The Daily Orange's December Giving Tuesday. Help the Daily Orange reach our goal of $25,000 this December


News

Email phishing scam affects campus inboxes

CORRECTION: In a previous version of this article, the type of software downloaded after clicking a link was misstated. Emails include a link that can download malware software onto the computer. The Daily Orange regrets this error. 

A number of email scams have made their way into the inboxes of Syracuse University employees recently, as hackers attempt to access the university’s network by obtaining SU credentials.

These email scams, known as phishing, typically involve someone from outside the university sending an email that includes a link that either downloads malware software onto the computer or asks the recipient for their SU credentials, said Christopher Croad, director of information security at SU.

For those who receive this type of email, it looks like it’s sent from the university, Croad said. But once an individual inputs his or her SU credentials, the scammer can use the information to gain access to SU’s network.

“This is not a problem that we just see here,” he said. “These emails are getting more sophisticated because people are easier to attack than computers.”



But when Kelly Lux, community manager and social media strategist at the School of Information Studies, received an email late Sunday night with the subject line “Suspension of your syr.edu” account, she wasn’t fooled.

“I got nervous at first because of the subject line,” Lux said. “But then I looked at the email and thought, ‘This can’t possibly be real.’”

The email asked her to put her SU credentials into a Google Doc, which raised Lux’s suspicions.

“No school or official organization would ever ask you to do that,” she said.

Lux said scams like this have happened from time to time and that she has heard of a few other iSchool staff members getting similar emails recently.

In order to prevent people from falling for these email scams, Croad said Information Technology and Services is trying to increase awareness about these type of scams through its website, Twitter and Facebook page.

But ITS is always looking for different ways to creatively educate people, he said.

“We’re trying to find a balance between educating people but not sending so many emails that people just ignore us,” Croad said.

The individuals who have gotten these emails and contacted ITS about it have generally handled it well, he said.

If someone contacts ITS about an email scam, ITS determines whether they’ve clicked on a link and then, if necessary, has them come to ITS to change their password, Croad said.

Croad said he encourages anyone who has received this type of email to not click on any of the links, delete it and contact ITS.





Top Stories