Merlino explains scam behind phishing emails and how to avoid them

Delvin Ergott, Staff writer

By this point in the year, you have probably received several emails reminding us not to open suspicious emails.

Yet, despite these warnings, someone will inevitably click that link and expose the campus to a new wave of emails intended to trick users into giving up their information.
This unfortunate practice is known as a phishing scam.

Thomas Merlino, Mercyhurst Technical Administrator, gave his input on what these emails are and how to avoid them.

According to Merlino, phishing scams originate from “many different entities that try to capture information from users.”

These entities are not necessarily just people, either.

Often times, due to the magnitude of the scam, the emails are actually sent by programs designed to spread the fraudulent emails as far as possible.

There are numerous motivations for these scams, ranging from financial gain to propagating certain messages.

Merlino provided one example of a phishing scam that encouraged recipients to buy stocks in a certain company, so that the creators could play the market better. By the time the scheme was discovered, those responsible had disappeared.

Phishing scams rely on the user to follow the instructions of the scammer, which could include clicking on a link to a fraudulent website or by simply sending login credentials to the scammer.
In order to get the user to hand over this information, Merlino says that the emails “try to create a sense of urgency.”

For example, an email may tell the recipient that their account will be shut down if they do not provide certain information in an allotted time.

This causes many people to feel panicked and provide important information without actually checking the legitimacy of the sender.

It can be difficult to discern what is real and what is not because, according to Merlino, scammers, “send spam messages that seem to be coming from legitimate email addresses.”

However, one should pay attention to things like misspelled words and awkward greetings, as they are major red flags for a scam.

While the Mercyhurst IT Department will continue to try to educate the campus about this issue, there are some important things that you can do to protect yourself.

First of all, do not use the same password for various accounts. If just one of your accounts gets exposed, all of your other accounts will be in danger because they have the same password. This also means that the scammers can use your other accounts to spread their messages further.

Second, do not provide information to an address you are not familiar with or that sounds abnormal.

“The Mercyhurst Help Desk never asks for user credentials through an email. That just doesn’t happen,” Merlino said.

If you are unsure of whether or not a sender is legitimate, try calling the Help Desk to make sure that they actually sent it to you.

If you are unfortunate enough to fall prey to a phishing scam, the first thing you should do is change your passwords to cut off the scammer’s access to your accounts. Informing the Mercyhurst IT Department as well as anyone who may have received spam from your address is also important.

In conclusion, be cautious of any emails you receive that seem out of the normal and contact the IT Department if you are not sure. If you don’t, you might accidentally expose the rest of campus to scams.