“You are hereby required to reply to this email with your webmail account username and password —”
Stop right there.
If you have received this email from the “Guilford Helpdesk,” one of the senders of suspicious emails circulating campus right now, you are not required to do anything of the sort. In fact, you should not — unless you want to undermine the security of your email account and whatever personal information is within it.
So far, over 260 Guilford College accounts have been hacked this semester alone, and that number is still rising.
Phishing, as this type of hacking is called, involves asking people directly for their account information rather than trying to break into their email.
“It takes too long to break encryption and passwords,” said Chief Information Officer Craig Gray. “It’s just easier to trick people into giving you the username and password.”
Such trickery has always existed at Guilford, but now we are in the midst of a spike. Phishing attempts are up about 60 percent from last semester, and students are feeling the heat.
“The phishing at Guilford is atrocious,” said Trey Woodlief, an Early College junior whose account was hacked from Nigeria through a supposed “Helpdesk” requirement. “The sheer amount of emails coming through leaves the college, as a whole, vulnerable.”
There is no single motivation to phish. Some may hack thousands of emails and sell them to others who will use any number of them for black market purchases or under-the-table deals, while another hacker might just use them for spamming.
“It’s a new semester, and there’s a new group of people who get email accounts that didn’t exist before,” said Associate Professor of Philosophy Vance Ricks, who currently teaches a course on computer ethics. “That’s several hundred new opportunities to compromise someone’s account.”
Guilford is a small college compared to many others in the nation, so if several hundred new emails are created each year, imagine how many the larger institutions must have. That adds up to a lot of potential targets for phishers, and it creates a big issue on campuses.
“Even though just a small percentage of the Guilford population is getting hacked, that doesn’t make it any less of a problem,” said senior Sarah Mehta, who has received multiple hacking emails since last year. “Email accounts are one thing, but what if these people can somehow access even more personal information?”
For the Guilford IT&S department, it is a fight to keep up with the constant increase of hacked accounts and prevent consequences, such as identity theft and blacklisting.
“Security is a constant struggle,” said Gray. “We’re constantly trying to strike balance between the freedom of people to use the technology they want to use with the need for security.”
Sadly, there is only so much they can do aside from educating the community about the signs and dangers of phishing. What it all boils down to is that it is important to be cautious when giving out personal information online, even through an email that may or may not be secure.
“It’s important to listen to that still, small voice, as the Quakers say, that tells you that there’s something just a little off about this message,” said Ricks. “If you’re not sure, then what’s the harm in waiting an extra 10 minutes or even an extra day before replying to an email or click on a link?”
After all, it is better to be safe than sorry.