UWRF community warned about increase in phishing, other scams

Posted February 22, 2017

Students, faculty and staff at UW-River Falls are increasingly being exposed to online “social engineering” scams, according to campus technology officials.

A recent edition of the online campus newsletter, Falcon Daily, warned faculty and staff of an uptick in scams coming by telephone or email. Social engineering scams, such as phishing, aim to gain the trust of the victim.

“Phishing is an attempt from an individual or organization to try and get logins or personally identifiable information like Social Security numbers, bank account numbers, different things like that,” said Joseph Kmiech, who recently became head of the Division of Technical Services (DoTS). “Sometimes it’s an attempt to get more contacts.”

A person may receive emails or phone calls from people claiming they work for a company that the person may have used. Sometimes the messages use threats to help speed the process of obtaining information. Common scams include someone calling from the IRS to state that an individual owes a specific amount of money and if not paid they will be fined. Another is threatening to close accounts if a specific amount of money is not paid.

Once the scammer has the information they need to access someone’s account, they can send emails on that individual’s behalf without the person knowing about it. This tactic is done by setting up a filter that deletes the sent files.

Universities have set up systems to protect email accounts, according to officials, but people need to educate themselves as well.

“Ultimately, the individual is the last line of defense,” Kmiech said.

Stopthinkconnect.org is one website that helps people understand how to stay safe on the internet. It was created by the Anti-Phishing Working Group, the National Cyber Security Alliance and the U.S. Department of Homeland Security. A few tips the website offers are to stay up to date on all the latest security software and to be wary of suspicious emails — even if they come from friends or associates.

“Even if you know the source,” the website warns, “if something looks suspicious, delete it.”

If a student or UWRF employee happens to fall victim to a social engineering scam, the first thing to do is contact DoTS to get help reset a password, Kmiech said. DoTS also can help set up filters to stop some of the phishing emails from getting through. Another way DoTS protects students and employees is by looking at the volume of email sent out. If the activity on an email account is high, DOTS will contact the account holder to verify that their email has not been compromised.