There was something “phishy” about the email College freshman Michael Shostek received last week.
Last Monday night, Shostek was sent an email from a supposedly Penn-affiliated source. However, he soon realized that the message wasn’t what it appeared to be.
“I checked my spam folder to delete any unwanted mail I had and noticed that I had received a strange email talking about my [College of Arts and Sciences] user account,” Shostek said. “I could tell that it was a phony email because of all the grammatical and capitalization errors.”
Over the past week, thousands of malicious emails similar to the one Shostek received have been sent to Penn students, according to Wharton Technical Director Barry Wilson.
The phishing emails — which attempt to acquire personal information from users — have primarily targeted students in the College and the Wharton School, Wilson added.
Although this type of spamming has occurred in the past, Wilson said the current wave of emails is probably one of the worst he has witnessed during his time at the University.
The majority of these spam emails are easily detectable by their fake appearances or multiple typos, but Wilson explained that spammers can trick users who are simply not paying attention or reading carefully enough.
“Most of them don’t even mention Wharton or the university,” he said. “If you get someone when they’re busy, they’ll try to make it go away. If it’s a dialogue box, you’ll click on it without thinking about it.”
Wilson added that it is common to see phishers target student accounts at certain times of the year.
“It tends to happen around the beginning or the end of the semester, when people are focused on exams or registration,” he said. “This has been a periodic problem since 2008, when we saw it scale up a lot.”
For Wharton freshman Daniel Penaloza, the prestige that comes along with a Penn email account makes students an obvious target for email hackers. However, he believes that students should be able to discern spam from legitimate sources.
“I think people should know better than to just put in their information on random websites,” he said.
Even though the University hasn’t identified specific people related to the phishing, these instances have historically proven to be minor and kept on a local level, Wilson said.
“It tends to be very low-level spammers. This is very low-level stuff,” Wilson said. “It’s human engineering and social engineering that’s tricking someone into doing something. It’s not any sort of larger criminal enterprise.”
Wilson offered several pieces of advice for students to avoid any potential negative consequences of phishing emails.
“Never send an email with any username or password in another email,” he said. “Generally, be aware of the email, and if it looks strange ask the student support office for help.”
Penaloza had similar advice for students.
“Exercise caution, try and limit what information you’re putting in and where you submit your information,” he said. “If you get a suspicious email, then it’s probably not good.”
The Daily Pennsylvanian is an independent, student-run newspaper. Please consider making a donation to support the coverage that shapes the University. Your generosity ensures a future of strong journalism at Penn.
DonatePlease note All comments are eligible for publication in The Daily Pennsylvanian.