The third phishing scam since September bugged Montclair State email accounts last week, now hiding behind the facade of Verizon Wireless.
The email prompted students to enter their personal Verizon Wireless account information into a forged website via an embedded link. This personal information was then used by scammers to log into a user’s actual Verizon account.
According to Jeff Giacobbe, Associate Vice President of Technology Services (IT), the site was “quite realistic.”
The best method victims of malicious emails can use to detect if a link or website is fraudulent is hovering over the link in the email. By doing so, the URL is shown beside the cursor, and one can tell if it’s fraudulent by examining it closely.
“When the pointer is over the link, the email client or web browser should show the actual URL, not the ‘Sign into MyVerizon’ text,” warned Giacobbe. “In this case, the actual URL of that link contained the server name ‘serve2proc.nl,’ meaning it was a domain name in the Netherlands. If it were a legitimate link, the URL would have pointed to a verizonwireless.com domain name.”
Following up on how susceptible individuals may be to scams like these is senior public relations major Allison Rotola: “I can see how people fall for scams like this, because they look so real. We receive so many emails from these companies daily that people can get away with stealing others’ information like this so easily. It’s terrifying.”
Scams like these target “.edu” email accounts because of the large circulation of emails used by schools throughout the country. Most of the phishing scams that slip through the existing malware filters are distributed to faculty, students and staff alike.
“It is extremely ridiculous that the people behind these scams are specifically targeting college students,” said Jessica Hempel, senior English major, on the most recent scam. “Of all people, they choose the broke young adults who will soon have to pay off student loans. Despite these happenings, however, we should all be grateful that IT Services is so quick to warn the student body.”
Phishing scams have become extremely complex, so Giacobbe gave another piece of advice regarding dishonest websites. “Legitimate web sites will always use an encrypted ‘https’ address and clicking on the small ‘padlock’ next to an ‘https’ address will show which company or site the page has been registered to.”
Giacobbe alerts the whole campus community when scams are brought to the attention of the service desk. “I try not to send out an alert for each and every instance of a scam because I know too many messages like that can be as much of a nuisance as the scams themselves,” he said.
Anyone who suspects a scam should contact IT. This will help to alert them of anything that could be potentially harmful to Montclair State email users. Giacobbe recommended to read up on tips to help recognize and protect against scams, such as the link via the IT phishing scam website at montclair.edu/phishing.