by Jack Stubbs
Kenyon constantly swaps “f” for “ph” in honor of its founder, Philander Chase, as in “Pheb Phunds” or “phun.” However, one word with a “ph” has had a negative impact on Kenyon students: “phishing.”
Phishing is an attempt to defraud someone of online account information by posing as a legitimate entity. “You can never be sure what private or personal information the phishers are trying to access,” Helpline Manager Brandon Warga said. In the last few weeks, Kenyon has seen an increase in phishing scams by unknown third parties, which ask Kenyon students for personal information. Phishing scams compromise students’ personal, private information within those accounts. “It’s not just what’s in the email; it’s what the username and password represent,” Warga said. Phishing scams may also attempt to access email addresses, bank accounts and social security numbers.
Edgar Martin ’17, who works at Helpline, said, “Typically, the purpose behind acquiring these accounts is to use them to spread the phishing attack further, and to later use these accounts to deliver spam messages.”
Although it is difficult to eliminate phishing entirely, students can take steps to try to ensure they do not fall for scams. In the most recent incident, the phishers sent an email to students, directing them to a fake IRS login page that said “update your IRS e-file immediately.” Previously, the phishers directed students to a fake Moodle login page, where students were asked to enter their Kenyon username and password.
“They borrow specific elements from Google Apps, the IRS, or even Kenyon’s Moodle page,” according to Warga, to create a “false and urgent need to sign in with personal information.”
Warga noted an important way to identify a scam email: “It’s important to look at the actual email address, rather than just the display name on the email,” he said.
“It’s easy to tell if an email is coming from someone you know,” Avery Tishue ’17 said. “The school’s emails are so particular and formatted with some consistency.”
Warga states that students may click on a scam email because of a “culture of responsiveness where students feel like they have to respond quickly.” Because of this, it can be difficult to detect or identify phishing emails. He advises that students should find a balance between wanting to respond quickly and trying to identify potentially harmful emails.
The increased number of phishing attempts may be due in part to the “domino effect” created by technology. “Once the phishers have access to one student’s account, they are able to immediately circulate the scam message to others as well,” Warga said. He suggests that phishing scams from an inside source are more likely to bypass Kenyon’s spam filters. Access to only one student’s account makes it significantly easier to circulate scam messages around the community.
The ability of compromised information to be circulated quickly among students is contributing to the increased number of phishing scams on campus.
“The more people that know about these scams, the less likely they are to be successful in the future,” Warga said. “To inspire prevention, you have to imagine the worst.”