When you open your Umail account, you probably don’t realize you are only seeing about 10 percent of what is intended for your inbox — the rest is unsolicited and dangerous spam that the U’s Information Security Office clears.
However, last Tuesday one of those bad emails got through to about 800 individuals. The message warned that the recipients had exceeded their Outlook storage limit and needed to change their password on an attached Google Docs form. The security office sent out an email to those individuals saying, “If you have received this email, DO NOT click on the link. If you clicked the link and entered any personal information, immediately change your password and then reply to this email so that [Information Security Office] can assist you.”
Phishing is when individuals attempt to steal valuable information through misleading emails or other electronic communication, usually asking users to enter their usernames, passwords or credit card information. Colby Gray, IT manager, is in charge of a team solely devoted to eradicating these emails from the Umail inboxes of students, faculty and staff. They usually block the links, but since this phishing email used a Google Doc form, the team could not target that specific link without affecting all others.
Standard phishing attacks target about 300 to 400 people, but this one doubled that. Gray himself received the email, which is why his office was so quick to deal with the problem. They block about a dozen phishing emails each day, a number that is slowly increasing.
“As you see all these breaches around the world, literally, data is just so valuable that I just think it is becoming more and more profitable for people,” he said. “It’s becoming easier for them to do and there is not a lot of risk to it.”
Those who steal information use it to get access to whatever you have access to, especially banking accounts. When phishing scams target a certain demographic of people it is called spear phishing. This email did not seem to target any one kind of person.
Sarah Sleve, a freshman in psychology, received the phishing email but did not fall for the trap.
“Really, I was lucky because I was lazy and figured it would just make me change it the next time I tried to log in,” she said.
For future reference, Gray said the U “will never send you an email asking to enter your username and password.” He advises all students to be wary of emails with attachments or links, especially if it is someone from whom you are not expecting an email.