Phishing scams catch campus
By Micah McVicker | Staff Writer
Information Systems and the Literacy Information Outreach Team are proactively spreading the word of the dangers of phishing. According to the Anti-Phishing Working Group’s Web site (antiphishing.org), phishing is “the practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking e-mail with the real organization’s logo, in an attempt to steal passwords, financial or personal information or introduce a virus attack.”
According to Jeff Russell, chief information officer, phishing can be avoided by ignoring suspicious e-mails.
“The biggest danger is, if someone responds to a phishing attack, their account is compromised,” Russell said. “Which means someone else has their name, user account and password.”
Phishers are not typically trying to steal anyone’s financial information. Instead, they seek to promote their company by artificially increasing hits on their Web site.
“Phishing is usually about hijacking your account and using it to process e-mail from someplace to someplace else in very large quantities,” Russell said. “It looks like it’s coming from that student’s account and they’re using it a lot, which raises hits. Subsequently, a search engine like Google or Yahoo is going to have them [the fake Web sites] more likely on their first page of the search result.”
Web site hits are not the only determining factor in the order of sites in search results. And, according to Russell, different search engines work slightly differently.
“To give you the most highly sought after match for your search, the number of words that searches and the use of metadata are other ways,” Russell said. “Metadata are the hidden tags inside of a Web site. If I was looking for red bicycles in Flickr, I’m getting more volume because I’m going to get as many pictures with red bicycles.”
Falling victim to a phishing attack contains significant ramifications for the e-mail networks, especially if the e-mail server is less expectant of receiving thousands of e-mails in the span of a few hours.
“If a student or a faculty member falls for a phishing attack, the way our network is set up is [that] as soon as we see that volume of mail go through the roof, we shut off your account,” Russell said. “In a matter of an hour, it takes us that long before we see that volume. That can be pushing anywhere from 15,000 to 20,000 e-mails through one account.”
Russell said that this inundation of e-mails through one account has four major ramifications.
“One, it absorbs our bandwidth, on and off campus. Two, you are no longer the owner of your account. Three, it swallows up a large portion of our Internet connectivity. Four, it gets us blacklisted at search engines because it looks like we’re spamming them.”
Information Systems, in conjunction with the Literacy Information Outreach Team, posted phishing signs throughout campus. Francesca Busch is the interim director and manager of public and outreach services.
“The phishing posters were placed around campus to help raise awareness about the problem of phishing e-mails that try to trick people into giving out their passwords or other account information,” Busch said. “The posters call attention to this cyber crime and direct people to an informative IS Web page that goes into more detail about how we can detect phishing and protect ourselves from it.”
More information on phishing and internet scams is available on the Information System’s Web site.