Phishing: Becoming a Problem for Daemen Students
By Emily Stoll
WARNING—Your account will be deactivated if you do not send your username and password to this email by this date. Or at least that’s what they want you to think.
Phishing—or the use of fraudulent emails to steal information and accounts—has recently become a problem on Daemen campus. The most recent campus-wide scam, sent out on February 25, caught more teachers in its trap than students, though. And, according to Chris Pack, the Systems Administrator for Academic Computing Services, the problem is nonstop and will not just go away.
So how can people protect themselves from this theft?
There is no method that is a hundred percent guaranteed to tell you if an email is phishing, but the most important thing to remember is that no accredited organization should ever ask for your passwords or private information. If this happens, it is likely a scam. This is true for non-school related accounts as well.
“If you pay attention to wording and spelling,” said Pack, you should be able to tell. Oftentimes the spelling and grammar is terrible and the tone of the email just feels wrong if you take the time to actually read instead of skimming. Some try to fool the targets by stealing logos, using formatting from official sources, and even putting in warnings about computer security for good measure.
Also be sure to pay close attention to who you are communicating with. Who sent you the email, and who are you sending your response to? Often, the phisher will ask you to respond to accounts that are not even from Daemen. “Why would I send my information to a yahoo account?” Pack asked. It simply does not make sense to send private, sensitive information to an unofficial account. And don’t always trust the hyperlink; it can be easily faked by anyone with basic html coding skills. Make sure that you actually look at the address the email is being sent to after you have clicked to compose it.
When in doubt over whether an email is spam, delete it. If you leave it, you may be tempted to respond later or respond without thinking. If you receive one of these emails, there is a “report spam” button right next to the “delete” button. Google is generally good at sorting the spam out, according to Pack, but it certainly isn’t foolproof.
Rotating your passwords is also important. Many people use the same username and password for everything—Facebook, email, iTunes, and many others. This makes it easier to remember, but has a definite drawback in that compromising one account compromises all of them. Using variations of the password is a better idea, and passwords should be changed approximately twice a year. For those who have trouble remembering multiple passwords, there are many password managers, some free and some that cost a bit, which will store all of the information safely on your computer or iPhone or iPad or other device.
One typical scare tactic phishers use is the threat of “account deactivation.” For your Daemen email, the only times it will be suspended or deactivated are for academic and disciplinary reasons, if account activity warrants suspicion of spamming or scams, or for graduating seniors. When you are to graduate, you will be sent several emails telling you that you must respond if you wish to keep your Daemen email address; otherwise, it will be deleted (Note that the school does not use the term “deactivate.”). Even in this case, it does not ask for your information. The only response necessary is a simple “yes” or “no.”
The only automated emails the school sends will be from Smart Squad—Daemen’s technology help desk—regarding a computer you have left with them. This email will give you a case number and tell you to use that in the subject line of all emails on the matter of that computer.
If you do have the bad luck to respond to a phishing scam, email email@example.com or firstname.lastname@example.org and let them know what has happened. Then send a copy of the scam email and change your passwords. If you have given your Daemen credentials, your passwords will be changed and Academic Computing Services will look into the matter. If this happens, you cannot have your old password back.
In the end, protecting yourself from phishing scams comes down to reading carefully, using good judgment, and making sure that your information is coming from a trusted source. While there is no surefire way to pick out a scam, knowing what to look for will help you to determine what is and is not.
To protect yourself:
·Read everything—no skimming!
·Be mindful and think it through before you give away your information.
·Check who the email is coming from.
·Check who you are sending the reply to.
·Change passwords every six months.
·Don’t use the same password for everything. (But it is okay to use a variation of the same password.)
·Use an 8 character minimum for your password, mixing upper and lowercase and adding numbers. Do not use ‘password,’ ‘username,’ or variations of those in your password.
·When in doubt, delete it.
·Don’t panic if you see the word ‘deactivate’; more often than not, this is a scare tactic to make you hand over your passwords without thinking first.
In the event that you respond to a phishing scam:
·Email email@example.com or firstname.lastname@example.org and let them know that you think you have responded to a phishing scam.
·Send a copy of the scam email to email@example.com or firstname.lastname@example.org.
·Change all of your passwords.