Recently, a phishing e-mail was sent out across campus asking for personal account information including username, password and e-mail address. The e-mail said it was sent from the Weber State University help desk with the subject line Weber UserID.
Andrea Grover, the information security manager, said she is still investigating who sent the e-mail and who received it. She said e-mail administrators will track who received the e-mail.
“The concern was to get an e-mail out to the faculty and staff saying they need to change their password,” Grover said.
She also said faculty and staff are the ones who typically receive these types of e-mails.
Grover said people who send out phishing e-mails will often send them out in bulk, trying to get to anyone they can rather than targeting a certain group of people. She said most of the e-mails will get caught in people’s spam folders.
When people who receive the e-mail respond with their usernames and passwords, the spammer then has access to their data, which, in the case of faculty, could give them access to their students’ information.
Grover said the best way to prevent people from giving away personal information is user education. One of the ways WSU educates people is through the IT service desk newsletter called ITs News. The newsletter often includes information about phishing. IT also has security training, training for new employees, and posters on campus warning faculty and staff about phishing.
“We get these e-mails at least once a year,” Grover said, “large enough that we send notifications to the usually affected groups.”
The e-mail the IT division sent out about the incident said WSU will never ask for a student’s, faculty member’s or staff member’s password. IT advises that anyone who receives an e-mail asking for that type of personal information does not respond to it.