The University of Connecticut’s Information Technology Services (UITS) warned students to protect themselves against the multiple anonymous phishing emails many have received in their uconn.edu inboxes.
“We will be Shutting Down your Account due to suspicious Activity and Login from a Different IP with your Account which have made us take this decision to safeguard your Account,” the email reads. It then gives a link and says students are required to click on it within 24 hours to avoid their account being shut down.
Jason Pufahl, UConn’s Chief Information Security Officer, said UITS is aware of these emails and of other phishing scams.
“UITS has a robust set of commercial tools to combat spam and phishing email. These tools block over 90 percent of all such emails sent to the university. Unfortunately, attackers are continually evolving their tactics and techniques and are occasionally able to send email that effectively bypasses our controls,” Pufahl said.
Pufahl said UITS takes steps to block messages that circumvent their controls from inboxes and renders any links contained within the message inactive. However, he said many of those messages are sent out en masse and are in students’ inboxes before they can be blocked.
Pufahl said the tactic the attackers employed in the phishing email is fairly common.
“They use social engineering strategies to create a sense of urgency and motivate people to click links,” he said.
Pufahl said UITS encourages students to take an active role in protecting themselves and their data. He also reminded students that UITS and other university organizations will never send unsolicited requests for UConn credentials or other personal information.
“Do not click on a link embedded in a message and enter personally identifiable information, whether it is in your personal or university email account,” he said.
Students spoke on their reactions to the emails they received and how they handled the situation.
“I got two [emails], one in August and one yesterday. When I first saw it I was a little worried and I asked my friend about it. He told me to copy the link that was posted and send it to him, but not to open it. The link was clearly not linked to UConn, so I sent it to the trash. I hope no one opens it, who knows what it’ll do,” said third-semester animal science major Mitchell Bragoni.
Seventh-semester history and anthropology major Tim Das said he forwarded the emails he received to the Federal Trade Commission (FTC).
“This is at least the second time I’ve gotten one threatening the imminent shutdown of my UConn email address. Whenever I get one I forward it to firstname.lastname@example.org to forward it to the FTC,” Das said.
Das said though he’s never received a reply from the FTC, he has never gotten a scam email from the same fake person twice.
“I assume they do something with the information, but they’ve never told me about it,” Das said.
The UITS website offers steps students can take to recognize and report phishing emails. It says to look out for emails that contain links, attachments, urgent requests, bad spelling or grammar and/or unexpected requests regarding personal information.
“Always be suspicious of any email with these characteristics. UITS and other University organizations will not send unsolicited requests for UConn credentials or other personal information. In general, you should never volunteer confidential or personal information based on any contact that you did not explicitly initiate,” the UITS website says.
If you clicked on a fraudulent link, the website says to immediately change your email password, review your account statements and activity and run a virus scan on your computer to identify and remove any potentially harmful software the virus downloaded onto it.
Students can report phishing emails by forwarding them to email@example.com. If they do click on a link and provide their NetID and password, they should immediately change their password. The UITS Center can provide assistance and answer any questions.
Gabriella DeBenedictis is a staff writer for The Daily Campus. She can be reached via email at firstname.lastname@example.org.