Students have been received e-mails, claiming to be from the help desk, asking for their usernames and password. This is a fake e-mail that gets past filtering systems which can lead to a student’s account being deleted to protect other’s e-mail accounts.
Students should have recognized this as a fake e-mail and not reply to sender. Students could hit the reply key to see what the e-mail address is that the e-mail would be sent to in order to see if it is valid or not. It should be obvious in this case of asking for a password that the help desk, Res Net, and other WCU sources would not ask for a password over the internet.
Now on the Web site of logging into web mail, there is a warning informing students that they will never be asked for their passwords by the help desk. The students are also instructed not to reply to any of these e-mails.
The help desk has all students’ information, including their password. If there was a problem, the help desk could reset a password. No legitimate source, on or off campus, would ever ask someone to send personal information via e-mail.
If students did reply to sender, giving them their information, students should alert the help desk immediately. E-mail accounts become compromised once an outside source can access the account. After this, the Wcupa Webmail account will be deleted. The user will have a new account given to them.
Frank Piscitello, information security manager, explained that the only way to prevent anything like this happening again is to not respond to the fake e-mails. Students need to carefully read their e-mails and realize if it is a fake or not. Fake e-mails such as this one is considered a “phishing e-mail.”
If the persons seeking passwords and usernames obtain the information, they will be able to have full access to the students’ account. They could send out thousands of messages at a time to anyone else, not just to other wcupa accounts. They could check the students’ grades, change their schedule, but usually it is used to send out more messages asking for passwords.
Piscitello explained that sometimes nothing happened when a student replied with their information. Other times spam is sent to other users. The most common e-mail sent out from these frauds is that the student won the lottery in a country other than the United States. This should also be a clue to students, Piscitello added, that if they did not enter the lottery, or if it is outside the country, that the whole e-mail is phony.
The number of people sending these phony messages is unknown, but the number of people that they reach is great. For students that replied to the e-mail, believing it to be from the help desk, have suffered the consequences of another’s actions.
The help desk has a program that scans through all e-mails received each day to prevent from sending spam, virus, etc. Several messages will be quarantined, while some will slip by in the filtering system.
The filtering systems may take up to two to three days to figure out the pattern of the fake e-mails before it will recognize that it should be quarantined. In order to break the pattern, the messages altered slightly. This will break the pattern causing students to be able to receive the phishing messages until the pattern is detected.
Another reason for the e-mails being recognized as being fake is that the e-mails are sent to all users that are on “@wcupa.edu.” This means the fake e-mails are being sent to students and faculty members. Again, nobody should respond with their information.
In the first round of the fake e-mails being distributed, 30 students had replied with their passwords. The second and third time spaces that the mass e-mail was sent, there were very little problems with sending out information. Phishing e-mails have been received a few more times this semester than previous ones.
According to Piscitello, this has not really been a problem in other years.
When checking one’s e-mail, read carefully and never send personal information over the internet. Make sure that the e-mail appears to be trustworthy and make sure that the sender knows who the intended receiver is. If taking the proper precautions, students, faculty members and others should be safe from this fraud.
Ginger Rae Dunbar is a second- year student majoring in English with a minor in journalism. She can be reached at RD655287@wcupa.edu.