Thieves ‘phishing’ for personal information
April 18, 2011 —
The Internet is a great place for students to gather information and a valuable resource for identity thieves to steal everything you’ve worked for.
The SVSU ITS department is on high alert watching for phishing attacks via email. A phishing attack is a type of a attack by thieves and hackers to gather information from you, such as usernames, passwords and banking information.
The attacks involve hacking and social engineering, meaning that attackers will use technical exploits and computer vulnerabilities with psychological manipulation to gather that information.
For Internet security professionals, the question isn’t if you will get attacked, but when you will get attacked.
According to Ken Schindler, director of ITS, this type of attack has happened before and will happen again. Although these attacks are common and unavoidable, there are ways to prevent yourself from falling victim to one of them.
Phishing attacks only propagate when a user commits an action based on the attack, such as clicking a link in an email, opening an infected attachment or willingly giving up information. By knowing what to look for, users can keep from falling for these attacks.
ITS has informed students about what to look for in these attacks. In an email from Schindler, students are advised to look for emails that falsely suggest that your SVSU account will shut down if you don’t “immediately authenticate via a link that takes you to a non- SVSU web site with a highjacked VMail log in splash page.”
Once students log in to this fake page, their information is recorded by hackers and used to log in to the SVSU email server and send out malicious emails. Schindler noted that these attacks generally result in “massive amounts of spam being sent out from students email accounts.”
Another type of phishing attack is one that claims to be from the U.S. government. It aims to convince international students that they are being offered special immigration status “for a fee of less than $1,000.” If students fall for this attack and offer their financial information, their bank accounts become compromised and their entire balance can be stolen.
According to Schindler, staff have been tricked by these phishing attempts. These attacks have affected the productivity of the staff in keeping in contact with other staff and students.
Students are urged to make sure that the URLs they navigate contain “svsu.edu” in the address bar. This ensures that the page they are visiting is actually part of the SVSU website.
ITS is also looking into additional software services to monitor web traffic and create a safer network for students.
For students who think they may have signed into one of the false vmail pages, Schindler says that there is an easy fix.
“Once your password gets changed, your account becomes useless to attackers,” he said.
To change their network password, students need to visit the “Quicklinks” tab on the SVSU homepage and click the “Change Your Network Password” link. Students can also contact Network Services to have their account reset or disabled.
If students have received any of these emails in the past few weeks or receive any in the future, they are urged to contact ITS immediately.
Adding the emails to the Junk folder doesn’t affect how it’s seen on the network because it’s only a personal filter setting. Students should be sure that their anti-virus software is active and up-to-date.
To contact ITS about any received spam email, the department the report can be made by emailing firstname.lastname@example.org or by calling (989) 964-4225 ext.7225.