Some have received a fake email from those pretending to be the Wharton School.
A wave of phishing emails hit Wharton students over a week ago and reached several students before Wharton Computing was able to put up a blockade. The email contained a large Wharton graphic and a message to click on a link to expand the size of the user’s email account.
Over the past several years, Wharton and Penn have seen waves of spam emails like the one sent out on Feb. 8, but according to Wharton Technical Director Barry Wilson, there’s nothing administrators can do about this.
“It’s very hard to anticipate where these things come from, so it’s very hard to block them,” Wilson said.
According to Wilson, spammers get students’ PennKey usernames from public websites, such as ones for University clubs, and send out mass emails. They wait for a response, and if even one person submits their username and password, spammers are able to get a hold of that person’s entire address book. A whole new wave of emails is sent out again, and the process repeats.
The ultimate goal, Wilson said, is to get money from people by eventually sending out emails saying that the recipient has won a lottery and needs to pay a fee or submit bank account information.
Penn students, however, were not fooled. Wharton freshman Aaron Lidawer sent the email directly to his spam folder.
“The email they sent to us was not from a Wharton email account, and it looked sketchy,” Lidawer said.
Wilson said there are clues that students should look for.
“A lot of the reason that this [email] got a lot of attention is because of the huge Wharton graphic [in it],” Wilson said. “But you have to recognize things that aren’t legitimate.”
This includes noticing that the logo was sized incorrectly, the email was filled with grammatical errors and the font size was inconsistent.
In 2008, the largest spam problem hit the University as a whole when a total of 12 waves occurred in a span of four to six weeks. “It was because people were responding to [the emails],” Wilson said.
He added that schools tend to see these emails during the beginning or end of the year when students are especially stressed or preoccupied.
Wilson recommends students take precaution, use multiple passwords and never give their username and password to a non-Penn site.
“This is almost the cost of doing business now,” Wilson said. “We stop what we can, but we’re never going to stop all of it.”
The Daily Pennsylvanian is an independent, student-run newspaper. Please consider making a donation to support the coverage that shapes the University. Your generosity ensures a future of strong journalism at Penn.
DonatePlease note All comments are eligible for publication in The Daily Pennsylvanian.