Students and faculty across campus have reported an increase in phishing, and social engineering is making it harder to tell what is real or fake.
Phishing is a type of online scam where criminals send an email posing as a legitimate company or organization and request private information or money. Social engineering is the use of deception to manipulate individuals into giving personal information that may be used for fraudulent purposes.
Information security officer in information technology (I.T.) Thomas Meyer said one of the most believable emails people get is from people pretending to be family, friends or a boss who claims to be in an urgent situation where they need money.
“They try to convince you, ‘Hey, I need money’ or ‘Hey, can you grab something for me real quick?’ ‘Go buy me an Itunes gift card and give me the number off the back, or Visa cards,’” Meyer said.
He said this was something he first saw on Facebook, and the scam has made its way to email.
“It’s gotten more prevalent as of late, but the scam has been around for at least two years in some form or another,” Meyer said. “People may be seeing it more commonly now than they were before because, lo and behold, it works.”
He said the other most deceptive phishing email comes from people pretending to hack someone’s account and the user is blackmailed with information from their computer they would not want others to see. The scammers offer to make it all go away for money.
He also explained how students and faculty at Southeast are more susceptible to receiving and falling victim to these scams because they attend an administrative institution and have confidential information sent to their Southeast email, such as emails from potential employers or Student Financial Services.
“People tend to think less of their school emails because they think all their stuff is on their personal email,” Meyer said. “They don’t think it’s bad when their student email gets hacked ... well, it can be.”
I.T. has automated filters that detect phishing emails and hackers, but they also take into account emails marked as spam. Meyer explained how sometimes they do a great job at detecting issues, but other times, not so great.
He said approximately 250,000 to 300,000 emails go through the system every day, and some days half of that is detected as junk. Other days it is much more. However, due to the wide range of factors the filters account for, it makes it nearly impossible to know how many of those emails are phishing emails or hackers.
“Filters give you a little bit of an idea but nothing is concrete. For all I know, phishing is 1 percent or 20 percent of that junk mail,” Meyer said.
While Meyer said he doesn’t have an exact number of people who have responded to these emails, it is low.
If a student or faculty member falls victim to one of these online schemes, I.T. and the Department of Public Safety (DPS) will work with the individual to help them deal with the situation.
I.T. will investigate the account, try to figure out what happened and what all can be recovered. After restoring access to the email address, I.T. will try to help them keep their email from being compromised again. DPS gets involved in more serious cases, like when money or identities are stolen or compromised.
Meyer explained how internet providers and other companies have screening processes as well, and if senders are flagged, companies are automatically informed and this flag also immediately notifies internet providers and the sender is shut down.
I.T. offers a newsletter where they keep students and faculty up-to-date with guides and issues they notice, and try to give advice on how to proceed.
I.T. is located in Memorial Hall 107 and Towers Complex 108 and offers assistance with supporting software and hardware. They also offer limited services by phone at (573) 651- 4357, email at helpdesk@semo.edu and chat.