Computer hackers from places such as Russia and Africa are increasingly targeting busy and intelligent Whitman students, staff and faculty as part of a “phishing” scam through e-mail.

“It’s a play on the word ‘fishing.’ You’re actually throwing out some bait and trying to catch something with it,” said Kevin Kelly, Whitman College Technology Service’s Director of Network Technology.

So far, 60 students, 3 staff members and 1 faculty member have been victimized by these hackers. These e-mails pretend to be from WCTS, eliciting the ID and password of innocent Whitman students for malicious intentions.

“They’re looking to steal your identity, empty our your bank account and get your credit card number, and they’re all designed to get money out of you one way or another. They’ll try to lure you too. Charity fraud is huge; I wouldn’t at all be surprised that because of Hurricane Ike, for example, there are now fake charities soliciting money” reiterated Kelly.

Phishing e-mails may only ask for a Whitman login password, but others may even pose as your bank asking for your online banking information. A Whitman faculty member fell for the scam and allegedly lost up to $4,000 from his or her bank account by unknowingly giving online banking information away to a malicious third party. Although they pose as WCTS, these e-mails are designed to bypass Webmail’s Postini spam filter.

“There are still seniors and juniors who don’t have [Postini] turned on by default so they’re getting a lot of phishing e-mails,” said Kelly.

For those who don’t have it on by default, you can turn Postini on by going to the Student Toolbox part of the Whitman Students homepage. Click the link titled “Postini” and you can turn the spam filter on. What makes these e-mails dangerous is that WCTS can’t block all of them before students read them. Jenna Mukuno was one such unlucky student who unwittingly gave her Whitman account information away.

“I got an e-mail and it said, if you don’t respond to this e-mail in three days, your account will be deactivated because we’re basically trying to clean out whitman.edu, because too many e-mails are on that server. I didn’t even think about it. I responded right away. I gave them my username and my password. Then within 24 hours, I couldn’t use any of my Whitman account,” said Mukuno.

Once WCTS detects that an account has been co-opted by hackers to send spam, they immediately disable the account. Reactivating it takes approximately 30 minutes of staff time, and it takes several hours to get Whitman’s internet domain name off the blacklists of several internet service providers, such as Yahoo and Google.

The key to stopping phishing e-mails is to educate users, Kelly emphasized. “It’s a war, a never ending game, and unfortunately they’re usually a step ahead. There’s a lot more of them and they’re motivated by money,” said Kelly.