IT dept. filters don’t always stop scams
In the past month, USU students and faculty may have seen messages in their email inboxes warning them they’re out of storage space. The IT department is warning that these and other suspicious messages are hoaxes that should be avoided.
Hackers use many methods to intercept email addresses, according to IT Systems Administrator Allen Hill. One method is called “spear phishing,” where hackers create fake pages that look similar to university pages. Once students have entered his or her information, the screen will glitch and redirect them to the real university page. The hacker can then access a student’s email information and every email contact within their account. Much of the data solen through hacking includes credit card numbers and social security numbers, Hill said.
“This hacking process is all based on gullibility,” he said. “It is organized crime, and there is always a financial incentive.”
According to the privacymatters.com, one hacking organization called the Shadowcrew network had an estimated 4,000 active members when in was founded in 2002. In less than two years, they made $5 million dollars trading 1.5 million stolen credit card numbers before being shut down in 2004.
According to the website, hacking accounted for the largest number of compromised personal records 2012. Large brands such as Polo Ralph Lauren and DSW Shoes have lost data through computer hacking.
Hill said once a hacker has access to a student’s email account, they can sell information to scammers, who then sell to advertisers. Once they have a password they will try it on every account linked to the student, including a bank account, Hill said.
“This is why it is so important to have different passwords for different accounts,” said
Blake Rich, an IT systems administrator. “Students are constantly under attack. Hackers are looking for quantity.”
The black market for email addresses is very strong. Hackers are making thousands of dollars off of students every day, according to Rich.
“All emails go through a filter,” said Bob Bayn, a security analyst for the IT department. “When the system was first set up, the filter that Gmail provided for all aggiemail accounts was enough.”
This year, USU IT decided to add an additional filter to the system. This system uses a method called reputation filtering. Bayne said emails receive a reputation grade based on their content, and those with a poor reputation are blocked.
Last month, 35 million messages were sent to Aggiemail users. Bayn said only five million were delivered, however.
“We do a lot of filtering for the university and its email users,” Bayn said. “Our spam filtering system gets rid of the junk mail and lets the good mail through. With all the bad mail we receive, we do the best we can to block out the junk without blocking the good mail.”
Hill said based on the mail sender’s reputation, a message can be dropped before it is even analyzed by the university. Hill said during a single day in October, 82 percent of emails received were not delivered because they had viruses attached to them.
Despite the attempts to protect USU students, Hill said many students have and will be attacked by hackers. If a hacker can intercept one email address of a student attending a university, the likeliness of being able to track others is very great, he said.
“Universities are good targets because they have fat internet pipes,” said Hill, “If they can hack us, then money is all it is to them.”
“Years ago, the going rate for one account was $0.25,” said Rich. “My job and my team’s job is to monitor the system for unusual activity and put a stop to it. As faculty members, our data is there as well so we try not to let this type of fraud go on.”
Students need to be internet skeptics, Rich said. He said if something looks suspicious, do not click on it.
“Scammers are trying to hack into accounts daily,” Rich said. “It is our job to identify these scammers and stop them before they can access student information.”
– leannfox@aggiemail.usu.edu