April 26, 2012 | | 2,456 Comments
St. Lawrence University has been increasingly attacked by “phishing emails,” which attempt to garner personal information by tricking individuals. The repercussions of the phishing, however, have magnified across St. Lawrence, affecting both those who have responded and those who have not responded to the phishing emails.
Rhett Thatcher, manager of St. Lawrence’s server group at IT, believes that the primary targets and victims of phishing emails have been students. However, he adds that there is not one group of students more prone to reply. “Responses were fairly evenly distributed amongst all class years,” he said.
Within the last month, Information Technology (IT) confirmed that at least 48 individual email accounts were compromised after their owners gave out personal information. The perpetrators of this attack then used the compromised accounts to send out almost half a million spam emails.
Phishing involves using a fake website to lure people into willingly giving out personal information, such as passwords and social security numbers. Phishing is commonly confused with hacking. Hacking, however, involves bypassing security systems to get the same personal information.
John Johnston, a senior at St. Lawrence University, owned one of the 48 email accounts that was compromised. According to Johnston, the aftermath of the phishing emails was primarily just an annoyance. “Only thing that happened was a bunch of emails were sent out, no serious problems,” he said. Johnston does contest, however, that he did not give out his password, and he is unsure of why his account was targeted.
Clare Kelly, a sophomore at St. Lawrence University, is another victim of the phishing scandal. While Kelly’s email account was not directly compromised, the phishing caused her to miss out on a job opportunity. “I knew that the spam emails were trying to convince students to accept a ridiculous job offer—something like 300 dollars a day,” said Kelly. “So, when I got an email about a real potential summer internship, I deleted it thinking it was spam. I didn’t want to be tricked.”
Thatcher, however, believes that there is a simple solution to the phishing: “Never send your password via email and never click a link in an email and provide your password.” He believes that the more people who fall into the phisher’s trap, the more phishing emails St. Lawrence will receive. “It only takes one user replying to one email to wreak havoc,” he said.
Cameron June’14 and Kate Lagios ‘14 are eager for the phishing to stop. June says, “I’m tired of continuously getting spam emails or emails about spam. They get sent to my phone, and I feel like I never stop buzzing.” Lagios added, “I understand that it is a serious problem and we need to be informed, but I’m just hoping it stops sooner than later.”
Thatcher guarantees that phishing is not simply a St. Lawrence problem. He acknowledges that universities are the most common targets, but hopes that can help IT solve the issue sooner. “We’re all learning from each other in developing ways to effectively combat this issue,” he said.