Washington College has been hit with another phishing scam.

The current scam is an attempt to gather user credentials in order to send out additional spam messages that appear to come from legitimate sources.

“In this case, once an account is compromised, that account sends hundreds of emails to other email addresses in an attempt to gather more credentials that might be used to access sensitive information or to just further the flood of credential gathering,” Systems Engineer Jesse Lamb said.

According to Lamb, phishing attempts happen daily, with most being caught by the anti-spam filters in place.

“Spammers’ attempts are amplified when someone falls victim. When a user falls for one of these scams, within minutes their account becomes another spam account, sending messages to anyone in their contact list,” Lamb said.

This phishing attempt is limited to email, but there have been phone scams at WC in the past.

“It is always important to verify the authenticity of anyone requesting personal information, whether it be username and password or financial in nature,” Lamb said.

Students should be cautious about all emails that come to them, even from people they know.

“If you receive an email that asks you to enter your credentials to access and you were not expecting an email of this type, it is most likely a scam. If you recognize the sender, check with them first to ensure they knowingly sent it. It’s possible they were unaware their account was compromised,” Lamb said.

The latest phishing attempt directed users to a .xyz domain, which is not a domain WC uses. The scam also used subject lines that referenced topics most users had emailed in the months prior.

“Don’t click on everything that is emailed, especially if it is in your junk mail folder. Any email that contains a link, check it and make sure it goes where it is supposed to,” Lamb said.

If an account is compromised, the student should change their password then contact the LAT HelpDesk. The HelpDesk will inform the systems team about the phishing attempt and initialize a logout of all the student’s active email sessions.

Lamb and the HelpDesk recommend using different passwords for different sites.

“If two passwords, for your email and maybe for your bank, are the same, the spammer now has access to financial information and could easily transfer funds from your account before you even notice your email has been compromised,” Lamb said.

If any student is unsure about the legitimacy of an email sent to their WC inbox, reach out to the LAT HelpDesk.

“While there will unfortunately be the occasional legitimate email that ends up in junk mail, if it is a scam email it’s best to just delete it. The spam filters did their job,” Lamb said. “For spam that was delivered to the inbox, students should use the ‘mark as junk/spam’ feature, which will help filter future spam as it adds to the filtering database to know what to look for.”

The Elm

Leave a Reply

Your email address will not be published. Required fields are marked *


In case you have missed it

In case you have missed it