UCI Gives Several Warnings Against Phishing on WebMail

On UCI’s WebMail home page there lies a bright red warning above the login information cautioning students about phishing e-mails.

But what, exactly is phishing? Why so wary, WebMail?

Phishing, unlike its docile namesake, is defined as the process of attempting to acquire personal password, username or credit card information through illegal means.

The crooks pose as legitimate sources and write e-mails that appear urgent in order for the receiver to respond with no hesitation.

The most common type is known as spear phishing e-mails that are targeted to a select group – college students. Because these messages that request personal information to avoid account suspension do not seem like a threat, rushed students have no qualms replying.

In October 2009, thousands of students have responded to these e-mails, getting their school e-mail account hacked into. This isn’t occuring exclusively at UCI; phishing is a problem on many campuses.

In fact, according to checkpoint.com, “Phishing continues to be one of the biggest threats to personal and network security, firmly establishing itself as the most widespread online fraud technique.”

Who are these entities that have the ability to take on a false identity and hack into hundreds, if not even thousands of accounts?

BOTNETs are large networks of computers operated by different criminal conglomerates. Their objective is to get a person’s username and password and use it to generate spam advertisements to make money through products and additional identity theft.

Isaac Straley, Manager of IT Security, and Information Security Officer Captain says, “Most importantly, DO NOT give away your password to anyone.”

With your password, your accounts can easily be hacked into and can therefore lead to additional identity theft.

Straley strongly suggests to “look very closely to reply addresses, try to contact sender through other means, look for spelling and grammar mistakes, and check your online resources.”

Students can also read about “6 Ways to Identify Phishing” on the “security.uci.edu” Web site which warns, “If you are unsure whether an e-mail message about your account is a phishing e-mail or not, call the organization directly to determine the status of your account.”

Phishing has become so widespread that these attacks are starting to come in the form of IM, SMS, text message, and VoIP. The most dangerous of these are the VoIP known as “vishing” where users receive phone calls in the form of an automated voice which tells them to enter their credit card information dialing a given separate number, therefore resulting in additional identity theft. It doesn’t help that many business are now turning to VoIP to help run their company’s duties.

The best thing people, especially students, can do to avoid becoming a victim of phishing is through educating themselves on e-mail security. Not only are there the obvious anti-spam and anti-spyware software that helps protect internet security, but knowing what to look for in the form of questionable e-mails or messages.