Office warns students of phishing for identities
Eden accounts face spamming attempts with illegal intent of obtaining personal information
Christopher Echeverria / Correspondent
Issue date: 3/10/08 Section: Page One
Eden accounts have come under attack in recent weeks, as phishers have attempted to obtain personal information from unsuspecting students.
Although the spam software at the Office of Information Technology intercepted a majority of the e-mails, some of the e-mails were able to get through.
The most disturbing part was the misleading nature of these seemingly authentic e-mails, said Frank Reda, director of Information Technology for New Brunswick Computing Services.
"The ones that started to come out in January looked very authentic," Reda said. "The only way I knew is because we would never ask for personal information through e-mail."
With help from the Campus Information Services, some students were able to recognize the e-mails and called in to the Office of Information Technology to report the e-mails circulating.
"Part of the spam is made up of those phishing messages," Reda said. "People use social engine tactics to get Social Security numbers and bank information by using things that look legitimate."
In the recent wave of attacks, which has been going on since January, phishers used a tactic known as "Spear Phishing," in which the user poses as someone from an organization or company. In this case, the phishers sent e-mails that were addressed from the Help Desk and took advantage of flaws in the e-mail protocol, said Mike Gergel, another director of Information Technology.
The e-mails claimed there was an issue with the Eden system and requested students' passwords. Although there have been no reported cases of identity theft, the phishing attempts still pose a threat to the security of Eden users.
"E-mail can be used for malicious purposes," Reda said. "Right now, we're trying to educate students about these attempts - let them know the proper and safe use of technology."
The directors of Information Technology both agreed that the best form of protection is spotting these warning signs. Since phishers usually go for financial information, Reda pointed to several ways to protect users' identities.
Although the spam software at the Office of Information Technology intercepted a majority of the e-mails, some of the e-mails were able to get through.
The most disturbing part was the misleading nature of these seemingly authentic e-mails, said Frank Reda, director of Information Technology for New Brunswick Computing Services.
"The ones that started to come out in January looked very authentic," Reda said. "The only way I knew is because we would never ask for personal information through e-mail."
With help from the Campus Information Services, some students were able to recognize the e-mails and called in to the Office of Information Technology to report the e-mails circulating.
"Part of the spam is made up of those phishing messages," Reda said. "People use social engine tactics to get Social Security numbers and bank information by using things that look legitimate."
In the recent wave of attacks, which has been going on since January, phishers used a tactic known as "Spear Phishing," in which the user poses as someone from an organization or company. In this case, the phishers sent e-mails that were addressed from the Help Desk and took advantage of flaws in the e-mail protocol, said Mike Gergel, another director of Information Technology.
The e-mails claimed there was an issue with the Eden system and requested students' passwords. Although there have been no reported cases of identity theft, the phishing attempts still pose a threat to the security of Eden users.
"E-mail can be used for malicious purposes," Reda said. "Right now, we're trying to educate students about these attempts - let them know the proper and safe use of technology."
The directors of Information Technology both agreed that the best form of protection is spotting these warning signs. Since phishers usually go for financial information, Reda pointed to several ways to protect users' identities.