December 5, 2017
Email can be an important form of communication at UCCS. Students and staff rely on it as their primary way to connect with one another and to receive news and alerts from the university. However, this form of communication can be compromised by outside sources.
This semester, the Office of Information Technology posted over 20 alerts in order to warn students of mass phishing attempts in their UCCS email accounts.
“Phishers” target people by fabricating email accounts and messages that appear to be official in an attempt to obtain personal information. The phisher’s goal is to redistribute the information gathered from the student’s responses.
During this fall, emails sent by senders without a UCCS email urged students to login to seemingly university-affiliated websites in order to obtain sensitive information such as usernames and passwords.
Phishing attempts can be often recognized by spelling and grammar errors throughout the message and email addresses that only slightly diverge from that of legitimate ones.
Tom Conley, information security officer in the Office of Information Technology, assures that this semester’s phishing attempts are not measurably greater than in the past. UCCS is taking measures to prevent further phishing, according to Conley.
“It’s not a good situation, but no worse than it ever has been,” said Conley.
The Information Technology Help Desk encourages students to delete non-threatening phishing attempts. However, Conley suggests that all UCCS email users become familiar with what a phishing email commonly looks like.
“Just remember a legitimate email will never ask you to log in to anything, unless you are the initiator. Also, no one is going to offer you a job. There is no such thing as surpassing an email quota, and you did not win the lottery,” said Conley
Phishing is different from email scams because email scammers are typically after the victim’s bank information, while phishers are after information gathered when the targets log into a web page that closely imitates the UCCS homepage.
Although spam filters are fairly successful in protecting users, phishing emails will occasionally make it through to the primary inbox. At this point, the phisher has their highest opportunity to gain the victim’s personal information.
Information Technology is working on a system that will combat the mining of university student directories, according to Neil Kautzner, IT security analyst. With the new process, phishers will have a more difficult time hand-picking victims.
The department is also working on a multi-factor authentication system that will require two forms authentication when someone tries to login to a UCCS email account.
“These sorts of technical advancements help control the phishing attempts,” said Kautzner.
Students can report suspected email phishing by copying the questionable message in the body of a new email and sending it to the IT Help Desk at email@example.com.