Fake CITES e-mail sabotages students, asking for passwords

By Peter Kim

An Internet scammer has been sending phony e-mails, disguised as official University messages, asking students to “update” their e-mail user name and password.

Over the weekend and Monday, seven students have already replied to these fake e-mails, potentially giving away personal e-mail, bank account and credit card information.

Campus Information Technologies and Educational Services is warning students to not reply to any e-mails that ask for e-mail or password information.

In addition to spreading the word to students, CITES employees are trying to mitigate the spread of the e-mails.

“We’ve blocked any outgoing e-mails from those original phishing e-mails,” said Brian Mertz, communications specialist of CITES Security.

However, the best way to avoid theft is to simply delete the e-mail, he added.

Phishing is the practice of sending fake e-mails to obtain people’s personal information. In this instance, the Internet thief is trying to access students’ e-mail accounts in the hopes of finding e-mails containing financially sensitive information.

“Lots of people store other account information in their e-mail, such as banking, credit card, etc. (Internet thieves) hope to find that you’ve saved all that account information in your e-mail,” Mertz said.

About 600 fake e-mails were sent to students across campus.

The false e-mails can be identified by common mistakes found in many phishing e-mails, such as spelling and grammar errors and suspicious addresses.

“The easiest way to spot a phishing scam (is if it asks for your e-mail and password),” Mertz said.

“The University will never ask you for your password or your e-mail. Most businesses and banks won’t either.”

CITES has posted images of the two e-mails on the Internet as well as a complete breakdown of their flaws.

The warning covers all of the specific spelling and logic errors. For example, one of e-mail’s headers reads, “FINAL NTOFICATION,” and the other says the University’s help desk is located in Philadelphia.

Mertz added that phishing attempts are common on college campuses, but are usually not a threat because of their obvious – and sometimes laughable – flaws.

However, the University is more concerned about this attempt since it seemed to be working.

“Some people have been calling us to make sure,” Mertz said.

“This is probably the first time in a long while that this has happened, but we wanted to contact everyone and make sure that no one is giving away their information.”