Knowledge of online safety essential to combat e-mail phising

Following a pair of e-mail hacking attempts in January and February, knowledge of possible scamming tactics could help prevent students from becoming bait for online phishers, a representative for Information Security Services said.

University Technology Resources detected the phishing attacks on faculty, staff and students via the university e-mail system within two months of one another, said Barbara McClellan, an information security engineer. The close timing of these attacks means students should be more aware of how to prevent this problem, she said.

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity through electronic communication, such as e-mail, McClellan said.

“E-mails have been received by students that look like they’re coming from security here at TCU, and they have links in these e-mails that ask students to log in and check on your account,” McClellan said.

Upon clicking on the links, however, students are taken to a site that looks exactly like either my.tcu.edu or the Microsoft Outlook log-in page, she said. Phishers will then use the name and password entered into the fake log-in page to access the victim’s e-mail account and send out spam to other unsuspecting recipients, McClellan said.

McClellan said employees at Information Security Services knew something was amiss earlier this semester when a mass number of e-mails was sent from a single student account to other university accounts. Once the office figured out who had been phished, technicians changed the passwords of students who entered information into the offending link and the computer help desk reset their accounts, McClellan said.

There are ways students can tell if phishers are trying to hack into their university account, McClellan said.

First of all, she said, Information Security Services would never send out a link in an e-mail. The URL addresses of links included in fake e-mails are also different than the standard URL addresses used by legitimate university sites.

By looking at what’s between the first two forward slashes and the last single slash of the URL address, students can tell whether or not the Web site is a fake, McClellan said.

Students shouldn’t just worry about university e-mails, she said. They also need to be careful about responding to e-mails that appear to come from banks or other financial services.

“Students may receive something that looks like it comes from their bank with a link in it to click on,” McClellan said. “All of a sudden their bank account has been compromised.”

McClellan said students need to slow down and be cautious when it comes to e-mails regarding university accounts and personal information.

“Education is the biggest thing,” she said. “We just need to get people aware of what they’re doing while they are out on the Web or when they receive e-mails.”


Phishing: Basic Tips for Staying Safe

Never click on a link inside an e-mail or instant message- copy the address into a Web browser if you want to follow it.

When submitting sensitive information like usernames, passwords or bank account information through a Web page, always look at the address bar first and verify that it is secure.

When the university upgrades its computer or e-mail systems, technicians will never send links requesting that you login or enter your username and password inside e-mails.

Information Security Services will never request your username or password.

Fake Site: http://www.1025.ru/js/mail.tcu.edu

Legitimate Site: https://mobile.tcu.edu/owa/auth/logon.aspx

If you have any questions or problems, please contact the Computer Help Desk at ext. 6855.

Source: Information Security Services