CTS advises students on avoiding phishing scams

(Devon Nitz | The Oswegonian)
(Devon Nitz | The Oswegonian)

Early this semester, Oswego State students were targeted in an online phishing scam. The scammers posed as Campus Technology Services employees, sending an email to an undisclosed number of students.

The well-presented email stated the recipient’s Lakernet account had been accessed by a third-party. Recipients were asked to provide their Lakernet login information through a link included in the email, allegedly to restore full-access to their account. The message warned the recipient’s account would be suspended or deactivated if they did not comply within 48 hours.

The email was convincing and the message-format appeared authentic. However, the urgency and spontaneity of the email prompted many suspicious students to contact CTS.

After thoroughly analyzing the email, CTS confirmed it was a phishing scam. Students who gave their Lakernet login information were told to change their username and password immediately.

Fortunately, CTS says any acquired Lakernet account information would be used to gather a mailing list for spam, which, although irritating, is harmless in most cases.

On the other hand, more severe phishing scams seeking personal and financial information could result in fraud or identity theft, a major problem for misled recipients who give any requested information.

The recent scam was not a one-time occurrence. Phishing scams and similar fraud-related cases have been reported on campus in the past.

CTS online security and Google Apps — which hosts Oswego State’s email accounts through Gmail — maintains a powerful security network which blocks out any spam, phishing scams and other fraudulent messages before they’re delivered to an email’s inbox. However, the network is constantly bombarded with a large volume of these messages and a few manage to break through now-and-then.

If one receives a suspicious email, one should take several steps to check its authenticity. A message containing multiple spelling mistakes, grammar issues, typos and inaccurate information are all explicit red flags. However, scammers’ messages often seem authentic and convincing, containing little or none of these errors. These messages will typically include a link, which often reveal the message as phony.

“If you put your cursor over the link, it will display a bogus web address,” Nicole Decker, assistant director for user support at CTS said.

“Emails asking to provide a username and password usually include links to websites, and the links may look legitimate,” Decker said. “However the links will often lead to a bogus website.”

Even if the scam seems foolproof, all phishing scams of this kind contain one dead giveaway.

“CTS and any legitimate company is not going to ask for passwords and other important information,” Decker said.

Decker advises students to remain on-guard if an email asks for information of any sort.

“Anything asking for passwords, usernames or any personal information, be highly suspicious. Then call the help desk to verify the email, so CTS can determine whether it is phishing scam,” Decker said.

When a scam has been identified, students can then report the scam using Gmail’s report phishing tool. Google reviews any scam threat, and has the resources to shutdown the scam and track-down the source.

While the campus security network does a good job blocking out large volumes of scams, CTS offers several resources to students for staying up to date on any recent scams, in addition to instructing how to spot scams and how to protect important information online. In the rare event a scam breaks through the security network, these resources are valuable tools.

Students can keep up to date on any recent phishing scams through the CTS Facebook page. Pictures of the scam will be posted on the page’s timeline, so students know what to look out for. The most-recent scam can be viewed on the page and is dated Feb. 20.

Students can also receive valuable online-security instruction through the CTS On-Demand training page, located on the school’s website. Under LakerApps-Gmail on the on-demand page, students can watch a training video titled, “Detecting and Reporting Spam and Phishing with LakerApps Gmail.” The 21-minute long video includes examples of spam and phishing scams, including instruction on how to detect them.

“It’s important for everybody to know how to detect these issues instead of relying solely on CTS,” senior Erick Towers said. “If students were more knowledgeable it would take pressure off CTS.”

While these resources can teach students how to detect scams, students say remaining cautious with personal information online goes hand-in-hand with online security training.

“Students should have the common knowledge not to just give out any personal information,” Towers said. “However they cannot be held fully accountable if they are not fully educated on how to detect fraudulent messages.”

“It’s a matter that needs to be taught, because you can’t just assume that every student knows how to detect Internet fraud,” junior Joe Spataro said. “But most of the time I rely on the fact that if it’s to good to be true it probably is.”