Phishing is a form of email fraud in which an attacker is after information, such as passwords or social security numbers, and tries to leverage that information to obtain money. Despite the efforts by UNC’s Information Technology Services office to block these emails, some fraudulent messages still get through to Heelmail accounts.
Dennis Schmidt, assistant vice chancellor for infrastructure and operations, said ITS uses email gateways to screen all UNC emails. He said an average of 8 to 10 million emails come in per day and ITS blocks 93 to 94 percent of them. However, Schmidt said the emails are difficult to block because they are designed by trained professionals to look like generic emails.
Schmidt said phishers tend to go for easy targets and will often attempt to compromise student accounts. After doing so, they will then turn around and launch phishing attacks from that account, because working from the inside increases their chances of success.
Sophomore Jordan Segal said she thought nothing of it when an email told her she had to update her password. But, before long, she had completely lost control over her email account.
“I gave them my info and then they started spamming everyone — my professors, my friends — and I also couldn’t get the emails I needed for school or even send any emails myself,” she said.
Schmidt said because it is difficult for ITS to find and block all possible phishing emails, students have to pay attention to their email accounts.
“We also ask anyone that receives a message that they think is a phishing message that they forward it to phish@unc.edu, which allows us to do some things on the back end to try to block the links that are in that message,” he said.
Kevin Lanning, chief information security officer, said phishing emails often include certain things that make them easier to detect. He said it will often have a generic greeting and ask you to do something quickly to maintain your account.
