Spam hijacks several e-mail accounts

What may have seemed to be an innocent notice from the University of Northern Iowa Information Technology Services has resulted in the hijacking of several UNI e-mail accounts.  After thousands of spam e-mails were sent from infected UNI accounts, the server for a major Internet company blacklisted the school, prohibiting the delivery of all UNI e-mails to their addresses for days.

The danger came in the form of an e-mail from someone who claimed to be from the university. The individual asked the receivers to respond with their username and password or their account would be deactivated in an effort to make space for new e-mail accounts.

“When people reply back, the hijackers get the username and password and they sell them and start emailing spam through them,” said Scott Behrends, systems programmer and postmaster for ITS – Network Services. “They might send out 250,000 e-mails on one account in a matter of a couple hours.”

Sophomore political science major Jessica Seier hasn’t received an e-mail asking for personal information or her password, but if she did, she wouldn't respond.

“I don’t want someone getting a hold of my identity,” said Seier. “I don’t have a whole lot of money, but I don’t want anyone tapping into my savings account.”

However, a large number of students and faculty with uni.edu e-mail accounts that received the message did respond. About 20 accounts were used to send spam in December and there may be other accounts that have been hijacked, but have not yet sent spam e-mails.

Thousands of these e-mails were sent to Hotmail e-mail addresses and Microsoft took notice. Under the impression that UNI was purposely sending spam, it blocked the UNI e-mail servers. Major Microsoft e-mail servers include Hotmail and MSN.

According to Behrends, it takes a couple of days to get the entire school back off of the blacklist. In the meantime, no mail from a uni.edu address will be delivered to Microsoft e-mail accounts.

Behrends mentioned this fraudulent system isn’t a new tactic, but in recent months, more and more accounts have been affected across the country.

“In the past, it’s been very (rare); it happened less than once a year,” he said. “But they’ve really been ramping up these past few months, the nation as a whole. It kind of goes in waves. We’ve been blocked twice in the past four months.”

The ITS department is currently working on various solutions to block these e-mails. They also hope to find the other user accounts whose information the hijackers possess and can abuse. Those who may have responded to any e-mail of this nature are advised to change their password immediately.

Behrends felt the best prevention is user awareness.

“If you are questioning it at all, it's probably not legit,” he said. “Call the Consulting Center or e-mail postmaster@uni.edu for verification. Especially on campus there’s no support team that will request a password. Even if we think we are going to shut off your account, we’re not going to ask for your password: we’ll just shut off your account.”

For more information, contact the ITS department at 273-5555.
 

1 comments

BOB

Thu Jan 14 2010 13:48

UNI is not alone in experiencing these phishing messages. Last week, some CFU email customers received messages supposedly from CFU Customer Support. They have addressed the problem there. Don't know if they had been temporarily banned from Microsoft, though.

Add comment


I am not posting spam. I understand posting spam or other comments that are unrelated to this article will cause my comment to be flagged for deletion and possibly cause my IP address to be permanently banned from this server.

Enter the characters in the image above:

log out