NIU e-mail still being subjected to phishing

By GILES BRUCE

Neil Rickert can spot ‘em from a mile away.

When an e-mail says “There’s been a problem” and asks him for his log-in ID and password, the computer science professor knows it’s a scam. Unfortunately, not everyone does. The fact is, while you’re surfing the Web, scam artists are there too – “phishing” for your personal information, seeing if you’ll take the bait.

These “phishing,” or scam e-mails have become a major problem on NIU e-mail accounts in recent years, so much so that NIU has placed an “E-Mail Information Security Notice” on the its Web site to warn users of the scams. To paraphrase it and any similar warning ever issued: in an e-mail, NIU will never ask for any personal information.

“No matter how much we say or how we say it, some people are still falling prey,” said Jim Fatz, director of information, security and operations. “The bottom line is, nobody should respond to an e-mail with account and password information.”

Despite the warnings and having greater knowledge about these scams than in years past, around 30 to 40 people with NIU e-mail accounts have fallen victim to the cons, Fatz said. Once their accounts are compromised, it sets off a time consuming clean-up process to rescue their online identity from the conmen’s grasp, he said.

Graduate history major Amando Boncales is among those informed about “phishing” e-mails. He makes good use of his “delete” button.

“I do [see the e-mails], but I just erase them,” Boncales said. “If it’s not related to my job, I don’t read them.”

Unfortunately, this problem is not going away anytime soon. The “phishing” scammers are masters of covering their tracks, and the fact that many of them reside overseas makes it that much harder to apprehend them, Rickert said. Additionally, it is often difficult to determine which domains to restrict.

“The problem is using a sledgehammer to pound a tack,” Fatz said. “The more ‘blocks’ we have, the more it limits good servers too.”

Another issue is what these cyber criminals do with the stolen passwords once they have them. Fatz said they do anything and everything they can to exploit the individual, for example – they look for bank and credit card statements to obtain account numbers. The scammers can also use the lifted e-mail accounts to send massive amounts of spam, Rickert said.

In this, the age of information, people must be more mindful than ever before about their online activities. For those still not understanding, according to Rickert, it is really quite simple.

“Don’t trust anybody,” he said.