In the past week, hackers have set their sights on Wayne State, launching several “phishing” email attacks in attempt to ensnare student’s personal information.
Dictionary.com defines “phishing,” as trying to obtain financial or other confidential information from internet users, typically by sending an email that looks as if it is from a legitimate organization.
To prevent students from falling prey to these attacks, the WSU Computing and Information Technology department is providing information to students on how to fend off email scams.
“Be suspicious of any Wayne State email that states your account is about to be locked or deleted; they are common schemes that attackers love to use,” says Kevin Hayes, Director of Information Security at C&IT.
Hayes and C&IT are helping students victimized by these attacks regain access to their accounts.
“While our Office 365 email environment provides great protection against external email attacks, the scammers have gotten a bit sneaky and realized that emails will go through much more reliably if they are sent from an actual Wayne State account,” Hayes explained.
“Attackers are using stolen passwords of Wayne State students to send out mass emails to the rest of the campus community, typically asking people to click on a link that looks similar to the Wayne State login page.”
Hayes explained that once students give up their Wayne State login information, their account can be used to hack more people, while also shutting them out of their own accounts.
“Unfortunately, if someone types their password into that fake login page, then the attackers have a fresh new account that they can launch even more attacks from,” Hayes says. “And if you get tricked into giving up your password, your access to Wayne State systems such as Academica, Blackboard, Wayne Connect and Wi-Fi will be suspended.”
Once students are locked out of their WSU accounts, the only way to regain access is to contact the C&IT Help Desk.
“If you think that an email message from Wayne State is fraudulent and you want to double-check, please contact the C&IT Help Desk at 313-577-HELP and they can confirm if an email is legitimate,” Hayes says.
In the meantime, students are advised to disregard emails from WSU claiming to be “time sensitive” and asking for personal information.
Hayes notes some of the possible consequences of responding to phishing emails include: having your class schedule rearranged or having student aid refunds routed away from you and into a attacker's bank account.
He wants students to be assured that C&IT is working to resolve the issue.
“Our email and security teams typically respond and disable hacked accounts within a few minutes of new phishing emails being sent out,” Hayes says. “This keeps the attacks from spreading and blocks the fake login pages to anyone using the campus internet connection.”
Students who have received phishing emails can forward them to email@example.com. This helps the department shut down hacked accounts before they can send more spam to other students or faculty.
If you believe you have received a phishing email or have responded to a phishing email, you can email the C&IT Department at firstname.lastname@example.org.
Phishing can be a serious issue and has the potential to wreak havoc on your digital life, but students can protect themselves by remaining vigilant for potential email scams and refusing to take the bait.