Earlier this year, sophomore Nicole Fox repeatedly received e-mails from what she thought was the online transaction company PayPal, asking her to verify her account information because of suspicious activity. If she didn’t verify, the e-mails said, her account would be closed.
After deleting the first few messages, Fox decided to follow instructions and submit her account information. She was surprised to find that shortly thereafter, the account was emptied by hackers.
“I was trying to verify that it was my account, but the process of that itself was a scam,” Fox said.
It was not PayPal e-mailing Fox – it was a con artist.
The fourth most common Internet scam, according to the National Consumer League, “phishing” occurs when scammers posing as legitimate representatives of big-name companies such as PayPal, eBay and Chase Bank send out e-mails asking users for their private financial information. When users turn over their credit card numbers, bank account numbers or other personal information, they’re exposed to identity theft and financial loss. Many legitimate companies, such as amazon.com, note on their Web sites that they do not ask for financial information including credit card numbers through e-mails.
According to the Anti-Phishing Working Group, phishing attacks are on the rise. There were more then 15,000 newly reported phishing campaigns in October, up from around 13,000 in September. Phishing Web sites and e-mails are often made with sophisticated graphics that make them hard to distinguish from legitimate sites.
With phishing attacks on the rise, GW students and their University e-mail addresses aren’t safe from the threat. Students have received phishing e-mails purporting to be some from companies, including Chase and amazon.com.
In October sophomore Matt Brady said he began to receive 15 to 20 e-mails a day at his GW e-mail address from a sender posing as a PayPal employee. Since Brady doesn’t have an account with the online money-exchanging company, he said he knew the e-mails were a fraud. But Brady said he thinks it’s the University’s responsibility to protect users from phishing attacks.
“I’m curious how they got my e-mail account,” he said. “This e-mail account is part of the University. This shouldn’t be happening. The University should take care of it.”
Alexa Kim, executive director of Information Systems and Services Technology Services, said the University is researching ways to improve e-mail security and recently upgraded its server to recognize phishing attempts.
“ISS Mail engineers are continuously innovating ways to protect the campus community against e-mail based threats,” Kim wrote in an e-mail to The Hatchet this week.
She added that the University provides information to students about the dangers of phishing through posters on campus and warnings on the ISS Help Desk and Colonial Mail Web sites. Kim said GW e-mail users should set up spam filters to help protect themselves from Internet scams. To set up a spam blocker, students can visit the GW Account Management Center at http://amc.gwu.edu.
“It’s become a very easy and fruitful method of identity theft,” said Susan Grant, director of NCL’s National Fraud Information Center.
For now, individuals are mainly responsible for protecting themselves against phishing attacks, Grant said, adding that users should follow “basic computer hygiene” by not opening e-mails from unknown senders.
Grant said, “If somebody is contacting you out of the blue asking for personal information, it’s a scam, and you should not provide it.”