Scammer email threatens student privacy

July 15th, 2012

A week ago, the JCU community received an email from the Information Technology Services Department with the words “WARNING! WARNING! WARNING!” in red ink.  The reason for that email is that two weeks ago, two students responded to an email that strongly resembled an email from JCU and gave out personal information. Since the incident, both accounts have been reset and passwords have been changed, but the school wants to keep everyone on high alert.

“I was concerned because the email seemed more urgent than the warning emails in the past,” said sophomore Julia Blanchard, regarding the email.

Mike Bestul, chief information officer of ITS, said, “The latest series of incidents have been troubling because the scammers have figured out how to closely emulate legitimate John Carroll University correspondence and logos.  However, it is always true that the University and its ITS Department will never ask for your log on information through an email message.”

According to Bestul, when scammers do a “phishing attempt,” they always target a wide audience. This is one reason why they chose to copy JCU’s email system. Another reason is because universities have relatively open and good mail servers with a lot of capacity.

“People should just be smart and make sure that if they’re giving away personal information, unless it’s to a legitimate, credible organization,” said Blanchard.

In response to the hackings, ITS has heightened attentiveness. All JCU faculty and staff have been switched to Gmail accounts. ITS believes this will lessen the likelihood of future attacks because Gmail has a greater ability to prevent spammers.

“Right now, the ITS department is on high alert for more phishing attempts and compromised accounts. We expect this heightened vigilance to continue until all faculty, staff and students are on the Gmail system, which has far more capability to prevent spam exploits than our aging internal system.  We are, and have been, in the process of moving all faculty, staff and other accounts that were still on the old system to Gmail over the past several weeks. This effort was independent of any spam activity and is being done to put all of the JCU community on a single cloud-based email system,” said Bestul.

According to the ITS department, while heightened awareness and a new email system will help stop future hackings, the best way to avoid having your information phished is to not give it away in the first place.

“The advice that ITS has for members of the JCU community to prevent phishing is to never, ever, give away your user account information (name and password) to a request coming through email.  ITS will never ask for that information via email, and if you get an email that asks for that in any way, regardless of how realistic it may appear, you can be assured that it is not coming from the University but instead is a phishing attempt by a scam operation,” said Bestul.