UH has recently become a target of a form of online impersonation known as phishing.
Web impersonators, or phishers, have been sending e-mails claiming to be official university officials in order to gain secure information from students.
Chief Information Security Officer Mary Dickerson said these attacks have been occurring more frequently in universities across the country.
“The information security vendor RSA issued a report in which they note that January 2010 saw a 21 percent increase in phishing attacks over December 2009,” Dickerson said, adding that the report noted a growing trend of phishing attacks against colleges and universities.
“From our observations, they seem to come in waves,” she said. “The past 45 days have been exceptionally heavy for phishing attacks at UH.”
A common lure used by phishers is sending e-mails to students under a false UH banner in order to gain students’ e-mail passwords.
“They may set up a phishing site to obtain users’ e-mail credentials, which would allow the phisher to log into the user’s e-mail and obtain information on other accounts the user might have (banking accounts, etc.) or use the victim’s e-mail account to send spam or new phishing messages,” Dickerson said.
Although students are the ones being victimized, the hacking begins by first finding e-mail addresses for students from the university.
This is a problem taken seriously by the university’s Information Technology Security, which works in cooperation with appropriate Internet organizations and law enforcement to identify and stop phishers whenever possible.
“We actively work with Internet Service Providers to disable accounts for identified malicious users and Web sites,” Dickerson said. “We also work within the campus and UH System network to block this traffic when it can be identified. The UH Enterprise Mail Administration team has also implemented security measures on the mail servers and gateways to address these attackers.”
Not every phisher will be caught, but the IT Web site states there are measures to take in order to not become a victim if and when these false messages are sent.
There are many clues to stop the spread of phishing on campus. The main red flag is being unaware of where the e-mail came from.
Other warning signs include old, fuzzy UH logos, a lack of contact information, and no signature at the bottom of the messages. Students can find more tips at the IT Web site if they feel their information has been phished.
“The most important thing is to not provide your personal information unless you can verify the organization you are reporting it to,” Dickerson said.
Think before you click.
- Do not reply to e-mails or pop-up messages that ask for personal or financial information
- Do not open any attachments in suspicious e-mails
- Do not click on any links embedded in suspicious e-mails
- Research the subject line of a suspicious e-mail to determine if that subject line is a known phishing scam
Ways to spot a fake UH e-mail
- If it asks for personal information
- Bad or fuzzy graphics
- Outdated UH logo
- Incomplete “From:” address
- Bad capitalization
- Bad grammar
- Lack of contact information
- No signature
Source: UH Information Technology
