Phishing scams hitting student accounts

Over the last week or so, thousands of emails have bombarded students, faculty, and staff—all ostensibly from Help Desk, or ITS, or some other official-sounding department of the University—that have threatened recipients with the disablement of their accounts, unless they reply with their passwords or other personal information.

Several student accounts have since been compromised, sending more spam and more phishing scams through the veins of University servers, and ending up in your inbox. Despite all of this, there’s an easy way to prevent scammers from gaining access to your account and flooding us all with spam and other evils:

NEVER REPLY TO THESE EMAILS! ITS will never ask for your password or personal information by email. Requests for such information are fraudulent. Delete them and do not reply.

A better solution—one that keeps almost all of these messages from showing up in your inbox in the first place—is to turn on spam filtering, which not only gets rid of these phishing scams, but basically eliminates spam from showing up in your inbox, period.

To turn on spam filtering:

  1. Log in to webmail.
  2. Navigate to Options, at the top of the window.
  3. Choose Spam Filter Configuration.
  4. Choose your Spam Score; 5 is recommended. Lower numbers will apply stricter standards and may catch some legitimate mail; higher numbers will be more lenient and may allow spam through. I get no spam on 5.
  5. Change Action to either “Move to Spam Folder” or “Delete Immediately.” If you choose Move to Spam Folder, you can see all the emails that have been filtered out as spam before they’re deleted.
  6. Click Save Settings and say goodbye to spam!

Sadly, student accounts can be hacked by outsiders with malicious intent, even without you sending them your password. Another way to foil potential hackers is to change your password to something more secure. To do so, open your ePortfolio and choose “Password Manager” under the “Tools and Links” bucket. Ideally, your password should be at least 8 characters long and contain a mix of letters and numbers.

If you ever have questions about the legitimacy of an email purporting to be from the University, call the department from which it supposedly came, or call ITS Help Desk at 860 685-4000.

[DISCLAIMER] The information above reflects my personal advice only and does not necessarily represent the views of ITS or any other University department.

4 thoughts on “Phishing scams hitting student accounts

  1. Anonymous

    I’d exercise some caution with setting the score of 5 (yes, I know it says recommended – it lies!); it may work fine for most, but I’ve seen some significant false positives. Unfortunately, it’s hard to say for certain since everyone’s filtering is relatively unique to their account.Also, there should be a “new” app coming where you can set multiple tiers of actions such as:”mark on 6, move to spam folder on 10, and delete over 15″as well as some recommended presets that work out pretty well-ish. The hope is that it should help out with spam management, though for all I know it will just serve to confuse and befuddle.Oh. And don’t whitelist *@wesleyan.edu. PLEASE. You shouldn’t need to and it will let *tons* of spam through. Email’s like normal mail in that sense (and many others) – I could send you a piece of mail with a return address of 1600 Pennsylvania Avenue; that doesn’t mean I’m the president. That said, some of the phishes *will* likely continue to get through. Changes are being made to help out and will continue to be made, but changes are slow here (unless they involve pointless overhauls of systems or implementing something shiny). The best advice is to simply remember that Wesleyan will never ask for your password via email. If you *did* respond to any email purporting to be from Wesleyan asking for your password, I *strongly* suggest changing your password ASAP – otherwise chances are *quite* high that your account will be used to send out great globs of spam and will be summarily disabled by an increasingly misanthropic sysadmin, a sysadmin who would really rather spend his evenings being a complete nerd (OMG! Patch 3.0!) than being amused at how our servers are being used to phish Emory ;)

  2. Anonymous

    I’d exercise some caution with setting the score of 5 (yes, I know it says recommended – it lies!); it may work fine for most, but I’ve seen some significant false positives. Unfortunately, it’s hard to say for certain since everyone’s filtering is relatively unique to their account.

    Also, there should be a “new” app coming where you can set multiple tiers of actions such as:

    “mark on 6, move to spam folder on 10, and delete over 15”

    as well as some recommended presets that work out pretty well-ish. The hope is that it should help out with spam management, though for all I know it will just serve to confuse and befuddle.

    Oh. And don’t whitelist *@wesleyan.edu. PLEASE. You shouldn’t need to and it will let *tons* of spam through. Email’s like normal mail in that sense (and many others) – I could send you a piece of mail with a return address of 1600 Pennsylvania Avenue; that doesn’t mean I’m the president.

    That said, some of the phishes *will* likely continue to get through. Changes are being made to help out and will continue to be made, but changes are slow here (unless they involve pointless overhauls of systems or implementing something shiny). The best advice is to simply remember that Wesleyan will never ask for your password via email.

    If you *did* respond to any email purporting to be from Wesleyan asking for your password, I *strongly* suggest changing your password ASAP – otherwise chances are *quite* high that your account will be used to send out great globs of spam and will be summarily disabled by an increasingly misanthropic sysadmin, a sysadmin who would really rather spend his evenings being a complete nerd (OMG! Patch 3.0!) than being amused at how our servers are being used to phish Emory ;)

Comments are closed.