The number of online scams hitting email inboxes at GW has nearly quadrupled over two years with increasingly sophisticated and deceptive hacks, the University’s top technology official said last week.
The Division of Information Technology now records about 35 to 40 phishing scams each month, compared to about 10 scams each month two years ago, Chief Information Officer David Steinour said last week. The scams – which are often disguised as official GW or banking communications – can run through hundreds of inboxes at a time.
Steinour estimated that about 700 people received last week’s two phishing scams, which were disguised as an official University email and a job offer. Because about one in 10 recipients fall into a hacker’s trap, Steinour said about 70 students, staff or faculty may have shared sensitive information including passwords, credit cards or banking information.
“Scammers are always updating their techniques to bypass these filters, and administrators in turn try to improve the filters to catch them,” Steinour said in an email. “We will continue to do as much as possible to prevent these attacks from getting to mailboxes and continue our efforts to raise awareness about these scams.”
The University has sent out five times more campus-wide warnings about phishing scams so far this academic year as scammers become more sophisticated at bypassing security firewalls. Those warnings have shot up this semester, with officials alerting students 10 times of new phishing scams, compared to four warnings last semester.
Once they identify a phishing scam, GW’s tech administrators race to block the sender’s IP address and prevent dangerous links contained in the emails from being accessed on campus.
Nine out of 10 emails that head for GW email inboxes are marked as spam and filtered out by email protections, but Steinour said some emails make it to personal inboxes.
The IT division warns the University community within 24 hours if a particularly threatening fraudulent email hits GW’s system. Administrators will send out a warning depending on “what the attacker is trying to access, how likely the scam is to succeed and whether or not the link contains malicious software,” Steinour said.
“We try to balance warning the GW community of new threats with the nuisance of receiving too many emails,” Steinour said.
Hackers know that students are more likely to click on unsafe links and share their personal data, said Peter Cassidy, the secretary general of a national organization called Anti-Phishing Working Group.
“[Hackers] want people who will respond and click. A typical undergrad eating pizza, talking to three people on IM, trying to figure out what they’re doing tonight, arguing with their roommates and trying to research something for their next paper – a pop-up jumps in front of them. Who’s more likely to click on the link?” Cassidy said.
And because hackers can also infect computers with viruses and malware to gain access to data without a person’s consent, Cassidy advised people to update anti-virus software on their computers.
He said people have to be cautious about every email they open because successful hackers can not only make purchases online and steal funds from bank accounts, but can even open up new lines of credit.
“If someone is asking you for something or giving you great news about an opportunity, it’s likely a lie,” Cassidy said. “The consequences are more than just being mugged online, the consequences can be life-damaging.”