Scam e-mails continue to fill student inboxes

Fraudulent e-mails asking users to give away their passwords and personal information are allowing spammers to access student accounts, a school official said.

About 70 students have responded to the scam e-mails since April, potentially giving the spammers access to their accounts, said Gerry Sneeringer, director of IT security at the Office of Information Technology. The university’s filters try to stop the messages, but spammers continue to find ways around them.

“It’s a never-ending war where we make a move, they make a move,” Sneeringer said.

The scam e-mails request students to give their passwords to avoid deactivation of their e-mail accounts. Sneeringer said a legitimate message from the university will never ask students to give away their personal information.

Spammers may use the e-mail accounts they have stolen to scam other universities, Sneeringer said. Having access to the additional e-mail accounts will make the spammers more difficult to track down.

The university has written articles and created screensavers and posters warning students about this threat, said Phyllis Dickerson Johnson, an OIT spokeswoman. Two days ago, OIT put a message on the university’s e-mail website warning students not to share their passwords.

Sneeringer said it is important for students to realize only they can keep their information safe.

“In the end, this is not a technology problem but a human problem,” Sneeringer said. “In the end, the solution has to be a people solution.”

Sneeringer said people are fooled by the deceitful e-mails, because they are increasingly realistic. Their quality, grammar and tone are improving, making them sound more like they are from a legitimate organization. Some of the e-mails are exceptionally short, making students more likely to read them.

Scammers will also place reputable links in the body of the messages, creating the illusion that the e-mail is from a safe source. They then include links that connect users to imposter websites and ask for personal information from there.

Some students have figured out the e-mails are fake and responded with sentiments like “drop dead,” Sneeringer said. However, he said students should never respond to such e-mails because responding in any way will confirm to the spammers that the e-mail address is valid.

chrisyudbk@gmail.com