Phishing for your information

Dara Fill­more — The Stinger

Some phish­ing emails are made to look authen­tic, but the poor spelling, vague facts and often bizarre rea­son­ing should be a give­away that this is a fraud attempt.

Spam­mers can jam up e-mail, attack and take over accounts, steal credit card infor­ma­tion and has­sle UWS stu­dents. Phish­ing attempts like these are sent to stu­dents every day. But there are ways to keep spam­mers from tak­ing more of your time.

Accord­ing to UWS Direc­tor of Tech­nol­ogy Infra­struc­ture Ser­vices Tom Jan­icki, a spam­mer can be any­where in the world, and can find any email address that has been posted on the Inter­net to send junk mail. If a spam­mer sends out hun­dreds or thou­sands of e-mails, he or she is bound to have some responses. If a per­son receives a spam e-mail and replies with per­sonal infor­ma­tion or clicks on a link, the spam­mer then knows the e-mail address is active, and can gather more information.

Once the account is com­pro­mised, the spam­mer can send more emails; often those e-mails that may look like actual tech­nol­ogy ser­vices updates or other “help­ful” infor­ma­tion and can ask peo­ple for more per­sonal data. This may include ask­ing for names, pass­words, addresses, credit card num­bers and even bank­ing infor­ma­tion. Some will even send an e-mail from which a stu­dent might choose to “unsub­scribe,” but if you never signed up to receive that type of e-mail in the first place, click­ing to unsub­scribe may give the spam­mer infor­ma­tion you don’t real­ize. If the spam­mer gets any of this infor­ma­tion , he or she can take over the e-mail account, send­ing even more spam, or can use the infor­ma­tion taken to make pur­chases on credit. Of the 15,000 to 30,000 e-mails sent every day on UWS e-mail accounts, 80 per­cent is spam.

The spam­mer may pose as a trusted per­son, such as tech ser­vices, and might say that the e-mail account has run out of space,” said Jan­icki. From there, he pointed out, it’s up to the stu­dent to take ini­tia­tive and do one of two things. Either delete the email with­out respond­ing, or for­ward the email to the UWS tech ser­vices help desk (

Joe Kmiech, direc­tor of tech­nol­ogy sup­port, said that for­ward­ing phish­ing emails to the help desk will help UWS stu­dents receive less spam in the long run. Once the help desk knows about each new issue that arises, they can get started on block­ing that spam­mer from the sys­tem so it is harder for them to con­tinue try­ing to take advan­tage of stu­dents. But if the stu­dents give spam­mers any info, they will have a lit­tle work to do.

If stu­dents give away their e-mail infor­ma­tion, the spam­mer can set up rules in the account so the stu­dent won’t be able to see it,” said Kmiech. “Then the spam­mer can send e-mails that don’t go to sent items and the stu­dent has no idea what is hap­pen­ing. We get a list of accounts to lock out because of this, and then we can make con­tact with the stu­dents or fac­ulty, edu­cate them on what is hap­pen­ing, and get them up and run­ning again on a new account.”

Another type of e-mail that many UWS stu­dents con­sid­ered spam was the polit­i­cal e-mails sent to stu­dents lead­ing up to the Novem­ber elec­tion. Accord­ing to Jan­icki, these e-mails are con­sid­ered legit­i­mate, and the school has no inter­est or right to block them. He did think that the polit­i­cal cam­paigns must have had a lot of extra time and fund­ing on their hands to be able to har­vest so many stu­dent e-mail addresses and send dona­tion requests. Stu­dents who wish to opt out of receiv­ing polit­i­cal e-mails can learn how to block cer­tain types of e-mails if they would pre­fer not to receive them.

Kmiech and Jan­icki both work hard at giv­ing UWS stu­dents and fac­ulty the resources to know how to deal with issues that arise in cam­pus e-mail accounts. “You can whitelist, black­list — you can train devices to start block­ing cer­tain kinds of e-mail,” said Kmiech. He said that tech­nol­ogy ser­vices at UWS has not and will never ask any­one to sup­ply any per­sonal infor­ma­tion, like a user­name and pass­word, by e-mail. Any e-mail request­ing that infor­ma­tion is a fake. “The whole cam­pus has to be obser­vant,” said Kmiech. “We want to help edu­cate fac­ulty and stu­dents because e-mail users are our first line of defense against phish­ing attempts and spam.”

Print Friendly