Post Classifieds

Watch out for phishing scams

By Brendan Crowley
On May 7, 2018

Castleton University’s Information Technology department put the students and faculty on high alert recently after a phishing scam swept through VSC email addresses.

On April 17, an email from IT was sent out warning about a scam email being sent around the university seeking to steal log-in credentials from students and faculty. The subject of the email was a threat, saying, “Action Required — Final Reminder.”

The content of the email included a link which led to a mock-up of the VSC portal log-in page. The page looked shockingly similar to the actual site except for a few small details. Had the students logged in, their username and password would be compromised.

“A lot [of these scams] you can see right away that it’s a phishing scam, but that particular one, because they had been so careful to make the portal look like ours, we were very concerned,” Jonathan Czar, the LAN/Systems Administrator explained.

In today’s technologically advanced world, scam emails striving to gain personal information about people have become quite common. Otherwise known as phishing, these emails can be very deceptive and easily fool users. Luckily, according to Czar, no one’s log-in information was compromised in the recent scam.

He estimated that at least a couple hundred people at the university received the scam. The chancellor reported that it was linked to an overseas source, which is common.

Unfortunately, phishing scams are not uncommon at Castleton. It is not too difficult to access emails, set up a mock log-in page, and send a link with a threat or a warning to people in order to intimidate users into giving up usernames and passwords. From there, scammers can log-in to the system and steal private information.

Czar revealed a number of different examples from the past in which a phishing scam hit Castleton. They varied in complexity, ranging from generic phishing emails to narrow target phishing emails.

Many were basic emails from random email addresses asking for you to give up a username or password. These usually included a threat, such as, “We are going to turn off your account if you do not log-in.” These are considered generic phishing emails intended for any audience.

Others are much more sketchy. One example that Czar displayed came from Microsoft, which could easily deceive people into thinking that it was legit. However, the link provided was for Google. It is never safe to click on suspicious links.

Then, of course, there are the more targeted ones. One example showed how someone spoofed former university president Dave Wolk’s email. This particular scam was only sent to Nell Ellis, Director of Payroll and Employee Services, asking for copies of all Form W-2’s from 2015. Ellis was able to recognize it as a hoax because Dave Wolk never went by David and the email address the scammer provided was questionable.

That instance shows how much research some scammers do to get what they want.

“What [the scammers] did was they went to our website, they figured out who the president was, they figured out who the director of payroll was, and she’s the only one who got this message,” said Czar, almost surprised.

Castleton does have applications that hope to prevent this from happening more in the future. Czar pointed out that the VSC email services includes a spam filter which is programmed to identify messages that could be phishing scams.

Thousands of easily identifiable messages are blocked daily through that filter, but occasionally one can slip through. If it does occur, there are some red flags that you can look for to see if the email is legit.

“You should always look to see who the ‘from’ address is,” explained Czar. He added that you must look beyond the sender name and find the address the e-mail is sent from to see if it is actually a VSC address.

You should also check the content of the email. “An official email…is proofread, the English is correct, the punctuation is correct, that’s something to look for.”

When it comes to personal information, IT services will never ask you to go through a link. Any links that request personal information, as well as any threats making sure that you click on that link, is cause for suspicion.

Feel free to contact IT if there is any concern. IT encourages people to ask for verification. It is important to ensure that you are giving scammers access to your personal information.



Get Top Stories Delivered Weekly

More castletonspartan News Articles

Recent castletonspartan News Articles

Discuss This Article



How often do you read/watch/listen to the news?
Where do you most often see stories from the Spartan?


Log In

or Create an account

Employers & Housing Providers

Employers can list job opportunities for students

Post a Job

Housing Providers can list available housing

Post Housing

Log In

Forgot your password?

Your new password has been sent to your email!

Logout Successful!

Please Select Your College/University:

You just missed it! This listing has been filled.

Post your own housing listing on Uloop and have students reach out to you!

Upload An Image

Please select an image to upload
Note: must be in .png, .gif or .jpg format
Provide URL where image can be downloaded
Note: must be in .png, .gif or .jpg format