A new phishing scam that attempts to burglarize user’s confidential information such as username, password, webmail login, and date of birth has found its way into the Colorado State University-Pueblo e-mail system.
Assistant professor of Mass Communications and Center for New Media, Justin Bregar, identifies the significance and consequence if someone attains personal information.
“The intent is to store your user name and password,” Bregar said, “which they can then use to break into your account or steal your identity.”
From there, the stolen information can be used to change user preferences, control the victim’s e-mail, and activate or request any other confidential information that does not require additional identification, such as a PIN number or Social Security Number.
“The traces would go back to you when you didn’t do anything and it wouldn’t go back to them,” Bregar said. “It would be very hard to trace back to (the culprit) and very hard to prove.”
Internet phishing is generally accomplished using a fake Web page or form that instead of logging you in, will steal your information.
Although this specific attempt is directed at the university e-mail system, other attempts seek to steal information by masquerading as trusted entities or companies such as banks, airlines, webmasters and internet service providers, Bregar warns.
While most phishing e-mails are sent out on a mass scale to try and reach as many people as possible, those who are less “computer or Internet savvy” are more likely to be a victim of phishing, Bregar said.
While some Internet browsers have caught on to popular phishing scams and are now incorporating phishing filters to stop the attack at the Web site, Bregar said, not clicking links could help prevent malicious attacks.
“The biggest thing is don’t click links in e-mails,” Bregar said. “Take the link, look at it, and go there in your browser rather than clicking on it.”
An e-mail for students from campus Information Technology Services (ITS) urges students to never send out sensitive information including: usernames, passwords, social security numbers and account numbers to anyone. Not sending this information out can stop the attempt and avoid additional problems.
“Colorado State University-Pueblo would never ask for your username or password in an e-mail – nor should any legitimate entity,” an e-mail distributed by campus ITS said.
Even if someone has fallen victim to a phishing scam, immediate steps can be taken to minimize the problem: “First thing to do, immediately, is you would want to go change the passwords from whatever they stole it from,” Bregar said. “You’d want to change (the password) anywhere where you use the same username and password.”
After all passwords have been changed, the company or individual that has been impersonated in the phishing scam should be contacted, Bregar said. This will allow the company to acknowledge a phishing scam has occurred and to look for anything suspicious in the future.