Phishing attempts rising
Published: Monday, February 14, 2011
Updated: Monday, February 14, 2011 13:02
The University of Northern Iowa is seeing an increasing number of fraudulent inbound e-mail messages asking students and staff to provide personal information. "Phishing" is any attempt to steal private information by falsely claiming to be someone else through e-mail.
"There are bad guys all over the globe who want to steal passwords, credit card numbers, social security numbers, bank account numbers, etc. UNI and other universities are a common target for fraudulent e-mails that claim to be a system administrator in need of your e-mail username or password," explained Nick Frerichs, the UNI's Information Technoloy Network Services systems programmer/postmaster.
"The phisher uses these stolen e-mail accounts to send out large amounts of spam without being caught. The spam ranges anywhere from ‘You've won $10,000,000' to posing as another system administrator and targeting yet another university. The phisher changes the Reply-To address of the stolen account so that any replies to the spam go to a temporary address used to collect gullible responses," Frerichs continued.
Although ITS is not exactly sure who is sending out these fraudulent e-mails, Frerichs says it's more than likely that the phishers have scripts and programs they use to automatically generate thousands of e-mails from a single e-mail account.
"It is very likely they are using proxy services to mask their real physical location and it is virtually impossible to catch them or find out who it is," said Frerichs. "UNI e-mail accounts are valuable to phishers because they are able to send their spam from a legitimate university account. To other (internet service providers) and e-mail providers, the fraudulent e-mail is coming from uni.edu and there is no way to trace it back to the spammer."
UNI's spam filter is able to catch most phishing e-mails and therefore the e-mails usually never reach a user's inbox. Unfortunately, that's not always the case.
"The e-mails that do get through are usually being sent from a legitimate e-mail address somewhere else that has been compromised," explained Frerichs. "For example, a professor or student's account at another university that has had the e-mail credentials phished may be used to target UNI addresses. It is much harder for our e-mail filters to determine if this e-mail should be blocked because it is coming from an address that does not normally send spam. The account will send a few hundred e-mails before it is shut down, but that is enough for the phisher to get a few replies, and the cycle continues."
Frerichs advises users to be informed and careful when coming across these phishing e-mails.
"You should always be skeptical when asked to provide personal information via e-mail. UNI will never ask for your password and you should never provide it in an e-mail or click on any links in e-mails asking for it. This almost always applies to other companies and organizations outside of UNI as well," said Frerichs.
If you believe your UNI account has been compromised, change your password immediately to prevent any third-party access and contact the system administrator for the account, firstname.lastname@example.org, in the case of UNI e-mail accounts. If you receive an unusual e-mail from companies such as Facebook, Ebay, Amazon, etc., never click any links in the e-mail but instead simply open up a new web browser and browse around the website yourself. Spammers trick users by making the link appear like the official site, only to lead you somewhere that could potentially be harmful for your computer when you click on it.
If you receive a phishing e-mail, please forward it as an attachment to email@example.com.