2008 Woodie Awards
E-mail hackers strike again
Diana Storch
Issue date: 2/29/08 Section: News
The UA has been the target of e-mail "phishing" scams three times this year and University Information Technology Services is warning students to take caution.
Precautions recommended by UITS include to remember the university and UITS will never ask for students' passwords via e-mail; never respond to suspected phishing e-mails under any circumstances; never reveal personal and confidential information such as credit card numbers, Social Security numbers or user names and passwords; remember legitimate businesses would never seek personal information via e-mail; and contact the department in question if unsure if a message is real.
The UA has been the target of phishing scams in mid-December, again in mid-February and most recently last week, said Scott Fendley, the head of computer security.
"Phishing", also known as "spoofing" or "spear phishing", can be defined as "an attempt via e-mail solicitation to collect personal information including, but not limited to, credit card numbers, Social Security numbers, addresses, bank account numbers…" said Matthew Leyden of the Center for Information Technology Help Desk at Oberlin College in Oberlin, Ohio.
"I would proffer that everyone at some point in their life has received such an e-mail unless they have been particularly careful to never share their e-mail address with anyone or they don't have an e-mail address," said Leyden, who added he had recently deleted a phishing e-mail from his inbox.
Targeted phishing attacks are "fairly common in the corporate world and against banking customers," wrote Robert Lemos of SecurityFocus.com.
However these sorts of attacks increasingly are being aimed at students at colleges and universities throughout the country, and at least one school in Europe, according to an article Lemos posted on the SecurityFocus Web site earlier this month.
"Almost every major university and college in the country has had at least one instance of this type of targeted phishing attack," Fendley agreed.
Precautions recommended by UITS include to remember the university and UITS will never ask for students' passwords via e-mail; never respond to suspected phishing e-mails under any circumstances; never reveal personal and confidential information such as credit card numbers, Social Security numbers or user names and passwords; remember legitimate businesses would never seek personal information via e-mail; and contact the department in question if unsure if a message is real.
The UA has been the target of phishing scams in mid-December, again in mid-February and most recently last week, said Scott Fendley, the head of computer security.
"Phishing", also known as "spoofing" or "spear phishing", can be defined as "an attempt via e-mail solicitation to collect personal information including, but not limited to, credit card numbers, Social Security numbers, addresses, bank account numbers…" said Matthew Leyden of the Center for Information Technology Help Desk at Oberlin College in Oberlin, Ohio.
"I would proffer that everyone at some point in their life has received such an e-mail unless they have been particularly careful to never share their e-mail address with anyone or they don't have an e-mail address," said Leyden, who added he had recently deleted a phishing e-mail from his inbox.
Targeted phishing attacks are "fairly common in the corporate world and against banking customers," wrote Robert Lemos of SecurityFocus.com.
However these sorts of attacks increasingly are being aimed at students at colleges and universities throughout the country, and at least one school in Europe, according to an article Lemos posted on the SecurityFocus Web site earlier this month.
"Almost every major university and college in the country has had at least one instance of this type of targeted phishing attack," Fendley agreed.
Be the first to comment on this story