Hey, someone is spreading nasty rumors about you.
Did you see this pic of you? LOL.
If you’re an Internet user (since you’re reading this you probably are), you may have received an email like these at some point.
The temptation to click on them is strong, but it’s the last thing you should do, says Al Arboleda, Cal Poly Pomona’s chief information security officer.
The link included in the email more than likely leads to a fake website that asks for a username and password – maybe for an email account or Facebook profile.
Other times the link will take a person to a website that installs malicious software onto their computer.
These emails are meant to gain personal information — Social Security numbers, birthdays, bank accounts -— through subterfuge, a practice known as phishing.
“They’ll collect that information and sell it on the [black] market,” Arboleda says, adding that each sale can net between $5 and $25.
Despite widespread warnings about phishing scams, more people are falling victim to them. Last year, the university recorded only a few dozen instances of successful scams.
This year, the number is already in the hundreds.
One reason is because the emails are getting more sophisticated.
“The last one had a very real looking Cal Poly logo,” Arboleda says.
Another is because it’s getting simpler to put a scam together, Arboleda says. There are even video tutorials on YouTube that explain how to do it.
“It’s so easy now, you don’t have to have much skill,” he says. “In a couple months you could have a few thousand people.”
Cal Poly Pomona has long been aware of the threat phishing poses, and has required employees with access to sensitive information to change their passwords every three months. But with it becoming more commonplace, the university is set to unveil new password rules that officials hope will make university accounts more secure.
Beginning in September, most members of the campus community will be required to change their passwords yearly. Those who have access to confidential information will be required to change their password every 90 days. That’s because when a username and password are stolen, they are often not used until months later. If the password is changed in the meantime, a compromised account will become inaccessible to the hacker.
Officials also suggest that passwords be longer. Passwords containing eight characters were once considered secure, but technological advances in hacking technology now allow such passwords to be cracked in less than five minutes.
Because it can be difficult to remember long passwords when they are changed often, Arboleda suggests that people use pass phrases.
For example, “I like ice cream,” or “Cal Poly Pomona Broncos Rule!” are more easily remembered than a random series of letters, numbers and symbols.
Arboleda also says to avoid using the same password for multiple accounts. To help keep track of a slew of passwords, he suggests having a password for very important accounts, another for somewhat important accounts, and a third for accounts of lesser importance.
He also says to avoid opening emails from people you don’t know, and to always carefully scrutinize any links sent your way.
For more information about the upcoming changes, visit the eHelp page at https://ehelp.wiki.cpp.edu/Main_Page.