‘Phishing attacks’ target privacy

March 20, 2008

Another official university e-mail was sent out the morning of March 17, warning students not to respond to e-mails requesting confirmation of their passwords.

These latter e-mails, also called “phishing attacks,” are defined as an attempt to criminally and fraudulently acquire sensitive information, such as user names, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

Roy Waters, director of the Computing Center, agrees that the e-mails look very professional and convincing.

“I was actually a victim of a phishing attack myself,” Waters said. “I got an e-mail after I had bought some stuff from eBay; I realized it was a fake e-mail right after I had sent it back, so I called eBay and fixed the problem.”

Throughout the school year, Tech students have found e-mails in their in-boxes requesting that they confirm their e-mail passwords, or their accounts will be terminated.

The warning e-mail, sent from the Computing Center, states the e-mails requesting password confirmation are fakes, and that Tech will never ask for any personal information via e-mail.
Waters said students should never give out passwords via e-mail.

“No reputable organization is going to ask for personal information to be sent by e-mail,” Waters said.

The e-mail also explains that the scam e-mails are sent out in order to acquire passwords so that e-mails can be sent using your user name.

The wide range of damage that could be done with a stolen password spans from harmless, to annoying, to downright problematic.

Considering that Blackboard, the Bulldog Online Student System and Tech e-mail accounts are all connected and often use the same passwords, the loss of your individual password could result in a big problem with accessing your grades or other important class information.

Waters mentioned that students may be using the same passwords for Web sites such as Facebook or Myspace, so their accounts on Web sites like these may also be affected.

Another reason this scam could be so dangerous is that some Tech students use their university e-mail accounts to do personal business transactions.

Bank statements, digital credit card receipts from online purchasing and Social Security numbers, as well other personal information, is subject to being stolen if e-mail accounts are hacked into. This could result in serious financial trouble, which could takes weeks to rectify.

Waters said phishing attacks are popping up in different systems as well, and Tech is not the only target.

Schools all over the United States have bulletins posted on their Web sites warning students not to respond to these types of fraudulent e-mails.

Waters said if anyone accidentally responds to the e-mails, they should head over to the Computing Center immediately to get their passwords changed.