ASU Information Technology Service warns email users of ‘phishy’ emails

Joshua Farmer

Appalachian State University Technology Support sent an email out Tuesday warning users of a phishing attempt on university email accounts.

Oscar Knight, a networking specialist for the university’s Information Technology Service, said he is aware of 10 separate phishing messages sent out since Feb. 7 and said there are probably more.

A phishing message typically contains some sort of threat that “compels you to act immediately” and a link to click, Knight said.

“ASU has been phished relentlessly the past few days,” he said.

Knight said that email information can be forged and anyone in the world can send anyone an email.

“The sample we have of the phishing message was from an account for a person at a university in the UK,” Knight said. “This account was most likely phished and then used to send more phishing messages.”

The link sent the user to a German site, Knight said.

Not always, but often phishing emails arrive after 4 p.m., in the early morning or over weekends and holidays, Knight said.  These are times during which the response time of ITS is longer, so accounts could possibly be used for a longer period of time to phish or send spam.

Instead of clicking on the link in the email, Knight said everyone should go to the services website to find out if there really is a problem.

“No legitimate service will ever send you an email message saying ‘We need your password,'” Knight said.
Often, someone will phish for accounts and then phish other accounts through the ones they’ve successfully infiltrated, Knight said. They will also spam through those accounts to earn money.

Knight said that institutions are targeted because phishers can “leverage the trust” people have for the institution, and that any account of value, like Facebook, banks and PayPal, can be targeted.

If spammers are successful enough in sending unwanted email from compromised Appalachian accounts, then the university’s ability to deliver email to some sites may be impacted for a period of time, Knight said.

Knight said it is important to increase personal data security. This starts with good password practices like choosing different passwords for each service, only using a password to access that service and giving it to no one and if possible using long passwords – the longer the better.

A list of phishing emails can be found at

Story: JOSHUA FARMER, News Editor