Student emails feeling ‘phishy’

By Nico Zulli
Reporter

Scams are on the rise, and Baylor Information Technology Services are working to stop phishing scammers from finding their way into the hearts and hardware of Baylor students, faculty and staff.

On the recent local, national and international news fronts, several back to back malware and scam scenarios have developed, including the Texas State Technical College breach.

But blame may not fall to scammers as much as to tech-users.

“It is our responsibility to understand that phishing scammers today are investing more time than they used to in an attempt to seem more credible to us,” said Jon Allen, ITS information security officer.

Allen said this will prevent people from falling victim to the carefully calculated tactics of phishing scammers everywhere.

Phishing scams differ from malware, like that used in the Target scam. Malware is considered more complex in nature, and not something the average person could create.

According to ABC News, it has recently been speculated that the Target scam most likely derived from malware called ‘BlackPOS’, which is of Russian origin. Whatever malware was the cause, iSight Partners of Dallas said the malware used in the Target scam allowed for the first attack ever of this scale and sophistication.

While malware is a technical attack, phishing scams use social skills in order to incite individuals to give something away — be it usernames, passwords, credit card information and other personal identifiers.

Although scammers have been phishing at universities around the country for years, RSA Security Inc., the security division of corporate IT solutions company EMC, reported in a blogpost on Feb. 24, 2013 that scammers today are primarily targeting public and state universities, with 70 percent of their efforts targeting the online student portals of these universities.
Allen said they are becoming better.

“Phishing scammers have gotten more accurate,” Allen said. “For instance, you might receive an email saying, ‘Baylor web mail is about to expire’, You used to be able to tell by the way it’s written — the grammar was generally poor. And that’s beginning to change.”

In addition to changes in the phrasing, the design layout of emails has also become seamless.

“You used to click the link and it wouldn’t look legitimate at all, visually speaking,” he said. “Now it looks believable.”

Because it is so simple to become a phishing scammer, ITS works to standardize education on the topic of forming good habits to protect personal information through BearAware, a branded awareness company focused on educating students, faculty and staff.

“Methods to detect these links and sites are not easy to teach people,” he said. “I spend a lot of time on education, and my hope is that a student graduating from Baylor has at least an understanding of this to some level.”

As far as incidents on the Baylor campus, Allen said they occur in bursts, but are usually taken care of quickly and without major compromises.

Moody Library desk employee Frank Gill said while the library is also aware of phishing scams, students are essentially on their own to avoid running into problems on both library and rental computers.

“These computers should be treated the same way as your personal computer when it comes to avoiding scams,” he said. “One exception is that these computers log you out if you are inactive for a certain period of time.

But it’s still important to make sure to log yourself out to prevent someone else from accessing your information.”

Gill said even opening links within emails on library computers is still risky business.

“Even though these computers are Baylor computers, it is still advised to avoid opening links in emails if you don’t know who or where they came from,” he said. “These computers can still be affected by phishing scams and so can your information.”

To avoid becoming a victim of phishing scams, Allen said there are three main things to understand about the way they work including links, replying to emails and contact lists.

“I like to say, when in doubt, don’t,” he said. “Check the URL of a link. Don’t respond to emails, and don’t open attachments — even from people you know — if they are unexpected.”

Allen said the No. 1 precaution to take is to avoid providing personal information verbally or on the online medium is what lays the foundation for phishing scams to occur.

“Information is powerful,” he said. “It’s not that there is more volume of these types of emails, and it’s not that they have been more successful yet. It’s just that they are more legitimate looking.”

Students and faculty can report any questionable or suspicious emails to the Baylor ITS Help Desk at 254-710-HELP, as these emails may be phishing scams.