Security :: Spam and Phishing Scams

Printer-friendly version

Phishing scams are attempts by hackers and cybercriminals to steal personal information or hijack computing resources for nefarious purposes. The most common (and most successful) phishing scams are emails that appear to come from a legitimate source (for instance, HSU Technology Help Desk, your bank, eBay, PayPal), and which contain a link that directs you to  equally legitimate-looking web pages. These emails almost always ask you to verify some detail about your account by going to this legitimate-looking web page and entering your account credentials or other personally-identifiable information.

If you provide personal information on these sites, you risk losses through fraudulent use of your credit cards or bank accounts, even full-blown identity theft. If you give out your HSU User Name and Password, you're giving out easy access to the entire HSU network. More often than not, this results in HSU network resources being used to distribute spam, which in turn leads to email from being blocked by ISPs and major companies. This means that until the particular situation is discovered and rectified by HSU and resolved, anyone with an email address in the domains that have blocked will not receive email sent from Humboldt State University.

The reality is that no bank or other financial institution, or the HSU Technology Help Desk, or Microsoft, is going to send this kind of request by email, because they know that it's an insecure way to transfer confidential information. These emails and websites are simply fronts for stealing your identity or using your computer's processing power to send spam. If no-one ever believed them, they would stop sending them. But because there's always someone who acts on these requests, they keep coming.

Here are just a few examples that have been directed at Humboldt State University users.

What You Can Do

To avoid becoming a victim of a phishing scam, just stop and think any time you find yourself tempted to click on a link in an email. Does the email contain spelling mistakes? If you hover your mouse over the link, does it display a different URL than you would expect from that sender? Check the web address in the address bar. If the website you are visiting is on a secure server, it should start with "https://" ("s" for security) rather than the usual "http://"; look also for a lock icon on the browser's status bar. And never, ever, volunteer your HSU User Name and Password in an email.

Keeping your antivirus software up-to-date will go a long way towards protecting you against phishing attacks. You can also educate yourself about identifying fraudulent messages - check out these games and quizzes for a fun way to learn more:

If you do accidentally send your HSU User Name and Password via email, immediately change your password via the Account Settings link in MyHumboldt and call the Technology Help Desk at (707) 826-HELP (4357) so they can take action to prevent problems.

What HSU is Doing to Help

The Gmail spam filtering uses a variety of mechanisms to identify and block messages containing certain key words and phrases that indicate spam, and to lock accounts out of the network that appear to be being used for spamming. Google's spam filter also makes extensive use of Real Time Black Lists (RBLs) - independently-maintained lists of IP addresses known to regularly send spam. If any organization does block the domain, ITS reaches out to them to re-restablish a connection, and is continuously updating anti-phishing strategies to best protect everyone.