University warns students watch emails for phishing attemps

A recent increase in spam emails through Marquette accounts has been reported by Marquette Information Technology Services, according to the March 22 edition of Marquette University News Briefs.

In the News Brief, the university advised Emarq users not to open or respond to suspicious messages in order to avoid giving out sensitive personal information.

Of particular concern to university officials was a rise in “phishing” emails, in which the sender aims to steal information from unknowing users. IT Services has reported an increase in fraudulent emails claiming to be from the university and asking students for passwords to applications such as CheckMarq.

Douglas Harris, a Marquette professor of computer science, advised students to follow the same precautions they would when opening physical mail. Anyone can send an email claiming to be from somewhere, Harris warned, just as anyone can send a letter with a false return address. Ultimately, Harris said, the responsibility for avoiding email scams lies in a user’s ability to differentiate between fraudulent and legitimate messages.

“With your bank, you know an Internet address that does connect you to your bank that can be verified,” Harris said. “Never give your password to anybody, even if somebody says they are the IRS. The IRS says they will never do that. But if you still weren’t sure, you could connect to the IRS website and give them information.”

Jason Gehrke, a graduate student in the College of Arts & Sciences, said he received a phishing email from someone claiming to be from IT services.

“It claimed there was some kind of maintenance going on in the Marquette accounts,” Gehrke said, “and in order to prevent my account from being deleted and losing everything, I had to send my user name, password, birth date and nationality back to the webmaster, so I knew it was a fraud.”

Gehrke says his previous experience in information security helped him to immediately identify the email as suspicious.

“Webmasters will never ask you for your identification and password in an email,” Gehrke said. “Secondly, if you push reply to a phishing email, the real address it was sent from will appear in the reply address. … Finally, anything that asks you questions based on nationality isn’t going to be real.”