Established 1826 — Oldest College Newspaper West of the Alleghenies

Smells phishy: Email scam replicates MU homepage

Creative Commons photo

By Alexis DeBrunner, Senior Staff Writer

A new virus is plugging into the one interface students can't ignore, leading students to wonder if their emails are safe anymore.

Disguising itself as a Miami University email, this virus click baits students by requesting them to update their passwords - a seemingly ordinary request from MU. By linking students to a replica of the Miami University webpage, it seems simple to fall into the trap of entering your password into the site.

Miami senior Abby Cramer found she was one of the students fooled by this email a couple of weeks ago.

"The email definitely struck me as weird. I didn't recognize the address it came from, but I saw 'Miami' in the title, so I opened it," Cramer said. "It still sounded sketchy so I decided to wait until I had my laptop. When I later opened it, I clicked on the link on the page and it looked exactly like Miami's page, so I simply followed the instructions and nothing happened for a few days."

After a few days though, Cramer noticed dozens of strange emails had begun to flood her inbox. Cramer said when checking out her quickly-filling inbox, she found emails all with the subject "Failed Recipient" and knew she had been hacked.

"'Failed Recipient' emails kept pouring in for the next 20 or so minutes, finally capping at 101," Cramer said. "I didn't open any of them. I immediately deleted them from both my inbox, and then my trash. Then as soon as I got home later that evening, I changed my email password and haven't had any problems since."

While changing her password may have solved Cramer's problem, Senior Communication and Web Coordinator of IT services Randy Hollowell said students should be aware that any email requesting that students verify their student email accounts or passwords is not sent by the school.

"People don't realize that's not how we do business and they will click it," Hollowell said. "But Miami never asks students to confirm their email or their account outside of the 180 day password change. Even then we don't send an email, the warning comes from your Miami or Niihka pages."

While IT services issued a warning message on the Miami homepage last week about the phishing emails, Hollowell said that besides knowing how the school communicates security updates, IT services provides a go-to page for students to look for current phishing scams and common ways to spot them.

"On the phishing page on our site we try to keep it updated with the latest ones going around, and we try to explain what's the giveaway and how you can tell it's a phishing message, even if it looks legitimate," Hollowell said. "For example, last year there was a message going around that looked like it was from Verizon Wireless, like an online bill, but then there was six or seven people in the 'addressed to' box which gave away it wasn't real."

Another common giveaway can be errors in spelling or grammar, as well as checking out where a link routes to before clicking on it, Hollowell said. He suggested if a student has any reservation about a link, to place their cursor over it and look at the bottom of their screen to see where the link goes. If it doesn't go where it says it does, it's not a legitimate link.

Hollowell encouraged any student who is suspicious about any message or other contact to reach out to the support desk to ask about it, and then delete it immediately. That is the best way to handle it, he said.

For more information on current phishing viruses, check out miamioh.edu/phishing.

Comments