Ever since I got an email account at the University of Minnesota, I have received occasional offers from people claiming to be foreign princes or artists needing U.S. representatives or business contacts or the like. They request all kinds of information, such as name, address, nationality (strange, since they seem to know already I live in the USA), country (again, they already seem to know), marital status, occupation, and phone number. Since I have never, ever given out the address, I tend to wonder about these offers coming from anonymous Hotmail accounts registered under the United States’ .com domain. I assume these messages to be spam, and mark them as such in my Gmail account. I also report them as phishing attacks, because they usually ask for personal information as described above.
The question, though, is whether students using the U of M webmail system or their own POP client will know enough to realize that these messages are probably fake. Phishing test results, stated in statistics I have read, do not score the general public as being too bright; often, people will mistake fake websites for legitimate ones and divulge their secrets, thus giving the phishermen exactly what they want. I by no means believe that Google shares their list of phishing scams with random universities, and I don’t even think the U of M has an anti-phishing filter on their mail. They appear to have a security hole or a user directory of some sort, though, because I am getting these messages every few weeks, even though I have never told anyone but Gmail the address of my University account (I don’t use it). Hence, the situation is scary from multiple points. Should I worry more about how these spammers got my address, or the countless other students who have also had their addresses leaked and may be falling victim to these scams?