Scammers phish

By Jay Huerbin

Pitt students beware: Scammers are phishing for you. Yesterday, Computing Services and Systems… Pitt students beware: Scammers are phishing for you. Yesterday, Computing Services and Systems Development updated the Web site with a warning concerning a phishing scam that has affected some Pitt e-mail accounts. The scam involved a sender appearing to be from a legitimate company asking for recipients’ personal information. These phishing e-mails began hitting an unknown number of Pitt students’ e-mail boxes in May. The e-mails were sent from [email protected], with the subject ‘ E-mail upgrade.’ The sender stated that, ‘The Office of Information Technology is in the process of migrating all e-mail accounts to upgraded central e-mail services’ and that an ‘account owner that refuses to update his or her e-mail account within 30 days of receiving this warning will lose his or her e-mail account permanently.’ The e-mail, which was sent by a scammer, asked students to confirm their identities by replying back with their username, password, date of birth and location. In the event that a student did respond back with the requested information, a phisher could log into the student’s University account. Once somebody has access to the University account, he can search the account for more personal information that could be used in identity theft. A warning code, case ID number and apologetic statement from the phisher concluded the e-mail. Officials at Computing Services and Systems Development said they aren’t sure how many phishing scams target Pitt students, because few students actually report this information to CSSD. ‘Our experience has been that most students are very cautious about responding to these types of messages and when in doubt have inquired,’ said Jinx Walton, Pitt’s director of CSSD. ‘For the most part, however, they seem to understand that these are phishing scams.’ However, these scams aren’t new. ‘These types of scams have been around for years,’ said Walton in an e-mail. ‘And as new versions of these come out, CSSD posts security announcements on our Web site.’ But catching phishing criminals can be difficult. Many phishing e-mails look professional and may include a legitimate e-mail address. CSSD, however, warns that details like that are all part of the scam. ‘E-mail addresses can be very easily spoofed so it is never a good practice to assume that the named sender information is correct,’ said Walton. CSSD officials said keeping students informed about new scams is a priority. ‘Our efforts in this area are to continue our user awareness efforts,’ said Walton. ‘Our spam vendor, Postini, continues to modify its filters to catch these phishing scams, but it is an ongoing process since they change constantly to avoid the filters.’