Recently there have been many phishing scams getting into the e-mail system of UNC Charlotte students, faculty and staff. Is there a way to sort out the important information from the scams? Bohdan “Dan” Dombchewskyj of UNCC Information and Technology Services (ITS), had a few answers and suggestions on how to protect your personal computer.
The common knowledge about most e-mail phishing scams is to never respond to anything wanting a username and password. “UNCC will never send an e-mail message requesting that a user provide his or her password or other personal information,” said Dombchewskyj. “Students should never respond to such an e-mail message.”
There have been a few e-mails sent from ITS to UNCC students, faculty and staff describing some recent phishing scams; one scam with “UNC-Charlotte” in the subject box, indicating UNCC is going to change its “web mail service and that you will need to provide your username and password so that your account can be changed,” and the second scam with “UNC-Charlotte” in the subject box, insisting “the user’s Inbox is too large … [and to send] the account username and password [in a reply message] so the Inbox space can be reset.” Both of these e-mails are fake because they ask for a person’s username and password. Dombchewskyj elaborated on other indicators of phishing e-mails:
“1. The ‘Reply To’ address will not be a UNCC address, 2. The text in the message will normally not mention UNCC and will frequently refer to some other university or entity,” said Dombchewskyj, “3. The grammar in the message will be poor with misspelled words.” Another indicator is when there is an actual link in an e-mail and that takes the user to an official site look-alike and asks for some personal information as well as a password. “The link in the message is a disguised link, made to look like it connects to an official site,” said Dombchewskyj. One way to make sure the link is “legit,” according to Dombchewskyj, is to let the cursor hover over the link, and the URL address it points to will show up at the bottom of the message window – do not use the link in the message, but rather type the real URL address of the site into a Web browser.
Let’s make this simple; all these rules can be broken down into one single rule: delete any e-mails asking for a password. Dombchewskyj went on to say how banks and credit card companies go by the same method, “They do not do business that way.” There are a few good sites to help differentiate between phishing scams and important e-mails at the end of this article, referred to by Dombchewskyj, who said, “Education is the key to not getting scammed.”
Instead of having to remember all this, what is wrong with getting a software program to filter out all this phishing nonsense? “The best choice for the average user is to buy a ‘security suite,’” said Dombchewskyj, “which includes a whole range of security products in one package.” Though research on the different products is advised, Dombchewskyj offered a few Web sites that provide evaluations and ratings of different protection software, including: “ConsumerReports.org (October is cyber-security month), PCWorld.com, PCMag.com, [and] firewallguide.com.” There has been much bad-mouthing from members of the UNCC community about the Norton system, offered by UNCC, but Dombchewskyj specifies it is just talk.
“One version can be best-in-class and the next a dog with loads of bugs.” Symantec Norton Internet Security 2008 got PC World’s highest rating, according to Dombchewskyj, referring to PC World’s Web site. “The key to getting the best protection out of any of the security products,” said Dombchewskyj, “is to make sure you have the latest version with the most recent definition files.”
One thing Dombchewskyj wanted to make clear is that, “Students have to take responsibility for protecting personal data and [to] understand that falling for these scams puts their information and the University at risk.” If there are any questions about a UNCC e-mail that looks “phishy,” just call the UNCC Help Center (704-687-6400). For more examples on Internet scams, visit the FBI's site for Internet Fraud.
Be the first to comment on this article!