The University’s Information Security Office is urging the UT community to be vigilant when opening their inbox after several people across campus received a suspicious email earlier this month.
The suspicious email claimed to be from President Gregory Fenves, with the subject line, “A Message from President Gregory L. Fenves - February 2017.” The email was sent by a phishing scammer who forged the Fenves’ email address. His account was not compromised, University officials said.
“This was simply another variant of a phishing email designed to entice someone to provide their login credentials to the scammer,” chief information security officer Cam Beasley said.
According to the FBI, phishing is the act of sending an email falsely claiming to be an established legitimate business in an attempt to deceive the unsuspecting recipient into disclosing personal information.
Beasley said his office has received 48 reports of email scams in 2017, including 30 reports from students.
“This is likely due to more greater vigilance on campus, an effective two-factor authentication service for sensitive campus sites and more robustness around defensive tools and awareness strategies,” Beasley said.
Beasley added that his office has seen a decrease in phishing scams this year.
Mechanical engineering senior Julian Gonzalez said he almost fell for a phishing scam last year.
“I received an email from the ‘IT department’ saying that I needed to reset my EID’s password,” Gonzalez said. “When I clicked the link, it took me to a different page. I knew it was a scam because the page didn’t look like UT’s interface.”
The UT Information Security Office said the public should learn to recognize the signs of a phishing email, which include strange links and grammar and spelling errors. Additionally, the sender might add urgency to the email by mentioning how if you don’t provide the information they require quickly, they’ll cancel your account or temporarily stop the service.
Law school accounting associate Katie Castro said she knows how to identify phishing emails.
“I get false emails from ‘UT Payroll Services’ claiming that I need to update my payroll profile,” Castro said. “I think they’re trying to steal my social security number or my bank information. These emails typically have misspellings and are badly formatted. I just delete them.”
Beasley said students can report possible phishing attacks to firstname.lastname@example.org.