*!!!!AN URGENT MESSAGE IS WAITING FOR YOU!!!*
You’ve most likely been hit with this imperative click now. That email that sends you spiraling into a state of panic as you contemplate your new life running from the CRS, or as the sole inheritor of a dying millionaire’s fortune.
It’s entertaining, appalling, and ridiculous. But for new students unfamiliar with Western and unaccustomed to the sheer volume of spam emails the UWO email accounts receive, it can be downright dangerous.
Every Western student is provided with their own UWO email address. This account is linked with StudentCentral, the hub for student finances and grades, as well as OWL, which holds vital course information. Phishing and spam emails that target these email addresses vie for access to these sensitive accounts. If clicked on, the user’s financial, tax, and personal information are left vulnerable to the spammers.
As a fourth-year Western student, I’m used to these emails. The kind that disguise themselves as real people linking me to a supposed problem with my account or my email. They almost always masquerade under the “@uwo.ca” tag to garner credibility.
They get marked as spam, and I’ve learned only to worry if Western comes banging on my door holding a lighter to my degree.
What I was shocked by when first coming to this school, and what still astonishes me, is the regularity of these emails. For an account, people like fourth-year English student Jean Whiston say they, “only use for emailing professors and Western administrators,” this influx of spam emails is bizarre.
If you’re not signing up for suspiciously cheap overnight Alaskan cruises – the traditional lane of exposure for spammers to get a hold of your email address – you wouldn’t expect so many.
“I usually get around 3 to 4 spam emails a week,” Jean says. “It’s worse in September, but they usually peter off after a month or two.”
The beginning of the school year is an extremely confusing time for all students, but especially new students. New mustangs who are coming from high-schools where they may not have had much experience with email, or spam in general, potentially don’t realize the level of vigilance they need to adopt when looking at an email that looks like it comes from Western.
It can be shocking to click a link that you think is being sent by Western’s Technology Services’ (WTS) helpdesk, only to be locked out of your account.
It’s an experience that business student Anna Aiden recalls happened to her just a month into her first year.
“I clicked on an email that looked like it was from Western,” Anna remembers. “WTS blocked me out of Student Center, and they told me it was because I clicked on a phishing email. Someone was trying to log into my account.”
“I had to change my password,” Anna says. “But I don’t use the UWO email anymore. Every time I log in it’s mostly spam.”
There’s a learning curve to the student email experience, as one learns to navigate the safe and unsafe messages in their inbox. For students like Anna, that means sometimes not taking the risk at all.
However, there is also a learning curve to Western’s SpamTrap.
SpamTrap is the third-party service run through Roaring Penguin Software that Western uses to filter through spam messages. While there is no information on the WTS’ page about the service, students automatically have an account that they can use to login and set rules to help the SpamTrap better recognize and quarantine spam.
Roaring Penguin advertises the CanIT-PRO Antispam system, the very software that Western SpamTrap runs, as one with lots of user customization.
“Users can manage how mail is detected as spam, if it is to be automatically rejected, held in a trap, or tagged ,and passed through. They also can manage their own rules for whitelisting, blacklisting, content filtering, DNSBLs, Bayesian settings and so on,” Penguin says.
Setting rules for spam and flagging spam and phishing is an essential part of helping SpamTrap learn to identify and quarantine dangerous messages. It’s a preventative step that reduces user risk of clicking a dangerous link. However, this message is largely ignored on the WTS site, and in student outreach.
In first year I received a handful of brightly colored pamphlets on how to drink responsibly, but no information on how to keep my identity safe online.
To manage the harm, WTS posts examples of common phishing emails, lists preventative methods, and links resources to help students whose accounts have been corrupted. Nowhere listed is a link or a mention of SpamTrap and how to use it, despite the program being the primary spam filter for the university.
“They should take the time to explain the spam and how to recognize it, especially in first year. You go from having none of that in high school, to being bombarded with emails in university,” Jean sighs. “There needs to be an education behind it.”
It’s largely up to the user to recognize the tell-tale signs of spam and phishing. However, it’s an unforeseen problem most people don’t expect when coming to university. Especially not on a trusted platform coming from a source that looks legitimate.
Preventative action should come in the form of direct and early education on SpamTrap, and an awareness about the frequency of spam emails sent to UWO accounts.
But for the tech-savvy student living in the now, maybe don’t click on that UWO link to a $10,000 OSAP grant. Instead, take a calculated risk and apply for that free iPad through gmail.