Last week, several students fell victim to a scam involving spamming and phishing attempts that appeared to come from the “Lawrence IT network.” According to ITS Director Steve Armstrong, phishing is the more serious problem, because it makes individuals think that the spam comes from a trustworthy source – in this case Lawrence University. Spamming is an easy way for hackers to generate money – however, in order to do so, hackers must avoid the anti-spam programs on computers by first “phishing.” According to Microsoft.com, “Often phishing scams rely on placing links in e-mail messages, on Web sites, or in instant messages that seem to come from a service that you trust, like your bank, credit card company, or social networking site.” After phishing, the hacker gains access to a legitimate account to start sending thousands of messages. “The best way to spam is to use a legitimate e-mail account in an established organization – like Lawrence,” said Armstrong. “Essentially, someone, usually pretending to be from the IT department, asks for the recipient to send them their username and password. Once they have this information, the ‘bad guys’ use it to take over the compromised e-mail account, and then they send thousands of spam messages.” According to Armstrong, the phishing attempts were targeted at the entire Lawrence community. However, only users who respond to the e-mails end up with compromised email accounts. In addition to compromising e-mail accounts, the spam slows the Lawrence network, wastes ITS staff resources and slows down the delivery of e-mail messages. Although phishing has been a problem in the Lawrence network in the past several years, the recent amount of it is higher than normal. However, Armstrong noted that none of the phishing or spamming attempts have come from inside campus. An email from ITS warned students to be wary of opening messages and sending personal information in an e-mail. If students have any doubts about the authenticity of an email, they should forward it to ITS or delete it. If a student has opened and replied to one of these messages, he or she should change his or her password and notify ITS immediately. “The most important thing is to not give your username and password to anyone – especially not in an e-mail message,” Armstrong said.