Anti-phishing efforts increased to educate campus

A disembodied hand sends messages, one of which reaches a stick figure among many. The hand fools the figure into divulging its private information. Soon, the stick figure is a puppet for sending the same message out to the community at large.

A disembodied hand sends messages, one of which reaches a stick figure among many. The hand fools the figure into divulging its private information. Soon, the stick figure is a puppet for sending the same message out to the community at large.

This scenario plays out in a new video developed for UC Davis Information Education Technology (IET) to warn students about the dangers of phishing.

Phishing, the solicitation of sensitive information through deception, caught the attention of IET after they recently discovered that many first-year students did not know about the fraud.

“The simple fact was almost nobody knew what we’re talking about,” said Julie McCall, a communications analyst for IET. “A lot of parents knew. But a lot of students didn’t know. That was surprising.”

In turn IET has tried to spread the word as quickly as possible, canvassing dorms and the campus with fliers. The video, developed by senior design majors James Tang and James Kang, is the latest push in their information campaign.

“We want to reiterate the message from the video that because phishing scams can be disguised as reliable source,” Tang and Kang said in an e-mail interview. “Everyone is a target and anyone can easily fall victim to them if they are unaware of what to look for.”

McCall, who is leading this effort, said that phishing e-mails vary but there are common elements that should alert suspicion.

In their e-mail, the phisher typically poses as an official source, for example, university tech support. They request the recipient to enter his or her log-in ID and password, either by replying to the e-mail or entering it on a linked website.

Phishing messages usually contain threats, warning the user that his or her account may be closed or has been compromised.

Jourdan Perla, a computer resource specialist for the College of Engineering, warned that entering websites where users are redirected to other sites may put the user at risk for viruses or malware, which can also try to infiltrate users’ computers.

If successful, the phisher can use the account to send more spam messages or engage in additional fraud.

For those in the Davis community who want to avoid these scams altogether, McCall’s advice is: don’t give your account information because the campus doesn’t ask for it.

“UC Davis never asks students, faculty or staff to send us your password,” McCall said. “Even if you have a problem with your account, we never ask for your password.”

Students, faculty and staff should also avoid responding to e-mails asking for services, like bank accounts, that they don’t use.

“There’s no need to log in because it’s not legitimate,” Perla said. “Read your e-mail carefully before you start clicking on the links. The biggest thing is to be aware of what you’re reading. If it’s suspicious, get a second opinion.”

As recently as January last year, successful phishing scams caused several Internet service providers, among them Comcast, Hotmail, AT&T and Yahoo, to block UC Davis e-mail servers, paralyzing communication for more than a day.

If a user gives up their information, both Perla and McCall said the best option is to change his or her password to stop the phisher from accessing the account. They should also contact their banks if they suspect financial fraud.

For those who receive a phishing scam, McCall advises that they contact IT Express Computing services Help Desk (ithelp@ucdavis.edu) so they can block additional e-mails from the phishing address from reaching others.

For more information about how to avoid phishing scams and to protect your computer from cyber attacks, visit: http://security.ucdavis.edu/antiphishing.cfm and http://security.ucdavis.edu/cybersafetybasics.cfm

LESLIE TSAN can be reached at campus@theaggie.org.