Phishing e-mails are not a new thing, according to Assistant Director of IS&T Operations Chris Golden.

A faux e-mail from the “Lee U Help Desk” attempts to lure students, staff and faculty into giving up their account information. However, in the past there have been many varieties of message.

“Sometimes they give you a link to ‘log in’ and resolve an important issue,” Golden said. “However, those links usually take you to a Web site that looks identical to a legitimate Web site, but in reality the Web site you are looking at was created by the hacker to collect passwords.”

Golden explained that most of the phishing and hacker attacks come from countries overseas and only continue due to their government’s unwillingness to cooperate and track the appropriate people down.

“The e-mails not only target students,” Golden said. “They target faculty and staff as well. We have a big problem with students, faculty and staff falling for them.”

Students should contact the help desk immediately if they have replied to one of these e-mails, Golden said. The Help Desk will then help students reset the e-mail’s password.

“Even the best technology in the world can’t prevent people from doing things they shouldn’t,” Golden said. “The best way to combat phishing and other social engineering attacks is for people to be security aware as to use their brain.”

Golden uses this example to show what phishers do:
For instance, you should never open e-mail attachments from people you don’t know or didn’t expect. You should always manually type links into a Web browser instead of clicking on links in e-mails, especially if it is asking you to log in to something. I can send you this link to Google http://www.google.com but when you click on it, it takes you to yahoo.com. You never know where links are really taking you.