Scam e-mail sent to students

Written By TSC Archives

By Mary Georgevich


A scam message from an scu.edu e-mail address requesting e-mail passwords and other personal information caused confusion for students and faculty members late last quarter.

The message stated that e-mail accounts would be deleted if the owner didn't reply with their e-mail address, password, date of birth and country. Information Technology was able to catch on to the scam through several forwards from Santa Clara community members who found the message suspicious, and IT posted an alert on its Web site and a campus-wide e-mail warning on March 7.

Director of Information Technology Carl Fussell warned students to be smart and cautious with their private information online.

"Never, ever respond to a request for personal information by e-mail," Fussell said.

Phishing, or attempting to trick people into sharing sensitive information by posing as a trustworthy entity in electronic communication, has been on the rise and become more sophisticated in recent years. Scammers elicit personal information and use it to access private accounts and more personal information, steal money, plant viruses or send out more fraudulent e-mails, which Fussell said was probably the case in the recent scu.edu e-mail scam.

A common method is posing as a bank or Web site that handles financial information. However, personal information should never be shared through e-mails, Fussell said.

"Legitimate companies will not ask for information electronically," he said.

Fussell said the university is aware of the issue of phishing e-mails, but there is not much it can do, due to the fact that many spammers will send e-mails on weekends and holidays, when IT is not able to react.

"This stuff happens at a lightening pace," Fussell said.

The spam filters catch a lot of these types of e-mails, but this particular one did not have any buzz words that the filter usually catches.

He said one option for controlling the scammers is to put a block on outgoing e-mail messages to that e-mail address. This method helped one GroupWise user when one message was successfully blocked, Fussell said. The message is placed in quarantine when it is blocked.

Another option is blocking e-mails from that address.

"We can block any further messages coming, so if any more spam comes from this site, from this spammer, they won't get through," Fussell said.

Once the spammers have an e-mail password, they have access to that e-mail account. They can also then use that e-mail address to send more spam.

"It's a very large front door into your personal life," Fussell said. "Now they've got complete access to your e-mail."

E-mails from a known domain name are not necessarily trustworthy, either, Fussell said. "By way of example, I sent an e-mail to my nephew from darthvader@theforce.com. Almost anyone can fake an e-mail address."

Many people forwarded this particular phishing e-mail to IT, which Fussell said is encouraging.

"People are beginning to understand and to use caution and care when these things come in, and not just respond," Fussell said.

Contact Mary Georgevich at (408) 554-4546 or mgeorgevich@scu.edu.

TSC Archives
Previous

Taking Zen meditation 'off the cushion'
Next

Two water polo players arrested for burglaries