Marquette students and faculty have received phishing emails within their Outlook inboxes in the past few weeks. Phishing emails are attempts by other users to receive, or steal, confidential information.
Jeremy Edson, director of Information Technology Services, said attackers are trying new techniques daily.
“ITS works diligently to block malicious links and reset passwords of compromised accounts,” Edson said in an email. “Bad password hygiene is nearly impossible for ITS to detect and combat, because it relies on the end user to use long, unique passwords for each account.”
Edson added that most of the emails usually offer a “too good to be true employment opportunity,” which included a recent email that was sent out to students that had an advertisement for a personal assistant job that would pay up to $300 weekly.
“The scammer will usually require you to pay a set-up fee, or have you deposit a series of checks and then transfer part of the deposit as a finder’s fee, or some other reason,” Edson said. “The check will initially clear, but then bounce, leaving the victim with less money in their bank account.”
Patrick Litner, a first-year in the College of Nursing, said that he recently received a phishing email that a majority of Marquette students received.
“The email I got was from a few days ago,” Litner said. “It was obvious that it was a scam, but the job it included was being an assistant of some sort.”
Erin Kill, a first-year in the College of Arts & Sciences, said she had phishing emails sent to her in the past.
“I’ve gotten a couple phishing emails so far this year,” Kill said. “Most of them have been about various ‘jobs’ or ‘opportunities’ that I could be a part of. They tend to begin with people saying they were or are a part of the Marquette community, as well.”
Edson provided a few tips as to how a user can easily spot a phishing email within their inbox.
“(An) attack (will) list a department that doesn’t exist, is filled with grammatical errors, and the link goes to a non-Marquette affiliated website,” Edson said in an email.
Although Kill has received numerous emails, she believes that this doesn’t pose a threat for students’ or faculties’ safety.
“I think Marquette students are cautious enough to be wary of suspicious emails,” Kill said.
Despite the emails becoming a common occurrence, Edson said the ITS is taking more precautions to ensure that the Marquette community is not receiving any more emails in the future.
“IT Services is in the process of migrating to a new mail security platform that should help reduce the frequency of these types of attacks,” Edson said in an email. “We will also be offering multifactor authentication to students in the near future to add an additional layer of account security and dramatically reduce the effectiveness of this kind of attack.“
Edson said it is ultimately up to the user to use technology safely.
“Technology can only do so much, it is up to the end user to practice due diligence by having good password hygiene (long passwords, unique to each account), only clicking on links and files from people you trust, and using common sense when it comes to online activity,” Edson said in an email.
Litner said that he is always observant while checking his emails.
“Before I even open an email, I look to see who the sender is,” Litner said. “If it’s an advertisement or someone that I don’t know, then I don’t open the email.”
Kill praised Marquette’s IT desk and their efforts in order to stop the emails.
“Less than an hour after the phishing message I received today, I got an email from Marquette IT Services spreading awareness that it was indeed a phishing message,” Kill said. “I think this was great on Marquette’s part.”
However, Kill said she would like to see the IT desk make students more aware of the emails.
“Perhaps they could send out an email or something else that provides the signs of phishing scams to prevent students from falling for them if they continue to happen,” Kill said.
Edson recommends using long, unique passwords to protect accounts and avoid situations like phishing.
This story was written by Natalija Milesunic. She can be reached at [email protected]