Sophisticated phishing emails and elaborate web-based scams are being used to target students at the University of Connecticut. The extent to which students have been targeted with these scams has prompted UConn Chief Information Officer and Provost for Information Technology to send a warning to all students to be on high alert.
A number of students at the university have received sophisticated phishing emails in recent months that appear to have been sent from University President Susan Herbst. Like many universities and other educational establishments, the email system is protected with a spam filter. The majority of spam and scam emails are filtered out, although some do make it through. If these emails are delivered to students, there is a high probability that they will be opened. After all, the messages do appear to have been sent from the University president.
The emails contain malicious attachments or links to websites that attempt to steal login information and the scam is sophisticated and highly convincing. Many students would be unaware that they have been scammed after disclosing their login credentials.
The same can be said of malware infections, which usually occur silently when a malicious website is visited. Criminals are attempting to install key-loggers that record all sensitive data entered on compromised computers.
These scams are intended to get students to disclose their bank account information, credit card data, or Social Security numbers and personal information. The attackers can then use this information for a wide range of nefarious purposes including identity theft.
Sophisticated Phishing Emails are the New Norm
Email scams of old were quite easy to identify. They often included many grammatical and spelling mistakes and included offers that sounded too good to be true. However, today, sophisticated phishing emails are the new norm and they can be very difficult to identify. Emails are sent from authority figures, are grammatically perfect, and the attackers use wide range of social engineering techniques to get victims to disclose sensitive data or take a particular action.
The scammers are also increasingly sending highly targeted emails. These ‘spear phishing’ emails use personal information unique to the recipient to add credibility. Information is often obtained from social media and professional networking sites.
One of the latest UConn email scams includes information about Blackboard Inc., the Mail Service used by UConn. The attachment has the title “Exclusive Important Announcement from President Susan Herbst.”
Warnings have been issued by email to all students alerting them to this scam and advising them to exercise caution when using email and surfing the Internet. Students have been told not to login on any websites that do not have a valid security certificate.
A Spam Filter and Web Filter in Tandem Offer Greater Protection Against Phishing Attacks
Users should always exercise caution when using email. Attachments from unknown senders should not be opened and links contained in emails from unfamiliar sources should not be visited. However, curiosity often gets the better of students and malicious links are often unwittingly visited.
For this reason, in addition to using an advanced spam filtering solution – such as SpamTitan – universities and other educational establishments should also employ a web filtering solution. The spam filter will block the vast majority of malicious messages. The web filter will ensure that malicious websites and infected webpages cannot be visited. In tandem, a spam filter and web filter will offer far greater protection against phishing attacks and malware/ransomware infections.