Phishing scams alarm faculty, UT IT crowd responds

Jillian Bliss

The number of phishing scams within UT computer systems has risen since previous months, but campus security officers are doing what they can to make sure members of the UT community don’t get hooked.

“Phishing” describes a form of hacking which uses a “bait and lure” technique. Hackers, hiding under the guise of email addresses, websites and screen names appearing to be official, phish for confidential information pertaining to computer users, such as account passwords. The UT Information Security Office sent an email Nov. 3 describing phishing attempts which targeted 17 UT faculty and staff members during the month of October. According to the email, the number of attempts had risen from just two in September.

Chief Information Security Officer Cam Beasley said the University has developed techniques to ward off phishers, but those behind the attacks are constantly learning new methods to keep up with security systems.

“There have been a few targeted phishing attacks as of late which have masqueraded as the campus HelpDesk or University IT administrators,” Beasley said. “Campus users should know that legitimate University IT services will never ask for their password and should always be suspicious when such a request is made.”

Beasley said his office also provides a website to worried users with tips for safeguarding their information.

Computer science senior Nick Johnson said those who take part in phishing typically have financial motivation. Johnson said he has been interested in computer programming since age six and spends a lot of time learning about systems. He said users often provide similar passwords to multiple online accounts, which simplify phishing efforts.

“If someone can phish a password through a UT account they’ll try the same password on accounts and websites associated with that person,” Johnson said. “There’s a market for email and password lists. You can sell people’s information for money.”

Beasley said personal information appropriated through phishing attempts can be used directly through online accounts containing personal information to create identity theft scenarios.

Biochemistry junior Shohreh Abedinzadeh said one of her friends fell victim to a phishing scam unrelated to the UT attacks and found the problem stressful.

“Her credit card information got taken,” Abedinzadeh said. “She had to file an identity theft claim and it took a few months to clear up.”

Beasley said in addition to personal information, those behind the UT attacks may be after specific data accumulated through University research.

Beasley said although numbers have risen since September, the total amount of phishing victims is small compared to the campus population. Recent scams targeted faculty and staff, but students should be wary of the issue as well, he said.

Published on Friday, November 18, 2011 as: Phishing scams scare UT faculty