Tag Archives: phishing

Phishing scams hitting student accounts

Over the last week or so, thousands of emails have bombarded students, faculty, and staff—all ostensibly from Help Desk, or ITS, or some other official-sounding department of the University—that have threatened recipients with the disablement of their accounts, unless they reply with their passwords or other personal information.

Several student accounts have since been compromised, sending more spam and more phishing scams through the veins of University servers, and ending up in your inbox. Despite all of this, there’s an easy way to prevent scammers from gaining access to your account and flooding us all with spam and other evils:

NEVER REPLY TO THESE EMAILS! ITS will never ask for your password or personal information by email. Requests for such information are fraudulent. Delete them and do not reply.

A better solution—one that keeps almost all of these messages from showing up in your inbox in the first place—is to turn on spam filtering, which not only gets rid of these phishing scams, but basically eliminates spam from showing up in your inbox, period.

To turn on spam filtering:

  1. Log in to webmail.
  2. Navigate to Options, at the top of the window.
  3. Choose Spam Filter Configuration.
  4. Choose your Spam Score; 5 is recommended. Lower numbers will apply stricter standards and may catch some legitimate mail; higher numbers will be more lenient and may allow spam through. I get no spam on 5.
  5. Change Action to either “Move to Spam Folder” or “Delete Immediately.” If you choose Move to Spam Folder, you can see all the emails that have been filtered out as spam before they’re deleted.
  6. Click Save Settings and say goodbye to spam!

Sadly, student accounts can be hacked by outsiders with malicious intent, even without you sending them your password. Another way to foil potential hackers is to change your password to something more secure. To do so, open your ePortfolio and choose “Password Manager” under the “Tools and Links” bucket. Ideally, your password should be at least 8 characters long and contain a mix of letters and numbers.

If you ever have questions about the legitimacy of an email purporting to be from the University, call the department from which it supposedly came, or call ITS Help Desk at 860 685-4000.

[DISCLAIMER] The information above reflects my personal advice only and does not necessarily represent the views of ITS or any other University department.

Webmail Phishing Attempt

Sometime in the past few days, you may have received an e-mail in your webmail account that looked like this:

Dear Wesleyan Webmail User,

To complete your Account Verification process, you are to reply this message and
enter your password in the space provided (*******),you are required to do this
before the next 48hrs of receipt of this e-mail, or your Webmail Account will be
de-activated and erased from our Database. Your account can also be verified at:

https://webmail.wesleyan.edu/src/login.php

Thank you for using Wesleyan Webmail Service.

Wesleyan Internet Support

If you looked a little closer, you would have noticed that the reply address wasn’t a Wesleyan address at all. Given that the webmail link provided was correct I’m not sure exactly what whoever did this was trying to accomplish, but sending any information in a reply would be a bad idea. (Sending any account information in plain text in an e-mail is a bad idea period.) Your webmail account will be fine, and there’s no way Wesleyan’s ITS people would send out a message threatening to delete your data from their database if you didn’t reply within 48 hours.