The Worm In UT’s E-mail System

Max Roberts

Would-be scammers are flooding UT email accounts with “phishing” attempts supposedly from local credit unions. Such scam artists have been around for years trying to get a hold of important account numbers, passwords and other sensitive information.

Students, faculty and staff are warned to avoid being fooled by the suspicious emails, which take users to a bogus page that looks like the credit union’s hope pages, said Carmen Gonzales, who manages UT’s email system.

Gonzales stresses the importance of keeping vigilant, but says the email isn’t necessarily spam.

“What may look like spam sometimes is a worm that has attached itself to someone’s address book and sends out what appears to be spam or a virus,” she said. “Most are internal to our network and never go through the spam filters.”

That’s not to say a UT student created the scam.

Students have recently received the scam emails from alleged USF and GTE federal credit unions. If students fall for these emails, they could face problems like identity theft and loss of money–though most banks have insurance to prevent direct financial loss.

According to member services at GTE Federal Credit Union, the scammers have a number of tactics.

The most common one at UT tells the reader there is an “Unread Security Message!” or “Security Alert” and to click a bogus link “to resolve the problem.” The site then asks for private information.

Scammers also send e-mail saying a student’s debit or credit card has been disabled and that they need to call an 800 number and provide information.

Another bogus email reads that there is a pending charge from “Live Strip Chat Camera Sex Girls – Girls Show” for $127.34. The receiver must click a bogus link and provide private bank information to decline the charge.

Although this is a concern, Gonzales says students just need to be more aware.

“I would hope no students would fall for this. They might have a few years ago, but hopefully people are more educated about the emails they receive,” she said.

Though these scam attempts were not technically considered SPAM because they were created by a “worm,” the UT server and its two spam filters are inundated by junk mail.

“In one hour, there were about 40,000 spam messages that came through the filter,” Gonzales said.

USF and GTE credit unions are not the only companies dealing with this problem; many banks also deal with counterfeit emails being sent out.

The companies have to be “white-listed.” If not, they have to work with Spamhaus, an international anti-spamming organization, to become valid again. This poses a problem because it’s hard to decipher between those who are valid and those who aren’t.

“We know these things happen, and we can’t stop them all but we would love to,” Gonzales said.

To help students become more aware, there are a few things they need to keep in mind about phishing scams. There are a number of key phrases to beware of, according to

1.)”Verify your account.” Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail.

2.) “If you don’t respond within 48 hours, your account will be closed.” These messages convey a sense of urgency so that you’ll respond immediately without thinking.

3.) “Dear Valued Customer.” Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name.

4.) “Click the link below to gain access to your account.” HTML-formatted messages can contain links or forms that you can fill out just as you’d fill out a form on a Web site.

The links that you are urged to click may contain all or part of a real company’s name and are usually “masked,” meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site. Resting the mouse pointer on the link should reveal the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company’s Web address, which is a suspicious sign.

Leave a Reply

Back To Top