Recent phishing scam raises online safety awareness
March 6, 2014
The recent phishing scam sent to ISU employees has Information Technology Services staff going through their usual procedures for whenever a scam comes to their attention.
This scam tried to convince its potential victims they would be given a pay raise if they provided their ISU credentials. Information Technology Services were first notified of this scam 2 p.m. on Feb. 21.
“The message indicated that you were eligible for a raise by your next paycheck and that you should go to the link they provided to fill out the appropriate paperwork,” said Andrew Weisskopf, an information security officer from the ISU Information Technology department.
Weisskopf explained that the link provided in the malicious email led to a Polish website that was a forgery of the AccessPlus page. If an employee entered their credentials on that page, they were then led to a page that was a forgery of the Microsoft Exchange web access page.
“[The scam email] was sent to a number of faculty and staff,” said Chad Jacobsen, a systems support specialist for the Liberal Arts and Sciences administration. “It was reasonably far and wide across campus.”
Jacobsen and Weisskopf both agree that this scam was more sophisticated than scams that have been seen on campus before because of the almost-identical appearances between the AccessPlus website and the malicious website.
IT Services does its best to look at malicious emails when they are notified of them, and they block access to the harmful website to computers connected to the campus’ network. When a computer is not using Iowa State’s Internet connection, however, users can access these malicious websites.
Phishing scams are nothing new at Iowa State, and IT Services expects to see more of these scams in the future.
“We’re just another target,” Jacobsen said. “[Iowa State is] a significantly-sized enterprise. That makes it a tempting target for the would-be scammers and phishers who are trying to get information out of us.”
Iowa State, though, isn’t the only target of the scam.
“Everyone’s being targeted,” Weisskopf said. “We do expect to see more and more.”
If you feel that you have been sent a phishing scam, forward the message to [email protected] and IT Services will determine if any links in that message are harmful.
“You will never get an email from the university that specifically links to a website,” Jacobsen said. “Instead, they’ll give you instructions.”
In the event that employees feel their credentials are known by someone who should not have them, they are encouraged to change their passwords and take extra security precautions to further protect themselves and their computers.
“If you’re clicking on links, you do want to make sure that your anti-virus is up to date and that you do a scan,” Weisskopf said.
Weisskopf also said that the Student Network Access Program can help do a scan of computers. It is located in the Solution Center at 195 Durham Center on campus.