ITS is warning students and faculty to be aware of hackers attempting identity theft through University emails.This summer, University email addresses were blacklisted for a week because a hacker infiltrated the system and sent out spam emails. A blacklist identifies email addresses that are likely spam or phishing sources. It was the worst phishing attack in University history, said Sheri Thompson, IT planning and communications officer.Because the University is a public school with public email accounts, it is much easier for hackers to send spam emails to students and members of the faculty, Thompson said. Hackers often make their spam emails look legitimate to trick people into giving their private information over the Internet.”When most people think of phishing emails, you think of the ‘Wealthy prince is giving away tons of money’ or the ‘You just won $1 million, click here!’ [emails], but there are more clever forms of phishing,” Thompson said.To avoid becoming a phishing victim, Thompson recommends ignoring emails students or faculty don’t expect from the University. If a URL looks suspicious or the email in question asks for any personal information immediately, it is a phishing attempt, she said.The Anti-Phishing Working Group, an international organization devoted to the education and reporting of phishing, also recommends users regularly monitor their credit card and debit payments, ensure their browser is up-to-date with security patches, always use secured websites when making an online purchase and consider installing a Web browser toolbar to protect from known fraudulent sites. APWG suggests Internet Explorer Version 7 and Mozilla Firefox Version 2.0 as search engines that offer the toolbars.
“All it takes is just one person to hack into all emails on the server,” Thompson said.University email addresses are no longer blacklisted, and all accounts are operational, Thompson said.APWG offers more tips and contacts for victims of phishing on their website, antiphishing.org.Thompson recommends victims of phishing contact their bank and credit card companies to report any identity theft and notify the police immediately.—-Contact Eric Allen at [email protected]