UC Davis students and faculty have recently been hit by a web e-mail hoax that reads “Update Your UC Davis Webmail Account.” The e-mail was directed to .ucdavis.edu Google-based e-mail accounts, and required respondents to click on a fraudulent web address link.
Instead of updating your UC Davis webmail account, the link requires users to enter both their UC Davis username and password used to login to their UC Davis webmail account. Subsequently, the account becomes compromised; as a result, the user must reset both their passphrase and challenge questions used to secure the account.
To prevent students from being victimized by phishing incidents like this one, UC Davis IT Security Coordinator Robert Ono refers students to anti-phishing information located, on the UC Davis Information and Education Technology (IET) web page.
UC Davis will never ask you for your passphrase via e-mail, telephone or non-campus website, according to the IET web page.
“I don’t believe it’s so much a problem of internet security as it is with students’ lack of understanding of phishing scandals; students should be aware of such incidents and become better educated on what constitutes an illegitimate e-mail, simply by visiting the IET website,” said first-year biological sciences major Daniel Tran.
Ono adds that approximately 70 to 80 percent of all e-mail are spam and phishing messages. Though most messages are caught and dropped prior to delivery, a few may be delivered to a student e-mail account.
“The few delivered spam or phishing messages appear in your e-mail junk folder, and a fewer yet number may make it through to your mail inbox,” Ono said.
To avoid phishing scams in general, Ono states that students should be aware of the following when encountering suspicious e-mail messages. Phishing messages generally contain no initial salutation, such as “Dear Student.” Phishing messages often describe some urgent action for the e-mail reader, such as visiting a website or forwarding your login account information to a destination. IT Express, the campus help desk, will never ask you for your login account password to be sent or entered into a webpage. The messages often indicate origination from a campus unit that does not exist.
“Contact the campus help desk, IT Express, to confirm the legitimacy of a message asking for personal information. E-mail recipients may also independently look up a telephone number for the apparent message sender and contact the sender by telephone to confirm legitimacy of the request,” Ono said, regarding the confirmation of e-mails.
IET attempts to educate students and faculty alike on the importance of internet security, as well as allow users to take advantage of useful links ranging from Multimedia Content Development to Training Services in Classroom Media Training, and the IET web page provides students with readily available “how-to” links regarding internet security, e-mail and computing services and educational technology.
“The campus continues to improve its anti-phishing message filtering. However, the campus needs to carefully manage such filtering to ensure the filters do not prevent the delivery of legitimate messages — a false positive,” Ono said.
For information about this issue, visit security.ucdavis.edu/antiphishing.cfm.
GHEED SAEED can be reached at firstname.lastname@example.org.