For several years, financial institutions and large web sites such as Amazon and eBay have been used in "phishing" attacks in an attempt to gain personal information from customers of these sites. While Wabash may not have as large a customer base as these companies, Wabash too is being used in phishing attacks.
In a phishing attack, a person sends an email that pretends to come from a legitimate bank, merchant, organization, or government agency. In reality, the sender is attempting to fraudulently acquire personal information, such as a password, bank account, or credit card. The phishing emails typically claim there is a problem that requires immediate attention; for example, a phishing message may claim the person’s account will be closed unless they send their username and password to “confirm” they are still using the account.
Phishing attacks can be extremely complex. Messages will often use graphics from the legitimate web site, and may even have an associated copy-cat web site that they direct the recipient to.
In recent weeks, we’ve seen a marked increase in phishing emails that claim to be from Wabash. We’ve had reports from students, employees, and Wabash alumni who have received the scam. Many of these emails claim there is a problem with your Wabash email or webmail account, and ask you to send your username and password to avoid having your account deleted or disabled.
Wabash IT Services will NEVER ask for your password via email. If you receive a message asking for your password, you can be sure it is a hoax and an attempt to gain access to your personal information. If you are ever unsure of the validity of a message you receive, feel free to contact the IT Services Help Desk at helpdesk@wabash.edu, or phone 765-361-6400.
OnGuard Online, a web site maintained by the Federal Trade Commission with assistance from a number of other government agencies, is a good resource for additional information on phishing scams and other online dangers.
