Now that the school year is underway and email traffic increases, students and staff should be extra cautious checking their email.
Phishing scams have become increasingly accurate at posing as official mail, either from friends, familiar organizations or even from the university itself. In March, several Willamette employees clicked on an email pretending to be from President Steve Thorsett, unwittingly putting their sensitive information at risk.
Anyone who clicked on the link may have downloaded malicious software that tracks and reports their keystrokes to a malicious person or organization, says Jackie Barretta, chief information officer.
Any university password information they entered could have also given a malicious party access to payroll preferences, and likewise the ability to reroute their paychecks. Employees can also be locked out of their accounts and have their identity stolen after just one click.
Despite efforts by WITS to monitor and prevent phishing attempts in university email, hackers continue to adapt their approaches.
Barretta offers the following suggestions to keep information safe:
- Never respond to or forward emails that request confirmation of passwords, bank or credit card numbers or other sensitive information. Willamette will never ask you for your password through email, telephone or a non-university website.
- If you didn’t expect it, reject it. Don’t click on links in unexpected email. Find an example of a phishing email that fooled Willamette employees here.
- If you think you received a suspect email, visit the Phish Bowl to see a list of recent scams. If you don’t see the one you received or want more information, drop WITS Help Desk a line at firstname.lastname@example.org. In most cases, WITS can block phishing or spam email from the email system to prevent others from being targeted. But if you think you accidentally engaged in a scam, call WITS immediately at 503-370-6767.