Individuals are more prone to phishing scams this semester as they spend more time online during the pandemic.
In Texas, there have been 10,768 reports of COVID-19 related fraud from Jan. 1 to Sept. 16. 53.8% of reports resulted in a loss, totaling $7.13 million in total losses, according to the Federal Trade Commission.
Phishing emails consist of messages specially crafted to deceive people into giving up their usernames, passwords and other personal information, according to the Information Security Office. The scams try to gain access to accounts, send spam from compromised email accounts or retrieve bank account information.
Phishers have a bigger audience now because of COVID-19, said Lee Pierce, assistant director of knowledge services.
“For [scammers], the opportunities to reach out [and] interact with people probably increased because more of us are online doing more of our day-to-day activities than ever before,” Pierce said.
Recently, students, faculty and staff were alerted about a phishing scam on Aug. 31 in a universitywide email from the Information Security Office.
The scam tried to collect sensitive financial information from potential victims by using “Financial Responsibility” or “Financial Agreement” as the subject line and links to sites appearing as legitimate UTA sites, according to the email.
The office blocked the scam after UTA employees sent the suspicious email to spam folders and requested it be reviewed, said Cheryl Nifong, chief information security officer.
“There is definitely an uptick of targeted phishing emails in COVID trying to leverage that problem in order to gain people’s trust and to get information from them,” Nifong said.
Questionable emails are sent from external email addresses such as Yahoo, Gmail and other institutions where an email account has been compromised or impersonated. They direct recipients to click on a link or reply using their own email.
Phishing is often financially motivated, asking students and faculty for personally identifiable information such as social security numbers and logins, Nifong said.
Erika Leal, computer science doctoral student and Cyber Security Club co-president, said to only use school email accounts for school-related things. If worried about a compromised account, she suggests individuals use the site Have I Been Pwned to check if an email is on the black market.
Three ways to identify phishing emails are to check the email’s sender and the the subject line and look for grammatical errors, Leal said.
Phishers usually do not care what type of information they receive since they're just looking for data they can resell for nefarious purposes, said Mario Oliveros, information systems junior and Cyber Security Club co-president.
“Even if [phishers] try 1,000 people, they’re just looking for one person who’s gonna fall for it, and that’s the issue,” Oliveros said.
Do not use the same password for everything. Instead, use a password manager and avoid emails sounding too good to be true, he said.
Maria Tapia, information systems junior and Cyber Security Club secretary, said various forms of phishing try to hook potential victims such as general phishing, spear phishing and whaling.
While regular phishing emails are generic, spear phishing specializes on targeting specific people and whaling aims for a corporate level such as higher-ups and big corporations like Microsoft and Google, Tapia said.
The grand majority of phishing emails are stopped, but there are so many that some things will get through, Oliveros said.
“Phishing is a small part of a bigger thing that’s done in order to try to get access to things that people shouldn't have access to,” Oliveros said.
@david___a23
Post a comment as
Report
Watch this discussion.
(0) comments
Welcome to the discussion.
Log In
Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.