Internet scams like phishing are on the rise, and college students seem to be a prime target, according to a report by the security firm RSA.
RSA’s Anti-Fraud Command Center, which monitors more than 300 organizations worldwide, detected a record number of phishing attacks during January – 18,820 attacks, compared to 8,497 in January 2009. More of the attacks seem to be focusing on servers at U.S. universities, according to the report.
Though computer-savvy college students may seem less likely to fall for fraud, that has not stopped scammers from pursuing them. With USF’s increasing Internet presence, the University must always be on the watch for more sophisticated forms of fraud.
Phishing is when scammers send out fake e-mails posing as a legitimate business or entity, such as a bank or college. The e-mails are meant to get private information from users and may include a link to what appears to be an official login screen designed to obtain usernames and passwords.
The USF Federal Credit Union was targeted by phishing in 2007, when a fake e-mail was sent to students saying their banking service would be terminated if they did not renew their account. It contained an embedded link to a login screen almost identical to the real one. While the University’s spam software system stopped most of the bogus e-mails, 160 got through.
While the report did not detail how many colleges had been attacked, it noted a significant rise from last year. “This sudden reversal may mark a new trend in phishing and online fraud – and a source for concern within the education sector,” the report said.
Scott L. Ksander, chief information security officer at Purdue University, said to the Chronicle of Higher Education that though RSA is a private company, its findings have merit. Ksander suggested the economic downturn prompted the rise in phishing attempts.
Every student has a university e-mail address and uses the university’s Web portal, making it easier to target students en masse. If scammers get login information, they can steal a student’s identity and have more access to the university server and other potential victims.
The report partly blamed universities for not educating students on “cyber security” or taking adequate safety measures.
“Furthermore, while most universities do not employ sophisticated security measures that are commonly deployed by government, business and financial institutions, their portals often do harbor sensitive information about each of their students,” the report said.
USF Information Technology (IT) has taken some steps toward advanced security, though. In August, IT implemented a new policy requiring users to change their password every six months. The department constantly updates its spam filters, which stop 90 to 95 percent of phishing scams, Alex Campoe, director of the Office of Information Security for IT, said to The Oracle last year.
Online scammers will never stop, so USF must maintain its vigilance and continue to educate students about Internet security.