Latest Articles

Don’t Get Hooked By Phishing Bait

Learn about phishing and how to protect yourself from scams that want to steal your personal information.

phishing graphic

What is phishing?
Phishing emails are used to trick the recipient into revealing personal information, such as usernames, passwords, or credit card numbers. Phishing emails might also try to trick you into clicking on a link, which will download and install malware or viruses on your device.

Why all the phishing lately?
Digital Citizens Alliance (digitalcitizensalliance.org) research shows almost 14 million faculty, staff, student, and alumni email addresses and passwords available on nefarious web sites for purchase or download; 79% of which became available in the last 12 months. The total number of .edu credentials available on the “dark web” has risen 547% since 2013. In a recent article, Inside Higher Ed reports that the increase in phishing schemes is not unique to Roanoke College. https://www.insidehighered.com/news/2017/03/08/smaller-institutions-report-increase-personalized-phishing-attempts

Why my email account?
Your .edu email address and password is alluring to criminals for many reasons. With your login credentials they can:

  • Receive student discounts for software and products reserved for the academic community (such as Amazon Prime Student Membership);
  • Glean more sensitive personal data about you, your intellectual property/research, banking & credit card information, medical information, social media, etc. (You’re especially vulnerable if you use the same password across several sites.);
  • Tap into Roanoke College resources for ill-gain;
  • File fraudulent income tax returns to receive refunds to their bank account.

How do I identify phishing emails?
The senders of phishing emails are very creative and get better at deceiving people every day. However, there are a few things to look for that will help you determine if the email is legitimate or not:

  1. Look at the sender name and address. Does the sender work for that company or organization?
  2. Look for scare tactics. Are you being threatened with account deletion, for example, if you do not provide the requested information?
  3. Look for poor grammar or awkward wording. For example: “Health and Safety Dept. release some findings on Campus . Please read update as below;”.
  4. Look at the URL of a link. Hover your cursor, or tap and hold on a mobile device, over the link to reveal the actual address. Will the link take you to a known address on a secure HTTPS website?
  5. Look at the email signature. Does it contain any contact information or official logo?

Phishing email example

What is IT doing about phishing?
Roanoke College Information Technology staff prevent and respond to phishing attempts by:
• Blocking 90% of all incoming emails with spam/phishing filtering software,
• Blocking phishing links from being accessible once they are reported,
• Proactively contacting users who have compromised their accounts to assist with password resets.

Questions or Concerns?
Please contact the Information Technology HelpDesk at helpdesk@roanoke.edu or by calling 540-375-2225. Hours of operation are Monday-Friday, 8 am – 5 pm.