More than 18 million emails were processed through the UNH email systems over the course of the last two weeks. According to UNH Information Technology (IT), seven million of these emails were marked as spam.
On March 15, UNH IT will implement an application that will further review incoming emails by comparing the name of the sender to the email address in an effort to filter out accounts that don’t match up to the UNH server directory.
UNH Chief Information Officer Stan Waddell said that the new system will catch an estimated 50,000 additional phishing messages. Phishing, as defined on the UNH website, is “an attempt to acquire confidential information such as account passwords, identification numbers or credit card details by pretending to be a trusted entity in electronic communications including email, texting and instant messaging.”
Waddell predicts that the new software will be released toward the end of March. The new application will establish a process that will determine if the proposed identity of a sender is legitimate. Waddell said the system will automatically send mail that doesn’t match up directly to the “spam” folders.
The UNH website reports that three to five different phishing emails are typically reported daily by community members and Waddell confirmed this estimation.
He said that the rate of email phishing has leveled out in the past few years. However, it is an issue that isn’t going away by any means.
“The bad guys can actually put whatever information they want into an email header,” Waddell said. “It’s really easy to make your email look like it’s coming from somebody else.”
Waddell said that the most likely scenario of phishing is somebody sends an email and says it’s from service.desk.unh.edu and contains something along the lines of, “Your password has expired. Click here to re-enable your password so you can continue to access services.” He said that the “internet criminals” are really specific in regard to the tricky details. According to him, the way in which hackers gather information is by tricking users to either log into their accounts or to press on a link to “fix” something.
Waddell’s most prominent piece of advice is to never click on a link in an email, rather you should type out the link on a secure server to see if the link matches up with what website actually appears. He suggests that all students and faculty search “phishing” on the UNH website and use the provided information as a resource to eliminate risk.
According to Waddell, UNH IT is launching a phishing campaign using software called “PhishMe,” wherein which they will be sending phishing emails to the UNH community at large. He predicts that this phishing awareness campaign will occur before the end of the calendar year.
“If they fall for the phishing mail, and they click on the link, it’ll take them to a [page that says,] ‘Wow, if this had been a real phishing event, here is the risk you would’ve faced. Here are some of the things you need to look at to make sure you don’t click on a real phishing email in the future,’” Waddell said.