Phishing scams hit UCCS student email inboxes

Email scams are a constant in the digital world, and vigilance is key — even when checking a UCCS Outlook inbox.

Students may have recently received a phishing scam from someone pretending to be a UCCS professor. The email came through student email accounts with an offer for a potential job.

UCCS information security officer Neil Kautzner recommended that students be wary of email job offers that seem too good to be true or offers that ask the recipient to give something in return.

“We don’t give away student emails to any companies, any third party vendors to help get students jobs. So if you’re getting an email saying, ‘Hey, I want to give you a job,’ be very wary of that, because it can lead to bank accounts being compromised,” he said.

“We try to mitigate as much of the spam as we can,” Kautzner said. “We use Office 365 … so it’s all based off of their filtering, like their spam filtering and phish filtering.”

Phishing is when someone uses an email from an address disguised as a legitimate company, to extract sensitive or personal information from the recipient. This could be bank account, credit card, or personal information that can be used to harm a victim.

Kautzner said that within the last 30 days there were 4 million inbound and 421,000 outbound “good” emails in the UCCS system. However, there were also 170,000 inbound and 578 outbound phishing emails.

Kautzner explained that those outbound phishing emails could have been sent from compromised student emails.

Successfully blocked phishing emails accounted for about 4% of inbound emails in the UCCS network, not including traditional spam emails. Microsoft blocks many phishing emails but does not filter all of them, according to Kautzner.

“Phishing will get through,” Kautzner said. “It’s inevitable, because some of them are crafted very carefully and they’re very clever. They actually use good grammar, so it makes it harder for Microsoft to block them. We can’t see all that … that’s a lot of email for us to look at.”

Kautzner believes it would be a waste of a full-time employee to hire more people to manually check inbound emails. “I don’t think that’s a great use of time for somebody.”

There are some upcoming awareness programs and trainings for students and staff about online safety. Kautzner said that further information will be sent via email.

Anyone who receives a scam email can report it by right-clicking it. Students can also send reports of suspected dangerous emails to [email protected]. Students can find more information at the Office of Information Technology website.

Photo courtesy of titus.com.