A wave of phishing attacks has caught the attention of Miami University students and staff in recent weeks.
According to Joe Bazeley, information security officer, the university typically sees one or two of these scams each month. But Miami e-mail accounts were bombarded with three different attacks in the one-week span between March 25 and April 1.
Cathy McVey, senior director for strategic communication and planning, said the first of these, which claimed to be a sweatshirt giveaway, was convincing because it borrowed wording from a legitimate university e-mail.
“The first one was a concern because it used the same language as Housing, Dining and Guest Services used in December,” McVey said.
Another e-mail told students their mailbox quota had been exceeded. After clicking a link, students were prompted to give their UniqueID and password. McVey said legitimate university e-mails would never ask for a student’s password.
Bazeley said there would have been no way for a student to know the first e-mail was fraudulent until they clicked the link.
“It pretended to be a Miami site but it was hosted outside Miami,” Bazeley said.
While the fact that the site was hosted in the Netherlands was a red flag, Bazeley said some university surveys actually are hosted outside Miami. He said because it is difficult to tell what is legitimate, students should be careful when they click these kinds of links.
“If anyone has any questions at all about an e-mail they have received, they should call the support desk,” Bazeley said.
When a student reports a questionable e-mail, the support desk will respond to the individual to let them know if the message is legitimate. If the message is illegitimate, they post information about the scam as a Blackboard announcement.
Bazeley said he advises students to be wary of any offer that sounds too good to be true.
“The number one thing is just to be skeptical,” Bazeley said.
If a student accidently gives out personal information, Bazeley said the proper course of action depends on the type of information.
He said in a case like the recent phishing scams in which a student gave out their password, the student should change not only their password but also their secret questions.
If credit card numbers or social security numbers have been given out, IT services refers the individual to outside resources.
McVey said recognizing scams is harder now than in the past.
“It used to be obvious,” McVey said.
Misspellings and improper grammar along with suspicious word choices made it easier for people to notice if an e-mail was unsafe.
“Now, the phishers are getting smarter,” she said.
McVey said students who have clicked on a bad link or given away personal information should contact IT services whether or not they notice problems. Problems that result from these kinds of scams include identity theft, malware and spyware and e-mail spoofing.
She said Miami has a system that shuts down a user’s e-mail account if an excessive number of e-mails are being sent from their address.