The Daily Tar Heel
Printing news. Raising hell. Since 1893.
Tuesday, March 19, 2024 Newsletters Latest print issue

We keep you informed.

Help us keep going. Donate Today.
The Daily Tar Heel

ITS fights back against Heelmail hackers, phishers

Phishing is a form of email fraud in which an attacker is after information, such as passwords or social security numbers, and tries to leverage that information to obtain money. Despite the efforts by UNC’s Information Technology Services office to block these emails, some fraudulent messages still get through to Heelmail accounts.

Dennis Schmidt, assistant vice chancellor for infrastructure and operations, said ITS uses email gateways to screen all UNC emails. He said an average of 8 to 10 million emails come in per day and ITS blocks 93 to 94 percent of them. However, Schmidt said the emails are difficult to block because they are designed by trained professionals to look like generic emails.

Schmidt said phishers tend to go for easy targets and will often attempt to compromise student accounts. After doing so, they will then turn around and launch phishing attacks from that account, because working from the inside increases their chances of success.

Sophomore Jordan Segal said she thought nothing of it when an email told her she had to update her password. But, before long, she had completely lost control over her email account.

“I gave them my info and then they started spamming everyone — my professors, my friends — and I also couldn’t get the emails I needed for school or even send any emails myself,” she said.

Schmidt said because it is difficult for ITS to find and block all possible phishing emails, students have to pay attention to their email accounts.

“We also ask anyone that receives a message that they think is a phishing message that they forward it to phish@unc.edu, which allows us to do some things on the back end to try to block the links that are in that message,” he said.

Kevin Lanning, chief information security officer, said phishing emails often include certain things that make them easier to detect. He said it will often have a generic greeting and ask you to do something quickly to maintain your account.

“Often the grammar doesn’t make sense,” Lanning said. “It might be a little off as far as the way the language reads. Their objective is to get someone to click and give them information.”

Kate Hash, manager for ITS communications and digital services, said phishing is not just happening at UNC.

“Phishing is not just something that’s happening on our campus or higher education campuses,” Hash said. “It’s really pervasive throughout all kinds of accounts. So we’re hoping that some of the education that we provide on campus can filter out and help folks because the problem is so pervasive.”

university@dailytarheel.com

To get the day's news and headlines in your inbox each morning, sign up for our email newsletters.