Phishing hits UD faculty, students

Thousands of students and faculty members found at least one fraud email in their inboxes during the first week of the semester. Those who clicked on these emails were asked to provide their UDelNet IDs and passwords, according to IT Communication Group Manager Richard Gordon.

Gordon said over 100 people gave this information and found themselves victim to a phishing scam. Phishing scams artists send out mass emails hoping to get responses so they can steal the responders’ personal information, Gordon said.

The phishers can get access to the financial records of these people and they can also sell their email addresses to other phishers.

“It’s trying to trick you into surrendering your own information,” Gordon said.

Although Gordon said campus email addresses receive hundreds of these emails on a daily basis, the IT center received an uptick in the numbers of complaints from Feb. 3 until Feb. 7.

The students unknowingly gave their information to a website that claimed to be university-affiliated, and once spammers had control of some university accounts, they sent more spam from the accounts.

When the IT center gets a report from someone who has been hacked, they have to put a freeze on all of their university Internet accounts, he said.

Gordon said they see a rise in phishing scams at the beginning of every semester. Gordon also saw a rise in emails last August and last February. He said this time of year might be easier for hackers to get more responses.

“There’s a bunch of fresh persons coming in,” Gordon said. “It’s taking advantage of them not knowing their way around.”

This case of phishing was one of many that university email addresses receive throughout a semester. Senior Keith Elliott received one of these emails earlier this year.

When Elliott received an email from a website claiming to be Twitter on his school email, he was asked to follow a link to sign in to the social media website. After following the link, however, he noticed the URL was spelled differently than the legitimate website’s URL and realized he had received an email from phishing account.

Elliott thinks many people who fall victim these scams neglect to check the small details of their emails.

“I think a lot of people don’t usually think to look at the URL or other things that are indicators of a fake address because they’re so used to having all the passwords saved in their browsers so that whenever they go to websites, they don’t have to log in again,” Elliott said.

Gordon said many scams change the URL slightly to a website, including the phishers from the beginning of this semester.

Phishing is not as hard of a task as many people think, Gordon said. He said that anyone “with adequate Google skills can look up how to do it.”

If people have realized they have given their personal information to a potential scammer soon afterward, students can still block the scammers from making any changes, according to IT Support Center Supervisor Cecilia Kerlin.

“We advise you to change your password to something very different than what it was [immediately],” Kerlin said.

Gordon had advice for students and faculty in order to not fall victim to these scams.

“Any email that asks for personal information, delete it,” Gordon said. “Any email that contains something really outlandish, delete it.”