Originally published Aug. 25, 2013
Internet users with Grand Valley State University email accounts have recently been targeted in a series of phishing incidents wherein recipients are requested to divulge personal information to unknown senders.
What Director of Information Technology Sue Korzinek called a “constant battle” has been going on since the summer semesters. Korzinek said the IT department has responded to many phishing incidents, with 15 of them having occurred since July 22.
The scammers create misleading GVSU email accounts to deceive recipients into thinking that they are university officials, and then they ask recipients to follow a link to a different website to supply personal data.
Korzinek said the people behind the fake emails try to collect personal information to gain access to other accounts.
“The more you answer, the more data they (have to) use against you for fraud or getting into your accounts,” she said.
The phishing emails first began hitting faculty and staff accounts but were soon also sent to students. Korzinek said she hasn’t heard of any email recipients who have actually opened the link and fallen victim to a scam—although some have started the process before realizing the emails were not authentic.
Korzinek said GVSU has implemented a few protective measures against phishers, including limiting the use of the online directory so that scammers cannot obtain a comprehensive list of people to email, but instead can only view a certain number at a time.
IT has been combatting the issue by blocking the addresses known to have sent spam.
“Once we see them or they’ve been reported to us, we block them so we don’t see them or get them any longer,” Korzinek said. “Unfortunately, these people just keep changing where it looks like it’s being sent from, so it’s very hard to keep up with.”
When one fake email address is recognized and blocked by IT, those behind the accounts simply create another and repeat the process.
Capt. Brandon DeHaan of the Grand Valley Police Department said that unless a crime is committed or someone engages in a criminal enterprise where money or something of value is lost, the police are not involved in investigating the online scams.
However, DeHaan warned that the GVSU police are continuing to see online criminal activity of other sorts such as Nigerian and other bank-related scams.
“Students sometimes do fall prey to these,” he said, adding that some of the scams he has seen involve subleasing apartments, selling musical instruments and finding tutors—all common Internet transactions.
DeHaan advised Internet users to be wary of communicating or engaging in online businesses with unknown people.
Similarly, Korzinek advised that if an email is received requesting personal information, the recipient should call the person or organization that sent it to clarify that it is valid.
At this point, IT’s main strategy to counter the efforts of the phishers is simply to spread awareness and alert the GVSU community to the problem.
Korzinek advised students never to send personal information via email and insisted that IT does not request data through this medium.
She added that anyone who has taken the steps in the email and fallen victim to a scam should contact someone from the IT Help Desk for assistance and change all online passwords.
Original publication: http://www.lanthorn.com/article/2013/08/phishing-problems-persist-at-gv