Phishing makes it hard for students to distinguish ‘reel’ from fake

This screen shot shows a "phishing" email, one of thousands of the spam emails NU receives each day.

This screen shot shows a “phishing” email, one of thousands of the spam emails NU receives each day.

Phishing and spam emails are very common in today’s society and have been increasing while also changing techniques in attempts to become more effective, according to Norwich University’s security and data center engineer.

Phishing is defined as, “using electronic communications and trying to present yourself as someone you’re not in order to get information from someone. (This can include) user names, passwords and bank account information.

Basically, it’s a fraudulent way to get information about someone,” said Jeremy Wood, Norwich University’s Security and Data Center Engineer.

When an individual is, “the recipient of an email and induced to go to a malevolent website,” that malware – software that is intended to damage or disable computer systems – is downloaded onto the victim’s computer and that malware typically steals banking credentials and information like that, said Dr. Peter Stephenson, who is Director of the Center for Advanced Computing & Digital Forensics as well as an associate professor & Chief Information Security Officer and associate director in the department of computing.

Some signs of bogus emails that an individual should be aware of are, “spelling and bad grammar. Typically, spam and phishing campaigns originate from places where English is not the spoken language so the language barrier helps to determine if it is legitimate or not,” Wood said. Links that look like a known website but have a slightly different address are also a danger because they take you to a completely different website, he said, and any information entered is at risk.

For the individuals who do become victims, “there’s not really a good way to get their information back,” he said. Most of the people who commit this fraud are located outside of the country, and are very good at hiding, according to Wood.

The best way to avoid becoming a victim is to “make sure that you’re not going to a bad site by typing in the address yourself,” Wood said. “Also resetting all of your passwords and using different passwords for different services” can be helpful and will help to prevent the loss of information.

Other similar types of scams students need to be aware of are, “spear phishing, which targets specific departments or even specific people that are higher up in important companies. There’s also “whaling,” which is a relatively new term, in which you go after the high level executives within a company,” Wood explained.

Another type of Internet scam that is common today is called “a 419 fraud,” which originated in Nigeria and got its name because 419 is the name of the law in Nigeria against it,” Stephenson said. He explained that the typical sequence of events is that an individual receives an email which says that a person has a very large sum of money that they are trying to get out of their country, and they need help in the United States to do it.
The idea they present to you is that, if you help them, you get a percentage of that sum. However, here’s the catch: you have to give them your banking information in order to get the money, and once that happens they clean out your bank account and there is most likely no way to get the money back.

Some more fraudulent indicators that Norwich students should be aware of are “emails that tell you that you have to click on a link that doesn’t look right. An example would be an email telling you to click this link, enter your login information and it will clean out your inbox because it’s full.

This would not be asked by Norwich Information Technology (IT),” Stephenson said. “Another clue is if the email says it comes from your IT department but the email address does not match the department (not from for example). Also, if someone is offering you a lot of money but needs your bank account, it’s a scam. If it sounds too good to be true it probably is,” he added.

The Norwich campus has a high level of protection because, “almost all of our machines use a MacAfee program called SiteAdvisor. There is a free browser plug-in called Web of Trust that serves the same function and is also used,” Wood said.

In addition to this protection the Norwich faculty and staff also receive, “bimonthly emails with reminders on the topic,” Wood said. The systems used to protect the email accounts and their users are very effective.

“(Norwich) uses a spam filter that is extraordinarily effective and I don’t see very many of these getting through,” Stephenson said. Data supplied by Wood shows that there is a tremendous amount of email traffic coming in each day and a large amount of it is spam. On Oct. 30, 2013, for example Norwich accounts received 70,256 emails with 51,866 (73.8%) being stopped by reputation service filters. Also filtered out were 1,825 spam emails and four viruses along with other emails leading to a total of 14,984 (21.3%) clean incoming messages for the day.

“For students though, we haven’t really sent out any specific notifications, but there is a slide on the digital signage on campus,” Wood said, adding that, “I’d say in the future you’ll probably see more information about it. If there’s a desire for it we definitely would start” possibly adding students to the email list.”

The student email is not controlled by Norwich, “because we outsource all student email to Google. We actually have very little visibility into what happens to students and their email,” Wood said. However, if a student does have a problem, he said the help desk will be an intermediary between the student and Google to help with any issues if an account is compromised. “The Norwich University Computer Emergency Response Team (NUCERT) shop can also help students,” he added.

One thing that does help students is their knowledge of modern technology. Stephenson said, “I can only speak for our department and compare it to similar departments in other schools but we’re ahead of the curve. Students typically are very tech savvy. I would have to say that in general we’re probably more tech savvy as a campus than most other schools.” Wood added, “I would say on average we’re a more tech savvy campus than others.”

For the IT teams, Stephenson said, “it’s a game of numbers, it’s getting worse, it’s going to get worse still.” Google is helpful in finding out more information about bogus email techniques and scams.” A useful website that Wood suggests is

When asked if Norwich students have been victims of this Stephenson said, he is not aware of any, but added that doesn’t mean that there haven’t been any.

Morgan Keffer, 21, a senior studies of war and peace major from Phoenix, Ariz., said, “I’ve heard stories of it happening but never witnessed it myself.” He added that, “I’m very secure” when it comes to private information on the Internet.

Keffer said he felt he was up to date on phishing and other Internet scams. “I build my own computers and I know how to protect myself. All you have to do is Google and learn about it.” He advises, “always research what you want to do. Download reputable antivirus software and be aware of what you download.”

Rob Gendron, 21, a senior criminal justice major from Whitehall, N.Y., said “he has some knowledge on the subject” and that he has not been a victim. He did, however, receive an identity theft scam in his email. Gendron explained “that freshman year we had a coach and after the season the entire team got emails from him. These emails said that he had been kidnapped and was somewhere in South America and he needed about $1,800 to be paid for his ransom.” This turned out to be untrue and he did not send any money, nor was the coach in danger he added.

While many scams are not successful, it remains important to be aware that they exist and how to avoid becoming a victim, as well as, what to do if you do fall prey to one.

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.