Phishing at UW: Don’t Get Caught

Recently, the University of Washington sent out warnings that student accounts have been targets of ‘phishing’ scams: fraudulent online emails sent to students asking for personal information. These cons can come in various forms: text messages, phone calls, and over social media, but emails in particular have affected UW.

In response, the UW Chief Information Security Officer’s (CISO) office released some tips by Bob Roseth about how to protect accounts from being infiltrated by scam artists.

The first thing to recognize is what phishing is. It is when emails or alerts are sent out and uses methods to convince the recipient to offer their personal information: account passwords, credit card numbers, etc. The UW specific scam was set up to look like an email from the university, asking students to enter their UW NetID’s and passwords, or they would be disabled or shut down. Made to look extremely similar to UW web pages, it can be difficult to determine what is actually from the university.

UW’s CISO recommends hovering over the embedded email link to determine its origins, and to always be skeptical of anything asking for any information. Limiting the amount of personal knowledge being passed through emails is also another way to prevent falling victim to a scam. The university would never ask for passwords or account details through emails, which is an obvious way to determine a trick from a real UW notification.

An email sent out by Information Technology (IT) asked students to call their help desk at 253 692-HELP if they think they have comprised their UW email account. Microsoft, in partnership with UW, recommends immediately changing passwords and other details of any account that may have been exposed to a phishing situation.