Like so many other colleges and universities, Tufts continues to be the target of phishing attacks. Although Tufts’ spam filters catch the vast majority of phishing attempts, some faculty and staff members recently received fraudulent emails noting our recent migration to Exchange and stating that they had exceeded their email quota. The email further warned that the user’s account would be shut down if they did not click a provided link and enter their Tufts Username and Tufts Password. If someone fell for the bait and entered their account information, they would have been directed back to Tufts’ official homepage without knowing that their username and password had just been captured by cybercriminals.
Phishing attempts like these are socially engineered and timed by the perpetrators to coincide with people returning from summer break, when it would be conceivable for them to be over their email quota as a result of mail accumulating in their inbox over the summer. To the casual observer, these messages and socially engineered websites often seem authentic.
Approximately 150 billion phishing emails are sent every day and education is one of the largest targets. With the sophistication levels of both spam filters and end users rapidly increasing, spammers often rely on sheer volume to ensure that their business remains lucrative. The more messages they send, the more likely it is one will get through modern spam filters to tempt the intended recipient. So how do you avoid getting “filleted” by a phishing scheme? Here are some helpful suggestions.
Beware of emails that:
* Ask you to provide personal information such as your Tufts Username or Tufts Password, bank account number, credit card number, PIN, mother’s maiden name, or Social Security number.
* Warn that your account will be shut down unless you confirm your user name, password or other personal information.
* Fail to address you by your name using a generic “Dear Webmail User” or “Dear Customer” or use your email address in the salutation.
* Create a general sense of urgency or fear and ask for immediate action on your part.
* Warn that you have been the victim of fraud.
* Have spelling or grammatical errors.
To report suspected spam to UIT’s automated system, forward spam messages to firstname.lastname@example.org.