Over the past year Blackburn College has been experiencing trouble with ‘phishing’ schemes. Phishing is the act of trying to obtain personal information for malicious reasons by pretending to be someone else through electronic communication. Typical sensitive information sought by ‘phisherman’ include credit card information, usernames and passwords or social security numbers – typically anything that could be used for identity theft or to steal money. The phishing scheme at Blackburn is called email spoofing.
One persona that the phisherman have used a number of times is that of Blackburn President Dr. John Comerford. “They have used my name in their setup, so when you get the email it says it’s from John Comerford. They have asked for account information and other sorts of information that could be used to steal money,” he said. “Luckily our staff was smart enough to pick up that it wasn’t me sending these messages.”
When asked to describe these messages Comerford said, “The emails are always signed Dr. John Comerford… and I would [sign] that way. They are always rude – ‘I need these right now!’ and that sorta stuff, and they always ask for things I would never ask for over an email… I would never ask for bank account information at all. Why would I need that?”
Director of Technology Services Jason Cloninger manages Blackburn’s email server and describes the struggle against the phisherman as an ongoing ‘arms race’ that every business and industry with email services is fighting. Cloninger shared several ways students can avoid getting phished and how to recognize a fake email. He says that overly short emails should always be looked at with suspicion, especially if they tell you to go to a hyperlink or have an attached document. Never go to these websites or open these documents as they may contain malware that can hurt your device. Cloninger said, “A good reaction whenever you receive a suspicious email is a quick, ‘Why would this person send me this?’ and I would encourage students to even contact these people directly… and give them a quick call or text asking if they did send you something.”
A number of actions are being taken to ensure this doesn’t happen in the future. Since Google is the host site for Blackburn’s email server, the Blackburn technology team is able to use Google’s spam and malware identification software to combat phishing. There is also antivirus software being used on most of Blackburn’s desktop computers. Staff who are responsible for confidential or financial information are also on guard for any suspicious email server activity.