Phishing

Recently in the SCC Data Center, we’ve seen an increase in the number of so-called e-mail "phishing" attacks. Also on the rise is the number of SCC e-mail users who have been successfully victimized by them. In this article today, I'd like to share some information about them so that fewer people will fall victim to these attacks in the future.

Q. What is e-mail "phishing?" How was it used against users at SCC?
A. Phishing is an attempt to trick you into divulging sensitive information that the phisher can use for his/her own gain. This would include passwords, Social Security numbers, birthdates, and bank account or credit card numbers. In one case, someone claiming to be from the SCC Data Center sent an e-mail to one of our student users. In it, the attacker warned that the users' e-mail account would be deleted. To prevent this, all the user had to do was "verify" the account by providing the user ID and password. Fearfully, the user complied. Soon after, the attacker had plugged that user's login credentials in to one or more computers that then would send a large volume of spam e-mail through the account. The attacker was profiting from the use of the stolen user account.

Q. Does SCC ever delete e-mail accounts? If so, would I have to "verify" it to prevent this?
A. After a certain period of inactivity and not being registered for classes, SCC will send out a notice that the account is eligible for deletion. However, to prevent deletion, all you have to do is reply to the notice. We will never ask you for sensitive information such as passwords or Social Security numbers!

Q. What should I do if I receive one of these phishing e-mails.
A. Please forward it on to the SCC Help Desk at helpdesk@scciowa.edu identifying it as a phishing attack in the subject line.

Q. What should I do if I think I've been victimized by a phisher?
A. You should log in to any account for which you’ve divulged sensitive information and change its password immediately! Also contact the business the account services. If the account is your SCC e-mail account, please notify us at the Help Desk (319-208-5087 or (866) SCC-IOWA x5087) so that we can take additional steps to mitigate any damage.

Q. Where can I find more information about other phishing ploys?
A. http://en.wikipedia.org/wiki/Phishing

• About SCC Home
• Alumni Association
  & Foundation
• Board of Trustees
• Office of the President
• Organization
  • Organizational Chart
  • Cabinet Minutes
  • Special Meeting Cabinet Minutes
• Institutional Research
• Technology Services
  • Acceptable Use Policies
  • Help Desk
  • Other Services
  • Security Information
• Planning and Continuous Improvement
  • AQIP
  • AQIP Systems Portfolio
  • AQIP Steering Committee Minutes
  • KPI FY2009 Report
  • Professional Development
  • Strategic Plan
• Campus Maps
• News & PR
• FAQ
• How do I...