IT Security (ITS) is investigating a series of scam e-mails that were introduced into the University’s computer system this month. According to IT Security, several phishing scams throughout the month of May which request that the user provide their CNet ID username and password through e-mail have entered the University’s contact system.
A phishing scam is an attempt to attain a user’s personal information using fake credentials. One of the e-mails in question purports to be from the “UChicago Technical team” and tells recipients that their computer has been infected by a virus. The email asks the recipient to click on a link provided and log in with the student’s CNet ID and password.
Another e-mail purports to be from the “University Help-desk” and tells recipients that their mailbox is almost full. It directs students to click on a link and enter their CNet ID and password to empty their inbox.
The University receives phishing e-mails from scammers who are trying to obtain University credentials for many purposes, such as using e-mail accounts for spamming, accessing electronic journals, and compromising other University resources.
“When IT Security receives reports of these e-mails, we attempt to contact the hosting site to get the malicious page taken down. We then block access to the malicious links from campus and notify other services, which provide safe browsing resources. While the University cannot stop phishing attempts entirely, IT Services invests in filtering technology and subscribes to commercial services designed to screen out the more obvious attempts,” Leilani Lauger, an information security officer, said.
ITS said that it is always on the lookout for new phishing attacks. “ITS is constantly updating technology and processes to find the more difficult-to-spot attacks. Users can subscribe to the ITS Twitter or Email Scams RSS feed, both of which notify them of phishing attempts reported by members of the University community,” Lauger said.
House resident computing assistants (RCA) are also aware of the e-mail scam system and are working toward helping students identify scams more easily. The last phishing scam was sent on Tuesday, May 13.
“These e-mails mostly claim to be from the University, IT Services, or the uchicago.edu team, show improper grammar usages, and may ask users to provide other personal identification, such as phone numbers or credit card information,” fourth-year Hall Liu, the RCA for Maclean House, said.
If affected by a computer scam, IT Services and RCAs from College Housing urge that victims report scams to the ITS Security Team.
--Additional reporting by Ankit Jain