A scam sent through WebMail last week, targeting the UA campus, has prompted police and university officials to warn about giving away personal information online.
The night of April 20 an e-mail was sent to almost all UA e-mails and said the recipient’s DM Federal Credit Union account access had been suspended. The e-mail asked customers to go online to restore their accounts, said Eugene Mejia, University of Arizona Police Department spokesman.
The e-mail was a phishing scam, which is the use of hijacked corporate logos and deceptive e-mails to lure personal information from unsuspecting victims.
The information, usually credit card numbers, bank account information or Social Security numbers, is then used to commit fraud.
The Center for Computer Information and Technology discovered the e-mails did not originate from DM Federal Credit Union, although they contained logos and identifiers stolen from the company’s Web site.
Abraham Kuo, CCIT Security Incident Response Team, said the source of the e-mail was located and the problem was remediated shortly after the e-mails were sent out, although he could not give details.
The destination Web site and sending PC address were blocked for computers on campus. A warning was also put on the Arizona e-mail page to protect off-campus users.
Kuo said the most common scams sent through UA e-mail claim to be from Citi Bank or from someone in Nigeria looking to transfer money and willing to give the recipient a percentage.
“”The best thing to keep in mind is that if it sounds too good to be true, just delete it,”” he said.
Kuo said financial institutions do not contact customers in this manner and would not request a person to verify personal information through e-mail. Individuals should not provide personal information unless they initiated contact with the company.
If people aren’t sure about an e-mail, they should not click on the link provided and should instead go to the institution’s real web address and follow the appropriate links, he said.
CCIT received several reports of people giving out their personal information after receiving the DM Federal Credit Union e-mail.
They were told to contact their bank to let them know, to go to the Federal Trade Commission Web site and to check their credit reports more frequently, Kuo said.
He said phishing scams are very common through university e-mail, but said this scam was different in that is was sent to almost every UA e-mail.
“”It was specifically targeted towards the audience here,”” he said.
For that reason, UAPD was asked to investigate and warnings were posted.
Mejia said the wider the distribution of such e-mails, the more likely it is that someone at the UA will be victimized.
When UAPD gets a report of a phishing attack, it first sends out warnings and tries to determine where the e-mail is being sent from.
If the e-mail is being sent from out-of-state or another country, it becomes harder to investigate, and other agencies may need to get involved.
Although CCIT received reports of people falling for the scam, Mejia said no one reported any incidents to UAPD.
If there is no proof that someone fraudulently took property, it’s harder to pursue charges, he said.
“”Our purpose is to keep people from being victimized,”” he said. “”People are getting smarter and know to erase suspicious e-mails.””
People’s personal information is not compromised if they do not respond to or use the link in such e-mails.
Anyone who responded to the e-mails can call DM Federal Credit Union and should keep a close eye on their account statements, Mejia said.