A deposed Nigerian Prince is in trouble and he needs help. The monarch has an interesting proposition — one that could make a person rich.
All someone needs to do is give him some of their money or their bank account number. He’ll be so grateful for the help that he will double or even triple the initial investment. Sound too good to be true?
That’s because it is. This is an example of a phishing attack.
There has been a recent upsurge of students and faculty falling victim to phishing attacks, Chief Information Officer Chip Eckardt said.
He describes phishing as soliciting another for their private information such as bank accounts and social security numbers. The problem facing UW-Eau Claire is students and faculty giving out their passwords.
“For whatever reasons,” Eckardt said, “our campus seems to give up their passwords more easily than other campuses I’m seeing, at least in the UW System.”
However, he said the attacks have grown more sophisticated than the Nigerian Prince attack. There was one email that looked exactly like it came from the university.
It said the mall quota had changed and that they were moving to a new system. It then asked for the user’s password.
Junior Lainee Hoffman, who did not receive the attack, but got the warning email from LTS, said many attacks are not believable, but this one was scarier due to its legitimacy.
“If I would have gotten that email, I would have potentially given out my password,” she said. “It seemed really believable.”
Once a password is obtained, Eckardt said, the phisher can then send hundreds of thousands of emails to people while masquerading as the university’s user with the goal of further phishing.
He said the speed of the university’s email system makes it easy for phishers.
“If you have 100,000 bogus emails you want to send out, you can go through our servers in a short period of time.”
Giving out a password can affect the individual as they may lose control over their H-Drive or somebody could send nasty emails posing as the user.
However, this is also causing many problems for the university. Private email accounts and other universities are blocking emails coming from the university’s accounts since they appear to be spam because of the volume.
Eckardt said this is a problem when important emails need to be sent.
The amount of people unadvisedly giving out their passwords does not have to be large to create havoc.
“Even eight to 10 it becomes a very significant problem,” Eckhardt said.
They cannot easily pinpoint who gave up their password because the university does not read emails and there is so much data in the system to go through, Eckhardt said. This means that they will have to require everybody to make changes in the coming weeks.
“I fully expect we’re going to have to force everybody on campus to change their password.”
The biggest piece of advice Eckardt can give is to keep passwords hidden on and off the computer.
“Nobody should ever give their password out to somebody verbally, over the phone or in writing.”
He said it’s unwise to even give it out to a friend.
Junior Dylan Brubaker has never fallen victim to an attack, but said he has encountered phishing attempts before. He said there is an easy why to tell if it’s an attack.
“Usually if they indicate a sense of urgency … that kind of makes you think that you have to do it now without even thinking about it,” he said, “so that kind of sends up a red flag to me.”
Eckardt also said it’s a bad idea to click on any links from an unknown email as well. Even if it’s to an innocuous website, harmful malware can be put on the computer. At the very least, hover over the link to see where it leads.
He also said if you realize you gave your password to a phisher to immediately change it. If you gave out information such as a social security number, then call the police.
Ultimately, Hoffman said the best way to protect information is to treat these emails like trash especially if it’s an unknown email account.
“Delete them,” she said. “When you get ones from random addresses or random companies then why would you give them your information?”