Gone Phishin’

Lily Reslink|Marlin Chronicle  

The Malbon Center for Technology began to increase security measures and educate users due to a wave of phishing attempts to Virginia Wesleyan’s email accounts. 

Since January, the Malbon Center has issued warnings via email for at least nine widespread phishing attempts.

Phishing is a form of social engineering and a scam where attackers trick users into installing malware or revealing private information. In email format, phishing attacks aim to steal account credentials and other sensitive information.

These emails often mimic legitimate organizations or individuals to gain trust and encourage the users to click on malicious links or open attachments.

In this case, emails came from what appeared to be Virginia Wesleyan accounts, including professors.

The Malbon Center for Technology gave an official statement indicating they are aware of the significant and widespread phishing attacks. 

“This is not limited to VWU; it is a universal threat, targeting individuals and organizations across all sectors. These attacks are becoming increasingly sophisticated and difficult to detect,” the statement said. 

Even though email can be a target, phishing attempts are multi-channel attacks. The Malbon Center for Technology said “Phishing Attempts are occurring across various platforms, including email, SMS, social media, and even phone calls.”

Emails sent usually encourage recipients to click on links, provide personal information or make financial deposits. 

Junior Joshua Pepper, a Computer Science major, explained that phishing attacks often aim to collect user data for profit, potentially leading to access to sensitive information like bank accounts. 

Pepper said that students are vulnerable because they trust seemingly legitimate emails and links. 

“Somebody gets an email they think is legit or one that seems very enticing, and they click a link. Just without thinking because they just don’t know how dangerous that could be, or that links are very easily manipulated in ways to make them look safe when they’re not,” Pepper said. 

Some commonalities amongst phishing emails include misspelling of words, different fonts and a sense of urgency. 

Pepper said users should look for the improper use of article adjectives, words that aren’t pluralized and awkward sentences in order to identify phishing messages.

Phishing emails usually include a call to act immediately, such as “contact promptly,” “these items are in high demand,” “don’t miss out,” “click here to view,” “shared a file with you” or “ends in 24 hours.” 

Attackers might also grab users’ attention by promoting unique deals, such as selling high-value items for cheap. 

To stay safe, it is recommended by IT to never take any action induced by the emails. Clicking on links, downloading attachments or replying to the email can compromise users’ accounts. 

To prevent attacks, Pepper said that IT departments can emphasize not clicking on email links and instead contacting the sender directly. Pepper said that educating users is an important prevention method: “at some point the scammer is going to be smarter, but then you just have to re-educate users. That’s really all you can do.”

Pepper said the only prevention method is alerting people in a very obvious way. 

“Do not click links in emails, even if they look legit,” Pepper said. Additionally, he said users should look for phone numbers in an official website instead of calling a number provided in a potential phishing email. 

“Attackers are utilizing advanced techniques, including AI-generated content, to create highly convincing phishing messages,” The Malbon Center for Technology said. 

Pepper said he would not be surprised if AI were to be implemented. “It would make them [phishing emails] harder to distinguish. Which is why, again, don’t click the link. Just do it the long way, that’s the safest way.”

Pepper said that phishing can be avoided if users don’t interact with the attempts. However, “people are always going to want to scam other people for their money or their information. That’s just an unfortunate reality,” Pepper said.

With a concern to educate VWU users, The Malbon Center of Technology said they are “committed to providing you with the information and resources you need to protect yourself.”

For further assistance or to report a suspected phishing attack, contact The Malbon Center for Technology IT Helpdesk by email (IT@vwu.edu) or by phone at 757-524-5900.

By Duda Bernardo

mdefreitasbernardo@vwu.edu