University warns students of phishing scams

Several spam and phishing emails have been received by students over the past few months, including emails impersonating Blackboard, Inc,. the UConn Mail Service and, recently, an email with the attachment "Exclusive Important Announcement from President Susan Herbst." (Jason Jiang/The Daily Campus)

Students at the University of Connecticut should be on the lookout for phishing scams and spam emails and should avoid logging into unsecured websites or opening unknown file attachments, according to UConn’s Vice Provost for Information Technology and Chief Information Officer Michael Mundrane.

Several spam and phishing emails have been received by students over the past few months, including emails impersonating Blackboard, Inc., the UConn Mail Service and, recently, an email with the attachment “Exclusive Important Announcement from President Susan Herbst.”

University Communications sent out an email last week warning students not to open the attachment.

Spam and scam email victims have increased by 270 percent over the past two years. Common phishing scams pose as an accredited institution, such as a bank or a company, and attach a link in the email to a phony login site. Once users enter their information, the site steals the login and password, along with other information such as bank account numbers, Social Security numbers and credit card information, according to the F.B.I.

Phishing attacks have become more sophisticated in that they use specific information to lull people into a false sense of security, Mundrane said.

“Targeted attacks, also referred to as ‘spear phishing,’ use elements that typically signal authenticity - a familiar sender or copied website content - and can be more difficult for a recipient to quickly identify as spam mail,” Mundrane said in a recent email. “An example of spear phishing is the recent message that superficially appeared to come directly from President Herbst.”

It’s important for students to protect their passwords and be on the lookout for potential attacks, Mundrane said.

“The name/password combination acts like a fingerprint that identifies you,” Mundrane said. “If these credentials are compromised, you can be impersonated. You should not trust attachments from unexpected sources and you should be extremely careful following embedded links.”

Phishers and spam emailers are able to obtain student emails publicly, Mundrane said.

“Student addresses are not really secret and they are gathered up in a variety of ways. (Scammers) collect and maintain lists of addresses to target and then attack them,” Mundrane said.

UConn email addresses do, however, have certain guards against these emails, Mundrane said.

“The university's spam mail filters remove many of these messages before they enter inboxes,” Mundrane said.  “Any that pass are addressed with internal IT security processes as soon as they are identified.”

But students should be on the lookout for the few emails that do manage to slip through the filters, Mundrane said.

“Hovering over a link or an attachment usually produces additional information about what it is,” Mundrane said. “A document that looks like it has a name ‘something.pdf’ might actually be a file ‘something.exe.’ The former is something you view while the latter is a software program that you execute and is extremely dangerous. Running sketchy programs is a one-way ticket to computer infection and data loss.”

Though attacks are on the rise, the university is working to combat the scammers and protect students, Mundrane said.

“Phishing scams will continue,” Mundrane said. “In response, UITS will continue to develop more sophisticated resources and to explore technologies that will provide better protection.”

If you suspect you have been phished, call the UITS Help Center at 860-486-HELP (860-486-4357) or email them at helpcenter@uconn.edu. Suspected phishing reports should be sent to reportphishing@uconn.edu.  


Marlese Lessing is a staff writer for The Daily Campus. She can be reached via email at marlese.lessing@uconn.edu. She tweets @marlese_lessing.