Phishing scams, fraudulent e-mail and website scams to steal personal information have become an growing problem on the University of Wisconsin campus over the past school year, according to university officials.
In response to a large breakdown of online campus security last fall, university officials started a new initiative to crack down on the problem.
Jim Lowe, chief information security officer at UW, said last semester, one phishing e-mail scam was sent out to 6,300 students and staff.
Ninety five of those students and staff, or just over 1 percent, gave up their credentials in response to the e-mail, creating a large problem for the UW list server and the DoIT Wiscmail team.
A typical phishing scam consists of an e-mail from the “campus help desk” or other legitimate university office claiming victims must reset their username or password due to maintenance work being done on the system. The usual targets of phishing schemes are the officials working in the department the scam claimed to be sent from.
“It only took the response of a few people for the scammers to create a problem,” Lowe said. “Most of the Wiscmail team was working around the clock to prevent the loss of services because of that breach of security.”
Consequently, UW started an awareness campaign to educate students and staff on the types of scams and their dangers while also strengthening the filtering system for e-mails and sending out a generic message when a new scam is found.
One of the difficulties of stopping online personal identity scams is the ever-changing framework of the newest scams.
Brian Rust, senior program administrator for UW communications, said the key to stopping phishing is awareness and keeping security ahead of the newest scam tactics.
“Some of the most recent scams are more personal as scammers have realized that the general public is becoming more savvy to their techniques,” Rust said. “For instance, a scammer will engage a person with more one-on-one dialogue so that the victim lets down their guard.”
Despite the university’s efforts, a significant number of students, faculty and staff continue to disclose their personal identity information in response to fraudulent e-mails and websites, according to university officials.
Before phishing scams became a problem, some UW departments asked for their staff to verify or change their username and password via e-mail. This policy initially confused many people, but UW is now working with departments to eliminate the e-mail requests.
“University departments will not ask you to disclose personal information via e-mail,” Lowe said.
Lowe went on to say that UW’s focused message is not to entrust your personal information to anybody you do not know, whether by e-mail, website or phone.
For more information on how to identify e-mail scams and phishing, visit UW’s website on anti-phishing or watch UW’s anti-phishing video.