by Brittani Young
Staff writer
Phishing scams have been around since the 1990s according to Help Desk Director Shawn Ridenour. Phishing is a way to get access to bank and credit card accounts, but on campus this is just a way to spread large amounts of spam if a person gives out his or her information. Since the scammer is using a campus email, questions regarding bank and credit card accounts would be a sign that it scam.
Thomas Wines, a help desk information technology technician, explained, “Phishing is a ploy to acquire a user’s login credentials in order to exploit their account for their own use. Typically in the form of spamming other users in an attempt to gain access to their email accounts or other personal information such as social security numbers, credit card numbers, or bank account information.”
SE is not the only campus to be affected by phishing. Ridenour said college servers are popular because they can reach several people with very little effort.
“Businesses and other non-educational organizations are generally much more restrictive with how they manage internet access as well as their email servers. Therefore, they are often targeted less as an organization,” Ridenour said.
According to Ridenour, staff and faculty have had the most problems with the phishing on campus, but students have been affected too.
According to Ridenour, the scams have been on campus since 2009. Recently, The Help Desk has been sending out newsletters and emails to educate staff and students about the phishing scams.
Until recently, the last time the campus email was blacklisted was in October 2010. “Blacklisting of an email server simply means that it has been listed within a database of known servers that are actively broadcasting SPAM email to other email servers,” said Ridenour.
The scams work so well because they are hiding inside what seems to be a common email.
The No. 1 sign that the email is not from the Help Desk is that the Help Desk will never ask for your email and password. “I encourage students to be educated about the issue. The litmus test for what is or is not a phishing email is relatively simple. Do not respond when being solicited for your login credentials via email. If you keep this one important thought in mind, you will avoid being a victim,” said Ridenour.
A phishing email may say that your inbox is full and needs messages deleted, or someone has recently accessed your account. It may also ask you to follow a link.
There are two different ways to figure out if an email is fake or legitimate.
First, make sure the email is from an accurate source. According to Ridenour, for instance, if it were coming from the Help Desk on campus the address would be helpdesk.se.edu. Most fraudulent emails are addressed [email protected], or end with @admin.in.th.
The most successful phishing emails are fooling people by using an account named ‘Southeastern Oklahoma State University Webmail Administration.’ It is trying to get people to click the link provided in the email. Avoid this by emailing the Help Desk to make sure it is or isn’t fraud. Do not give any personal information to an unreliable source.
The second way is to check where the address is at the bottom of the email. If it is from anywhere, but from where it should be; assume it is a fraud. For example, if the address in the inbox that is seen before opening the email is different from the address in the email itself avoid filling in the information it is asking for.
“I would strongly encourage students to be aware that phishing scams are commonplace and falling victim can have real consequences,” said Ridenour.
Countermeasures are in effect to stop the scams. “The University is now enrolled in an online service provided by Microsoft which blocks compromised accounts from blasting other email servers with spam. This countermeasure will help prevent our email server from being blacklisted. Blacklisting prevents our email server from being able to deliver email to other email servers hosting accounts such as: @hotmail.com, @msn.com, and @aol.com,” said Ridenour.
“Implementing a countermeasure to mitigate the blacklisting issue has been Network Operations primary focus over the past week and a half and those efforts will greatly benefit Southeastern,” said Ridenour.
Network Operations is trying to prevent the Southeastern email server from being blacklisted. However, it is not blocking all phishing emails.
Ridenour said, “Therefore, do not perceive the implementation of this countermeasure as a reason to let your guard down. Though this countermeasure should greatly reduce the impact to the University from users providing their login credentials to a phishing scam, it does not lessen the users shared role in the security of our network.”
Ridenour would like to thank everyone for support. “All of Southeastern’s IT professionals greatly appreciate your diligence and dedication to being educated about these phishing scams.”