Phishing scams hunt for prey

IT tackles problem of malware constantly plaguing university email accounts

Like fishing in a body of water, hackers send phishing emails to students complete with bait and a dangerous hook. But instead of a juicy worm, students could find malware at the end of a hacker’s hook.

Digital world — Users have encountered email scams. Photo credit: Leah Seavers

Digital world — Users have encountered email scams. Photo credit: Leah Seavers

Phishing is different than other junk email because it is “trying to look like something from a trusted source,” Joshua Burch, Liberty University network security technician, explained.

Burch deals with these types of emails daily. The Information Technology (IT) department has filters in place to stop suspicious sites and known scams from reaching students, but Burch said, “the first line of defense in security is the students.”

If a phishing email slips past the IT filter, students are encouraged to report it to the IT Help Desk by calling 434-592-7800 or emailing scams@liberty.edu. Some phishing emails make it to the inboxes of the entire student body, while others only reach one or two.

The goal of most phishing emails is to get usernames and passwords. And places with a large email base like universities, hospitals and large companies are prime targets. But students can be aware of red flags that hackers commonly wave in these phishing emails.

Many phishing emails do not address recipients by name. They begin with, “Dear Email User.” Liberty University knows the names of students and will begin emails by properly saying hello.

Watch out for emails with a warning and a consequence, such as, “If you do not reply with your username and password, then your email account will be suspended.”

“If you get an email claiming to be from the university that is asking you to verify your username and password for whatever reason, it’s probably not from the university,” Burch said. “And if you ever have doubt, the best thing to do is just call the Help Desk and ask.”

If the email is addressed to you and seems friendly, but still suspiciously asks you to click on a link, read that link carefully. If the address does not end with @liberty.edu, it is not from Liberty.

Some hackers use free websites like weebly.com and wordpress.com to create fake websites using Liberty University in the domain name. If a word is hyperlinked so the address is not visible, students should hover their mouse over it, and they should be able to read the link.

Poor grammar is also a common red flag. Liberty University does not send emails riddled with grammar mistakes, while email scams will often contain poor spelling and sloppy sentence structure.

A spoofed email address is another tactic that hackers use to make recipients feel more comfortable. These emails may seem like they are from a classmate or someone on that individual’s dorm. This can be trickier to detect, so it is best to go by the email content.

Some hackers also send phishing emails to Liberty email users from a fake account resembling a trusted brand like a bank or department store. If a student notices a red flag, he or she can call that establishment and ask if the email is from them.

Liberty IT provides more tips to identify phishing and fraud emails. For a list of current security alerts and images of “Known Scams,” click on the Security and Phishing Quicklink on the IT homepage, then the Phishing and Fraud link.

Hoosier is a news reporter.

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *