University e-mail fraud threatens student security
DoIT advises students on how to protect their Internet identity.
Aug. 27, 2010
An increase in fraudulent e-mails coming through MU accounts has created concern for both the Division of Information Technology and students affected by the scam.
In an e-mail sent to all student accounts, DoIT warned against e-mails claiming “to be from IT support or a ‘system administrator’ and attempt to deceive you into disclosing personal information.”
The e-mail was sent in response to a recent phishing scandal affecting a number of student accounts, DoIT Director Terry Robb said.
“Some people fell for the trick and managed to give the bad guys some information,” Robb said. “There’s nothing the university can do to stop that.”
New students setting up their university e-mail accounts are more vulnerable because a barrage of IT e-mails covering university technology are received, Tracy Perkins, Mid-Missouri Internet Crimes Task Force detective, said.
“With the new school year coming around, more and more people are going to be vulnerable to fall for these types of scams,” Perkins said. “It’s amazing how many people do.”
Although phishing attempts coming from professional scammers can be hard to prevent, the final outcome of the incident is dependent on those who receive fraudulent e-mails. DoIT is not solely responsible for providing Internet security against scammers, Perkins said.
“I think everybody, not just IT, but as a public in general needs to be more aware of their passwords and protecting their personal information,” Perkins said. “A lot of people are too relaxed about it and are vulnerable to give out information that they think is OK to give out.”
Oftentimes, the best action to take against a phishing scam is to do nothing at all, Perkins said.
“A lot of people have a tendency to want to respond back or say something, and that is actually sending the person a flag that it is a legitimate account,” Perkins said. “If you don’t recognize who the sender is, immediately delete it and don’t even attempt to open it up.”
Robb concurred and offered a simple solution for confronting phishing attempts.
“If it looks to the reader like legitimate e-mail, they might fall for it, but they have to remember that no one is going to ask you for your password,” Robb said. “No one legitimate is ever going to ask you for a password or bank account number or something like that in an e-mail.”
Such a direct approach to phishing attempts will cut down on future incidents, provided students are vigilant in withholding their personal information, Perkins said.
“As a society, we need to be more aggressive in how reluctant we are to get rid of those types of e-mails,” Perkins said. “Public awareness is a key issue to all this, and IT is trying to help, but I think overall it falls back on the public.”
Robb also had this advice for avoiding potential security threats.
“If you get an unsolicited e-mail, do not trust it, especially when it’s asking for personal information,” Robb said. “E-mail can be a very dangerous tool.”
In the wake of the recent phishing scam, DoIT is working to combat the scammers, offering Internet safety tips to generate awareness among students.
“Check our website and stay educated,” Robb said. “Phishing scams are never going to stop.”