The Observer is a Student-run, daily print & online newspaper serving Notre Dame & Saint Mary's. Learn more about us.



SMC sees increase in phishing scams

Becky Hogan | Monday, February 9, 2009

Phishing scams have compromised Saint Mary’s e-mail accounts this year more than ever before, according to Coordinator of Student Computing Kathy Hausman.

“This year we’ve had a larger number reply to phishing scams and that’s why we’ve tried to make more of an issue of it,” Hausman said. “We’ve tried to send e-mail messages to say that Saint Mary’s will never ask for passwords over e-mail. Unfortunately, we’ve had more people respond this year than ever before.”

According to Hausman, phishing scams are an attempt to get near money.

“A phishing scam is somebody pretending to be someone they are not, and they want your personal information – passwords, date of birth, your mother’s maiden name to get into your credit info,” Hausman said.

She also said that phishing scams have also affected local banks.

“Notre Dame Federal Credit Union and First Bank have both had phishing scams … where e-mails have been sent giving a link to a Web site asking to provide account info,” she said.

But Hausman also said that phishers are expanding the ways they acquire personal information by using e-mail account info to send further phishing messages.

“[Phishing scams] are also being used to log into e-mail accounts to send spam and additional phishing messages,” Hausman said.

Hausman also said that people with ‘.edu’ accounts are particularly vulnerable to these scams.

“I think [the increase in scams] is because the phishers themselves are getting smarter. They know that they can say that your account can be deleted because they are associating ‘.edu’ accounts to faculty and students,” she said. “They are also specifically mentioning your webmail account. They are trying to use key words that students hear all the time, so it’s more difficult to determine whether it’s real or not.”

According to Hausman, no legitimate institution, including colleges and banks, will ask for personal information over e-mail.

“If you receive an e-mail directing you to a phone number or Web site to provide this information, do not use the contact information or links provided in the message. Instead, contact the institution using their officially published phone number or Web site and ask for instructions,” she said.

Phishing scams can even affect students who have not had their accounts compromised by phishers because e-mail providers can block users on an entire network.

Hausman explained that Hotmail, MSN, AOL, AT&T and SBCGlobal have repeatedly blocked saintmarys.edu accounts after one address has been compromised, preventing any messages with saintmarys.edu addresses from being delivered to intended recipients.

Hausman said that the best way to identify a phishing scam is to see if an e-mail message asks for passwords, account numbers, social security numbers, or addresses.

“Never give out that information over e-mail,” she said.

Examples of recent phishing scams subject lines at Saint Mary’s include “final verification of e-mail account,” “e-mail account maintenance,” and “alert: mail quota and confirm email account.”

Hausman said a recent phishing scam reported by msnbc.com exposed an incident in which a man’s Facebook account had been hacked into, telling his friends that he had been robbed at gunpoint and needed money. Many of his friends responded, with some even sending money to an account without realizing that it was a scam.

Hausman said that Saint Mary’s Department of Information Technology has been working to educate students about phishing scams.

“Not only are they seeing all e-mail messages that say this is a phishing scam, we’ve also got a number of different advertising campaigns,” she said.

The Department of Information Technology will hold a “Computer Security Awareness” event in Vander Vennet Theatre on March 2. Topics will include protecting your computer from viruses and trojans, a review of phishing scams, password security, and online identity theft.

Hausman also recommended the SonicWALL Phishing and Spam IQ Quiz tests how well one can identify a legitimate e-mail from a phishing scam. The quiz can be found at www.sonicwall.com/phishing/.