Q&A: IT alert system and phishing scams

Phishing scams are nothing new for students at Waynesburg University. The Information Technology Department on campus has an alert system that contacts students when they receive these scams. Phishing scams are common; yet, many students do not know what to do when they receive them or how to protect themselves against their effects. 

Waynesburg’s Senior ITS Director in charge of network security, Josh Starsick, tries to keep students as protected and as safe as possible. 

Question: How do these phishing scams happen?

Answer: There are a number of different ways they can happen. One way is when your account gets compromised. Say you may have used your password somewhere else and the scammers put together your email, name and password, they can then log into your Office 365 account, and send out an email to everyone in the global address book.

That way is not as common as the other, which is a scammer pretending to be somebody from the university or somebody that is known. It might be a name that looks familiar, but the email address is just a Gmail address or something like that. Something similar to presidentlee@gmail.com to try to get you to click on a link so they can scam you.

Q:What are these phishers trying to accomplish?

A: Oftentimes what phishers are trying to do is harvest your credentials. There may not be a whole lot of value in harvesting a student’s university credentials, but once they have your email address and your password, they have an advantage. There are a lot of people that reuse passwords or some variation of a password on other sites. They might try to go to a number of different banking sites and use that username and password or a combination of them to try and get in. 

Q: Why does it feel like students have been getting more phishing scams than ever?

A: They come in waves. Whoever is collecting data has accessed the university’s website and found the names of all of the professors. They will create email accounts for as many addresses as they can. Sometimes, once a single user’s account gets compromised from the scam, they will use those credentials to log into it to send more emails. 

Q: What should we do if we suspect we are being scammed?

A: The very first thing is if you receive an email and it looks like it is a scam email, just delete it. Ignore it. If you happen to click on the link and put your university credentials in, or any other credentials in and realize it is a scam after you submit it, please call the Help Desk. No judgment. These kinds of things happen. We will walk you through getting your password reset, and we will talk about some of the ways you can try to be a little safer in clicking on these links.

Q: Is there anything we can do to protect ourselves from getting these scams?

A: Our spam phishing folder catches a large amount of these emails, so the most important thing to do is never use the same password on two different services. Never use a variation of the same password on two different services. The phishers are becoming very efficient and effective by putting different types of information together from different types of data sources to scam you.

Other things you can be aware of are making sure you have antivirus on your computer. Just be careful what you click on. Don’t click on emails you aren’t expecting. If it sounds too good to be true, then it is. If you have a question about it, call the Help Desk. We can certainly help determine if it is legitimate or not. 

Q: What kind of system is in place to alert students of these phishing scams and how does it work? 

A: We have multiple email templates that we use to communicate to the campus community. One is for security issues, and we also have a scheduled maintenance template that we will send out that will say, ‘Hey this service will be down and we expect it to be down for this amount of time while we are working on it.’ Finally, we have just a general information template. 

We have modified our security alert template to be a little bit more user friendly and obviously state what the alert is about. We have new templates that present the information in a way that’s easier to read, actionable format.

If a student suspects that they have received a phishing scam, they are advised to not click on any link; but if they do, contact the Help Desk at 724.852.3413 or helpdesk@waynesburg.edu.