You’ve got mail
Avoid phishing scam messages
A string of email scams invaded the inboxes of several Liberty University students in mid-January, promising “information validation” and mystery shopper positions.
Protect — Liberty’s IT department worked hard to fight scams. Photo credit: Pierce Phillips
The emails, urgent in tone and content, claimed to be from various departments of Liberty such as the Information Technology (IT) helpdesk and the Liberty University Police Department (LUPD). The emails were sent Jan. 15, Jan. 18 and Jan. 19.
Liberty’s IT department since issued a scam alert Jan. 20 to inform students of basic precautions to take when dealing with possible scam messages.
According Joshua Burch, a network security engineer at Liberty, email scams like the ones sent in January are created with the intent to defraud people into giving away money, possessions or personal information. A specific type of scam called phishing involves the scammer creating an email, down to its address and signature, to look like it is from an official institution or business.
A phishing message will use jargon, official-sounding language and urgency to dupe its recipients into releasing sensitive information. Other characteristics include poor grammar and a strange Web address (URL) linked in the message.
According to Burch, the three main aspects of a suspicious email to look at are the links, the sender and the content.
“Look at the whole email,” Burch said.
Students should look carefully at any links associated with an email. The recipient of a suspected phishing scam must not click any links in the email, especially if they involve their personal account or money.
“(The messages) will usually have a link that says ‘click here’ rather than saying what it goes to,” Burch said.
He also included that one way a user can detect a suspicious address is to mouse over the link and see what the address actually says.
A phishing hacker will typically create a website from a free Web hosting service, Burch further explained. When an unsuspecting user enters information into the corresponding fields on the page, the website simply stores it all for the hacker’s records.
In addition to looking out for suspicious links, students should also look out for strange, unrelated or unofficial email addresses which send scamming emails.
The sender’s guise could be that of a seemingly helpful technician or even a friend of the recipient. Burch suggests students go to the official website of the business represented in the email and call it directly. In the case of a friend promoting something strange via email, recipients should inform the friend that his or her account may have been compromised.
As for content concerning webmail updates, Burch assures students that Liberty’s IT technicians have no need of enlisting such tactics for information.
“(Liberty IT technicians) don’t need people to give us personal information over email,” Burch said.
Burch clarified that webmail technicians have the ability to deactivate or update webmail locally, without any personal details directly from a user. Scammers will create a false sense of urgency over digital communication. Liberty’s helpdesk technicians will not.
Rule of thumb on emails involving money? If it is too good to be true, it probably is.
If a student receives an email to a Liberty email account that could be a scam, he or she should forward it to scams@liberty.edu so IT can be made aware.
Jarrett is a news reporter.