Measures in place to combat phishing

By The Elm - Mar 21,2019@12:38 pm

Scam_MarkCooley (1)

By Felipe Hendriksen

Elm Staff Writer

Phishing scams continue to jeopardize students’ email accounts at Washington College.

According to Systems Engineer Jesse Lamb, “Phishing is an attempt by unauthorized persons or entities to obtain sensitive information such as usernames and passwords.”

Its purpose is to give the criminals information they can use.

“They just need your Social Security number and your birthdate to open a bank account and get credit cards in your name,” Programmer Michael Rankin said.

Phishing scams, according to Director of IT Infrastructure Dave Barr, are nothing new.   

“This is a problem that email systems administrators, the FBI, and the FTC have been dealing with for years,” Barr said.   

Lamb said phishing attempts increase exponentially once someone has fallen victim to one of them.

“Scammers systematically attack us, and they only need one door to enter. All it takes is one click. It’s a constant battle, and the scammers can do anything they want to once they’re in,” Rankin said.   

Students aren’t the only ones in danger. President Kurt Landgraf recently had a personal phishing experience at Washington College. Landgraf said he received an email that seemed to be from a known contact of his, but this was the criminals’ doing.

“The sender name and email address appeared to be legitimate, as did the subject, but the only content of the email was a notice that a secure message needed to be downloaded,” Landgraf said.   

According to Rankin, every link in a phishing email is dangerous. So, even when Landgraf didn’t give the scammers any sensitive information, just by clicking on the link his account ended up sending automatic emails to his entire address book, thus potentially compromising other users’ accounts.

“I sent all such recipients an email warning them not to click on the link in the email from my account, and to delete the message they received,” Landgraf said.

According to Barr, “there isn’t a ‘magic program’ that can completely secure the email system from phishing schemes,” and the College constantly monitors phishing scams and uses spam and phishing filters to secure the students’ accounts.    

“We have implemented more stringent Anti-Spam and Anti-Phishing filters in Office 365 and enabled Anti-Spoofing to help prevent email spoofing where an email appears to come from a Washington College member but actually comes from a spammer,” Lamb said.

Nonetheless, being responsible and conscious of this ubiquitous threat is the most effective way to prevent being scammed via email.

“We each need to take the time to learn to recognize phishing attempts and to not ‘click’ on the link giving up valuable information or providing a platform for hackers to utilize your resources to further their objectives,” Barr said.

According to Rankin, students should know how the College works. 

“We never ask for your password. If we need you to log into your account, we will ask you to enter your credentials in the College site; we will never send you a link,” Rankin said.

According to Lamb, Washington College will never ask for your username and password via email.  “The College periodically warns all email users that they should never provide their username and password on any site linked to in an email message,” Landgraf said.

Despite these efforts, there are two popular types of phishing emails that students keep receiving.   

“You may get an email where they ask you to reset your password because it has expired, but instead of making you go to the College secure site, they make you click a link and then you’re done. You may also get an email where ‘the College’ asks you to reconnect your account, but we never do that,” Rankin said.

To avoid falling prey to these scams, do not open suspicious, unrequested emails, and always report them and delete them immediately.

The Elm

Leave a Reply

Your email address will not be published. Required fields are marked *

 

In case you have missed it

In case you have missed it