NIU still fighting July spam harvesting
September 6, 2011
NIU Information Security & Operations is still preventing the account harvesting spam that began on July 8.
“It’s an ongoing issue,” said Jim Fatz, Information Security & Operations director. “It can change on a minute-by-minute basis.” Currently, the spam attacks at NIU are not at a peak level, Fatz said. The most recent attack happened on Aug. 26 and lasted throughout the weekend, Fatz said.
The attacks are relatively not preventable because student email addresses are public, Fatz said.
“NIU is not like a private business,” Fatz said. “We want email addresses to be public.”
The spam is also hard to deter because the attacks are spread over a long period of time to avoid detection, Fatz said.
The attackers also change their location consistently, Fatz said. The common locations of spam attacks are China, Russia, Africa and India.
Organized crime could be behind the attacks as they use stolen email accounts to break into bank accounts or sell them, Fatz said.
There have been no known cases at NIU of students financially compromised because of spam, however, Fatz said.
Fatz said it is tough to decide whether to block certain web addresses or an entire country to prevent spam.
“It’s difficult to decide whether to be more liberal or conservative when blocking spam,” Fatz said.
NIU regularly prevents spam by subscribing to lists that blacklist spam, but these lists can be too broad and block foreign countries. Fatz said there are faculty members who are sometimes unable to use their email accounts to contact people in China, and the technology staff has to accommodate them.
Fatz said spam list subscriptions cost $30,000 annually. NIU also prevents spam by using a software engine on mail servers and computers that run spam blocking programs.
“NIU spends $40,000 to $45,000 annually to minimize and mitigate spam,” Fatz said.
Last year, 17 million spam emails were blocked, Fatz said.
Senior communications major Ashlei Taylor said she receives about five or six spam emails a day. Taylor is able to detect if her email is spamed if it asks for a tuition waiver. She is aware that the spam asks for usernames and passwords.
“A few professors actually told us about that, and they have us use our personal emails in the classroom,” Taylor said. “They don’t want us to accidentally give these people our passwords.”
Freshman art major Joscelyn Cuyun has not received much spam or has noticed others receiving much spam.
“So far, ever since me and my friends have been using [NIU email], we’ve been fine with it,” Cuyun said. “I feel very safe that nobody has my ID.”