Spammers attack university accounts over winter break
January 27, 2015
It’s called phishing: targeting email accounts to steal private data.
During the UW-Eau Claire winterim, scammers seized about 20 university accounts.
Chip Eckardt, Eau Claire Learning and Technology Services chief information officer, said Eau Claire saw a jump in phishing attacks before the end of fall semester and during winterim.
“If you ever give your account and password up in an email, immediately go in and change it,” Eckardt said. “We all make mistakes, if you use that account and password on other sites change all them as well.”
To prevent phishing, Eckardt said Never give up your username and password to an email and always check the address bar of the email to make sure it’s going where it should.
Phishing seeks private information, typically a name and password.
“Once they have that, what they do is go in and sign in with your email account and use your contact list to send spam or phishing attacks out to others,” Eckardt said.
The university catches attacks through complaints or spam filters that strain rotten emails. LTS immediately disables that account. Then, the Eau Claire Help Desk notifies affected people.
“We then have them go to a page where they reset their password, which then reactivates their account,” Eckardt said.
Eckardt said Eau Claire uses a Microsoft spam filter, which works better than their previous tool. Spammers are getting smarter all the time, he said.
“They do see when a message gets blocked,” Eckardt said.
He said hackers would then work on a message that will not get blocked.
Eckardt said more hackers use phishing attacks in recent years. He said phishing first emerged as a student prank.
“It was not any type of criminal activity,” Eckardt said.
He said the practice has become more organized and has emerged as a vehicle for crimes.
Aaron Schroeder, an LTS employee and Eau Claire senior, said people often can’t identify a phishing email over a legitimate email. Hovering your mouse over a hyperlink often reveals if the link is safe.
“If it is not a university-related website,” Schroeder said, “it is probably a phishing email.”